22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks
Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to...
WhatsApp, Threads, more banished from Apple App Store in China
Advertising presented to you on this service can be based on limited data, such as the website...
BlackTech Targets Tech, Research, and Gov Sectors New 'Deuterbear' Tool
Technology, research, and government sectors in the Asia-Pacific region have been targeted by a...
Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware!
More organizations hit by ransomware gangs are starting to realize that it doesn't pay to...
Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals
Your profile can be used to present content that appears more relevant based on your possible...
How Attackers Can Own a Business Without Touching the Endpoint
Attackers are increasingly making use of “networkless” attack techniques targeting cloud apps...
Akira Ransomware Gang Extorts $42 Million; Now Targets Linux Servers
Threat actors behind the Akira ransomware group have extorted approximately $42 million in...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Vendor | Last 12 months | # |
1322 | ||
Microsoft | 829 | |
Fedoraproject | 536 | |
Apple | 531 | |
Adobe | 515 |
Latest Vulnerabilities
-
CVE-2024-29986
5.4Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
networklow complexity -
CVE-2024-29003
7.5The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.
low complexityCWE-79 -
CVE-2024-28076
7.0The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the...
high complexityCWE-601 -
CVE-2023-39367
9.1An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...
-
CVE-2023-40146
6.8A privilege escalation vulnerability exists in the /bin/login functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted command line argument can lead to a limited-shell escape...
low complexityCWE-77
Latest Critical Vulnerabilities
-
CVE-2023-39367
9.1An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...
-
CVE-2024-20997
9.9Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical -
CVE-2024-21010
9.9Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical -
CVE-2024-21014
9.8Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical -
CVE-2024-21071
9.1Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable...
networklow complexitycritical -
CVE-2024-21082
9.8Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability...
networklow complexitycritical -
CVE-2024-3777
9.8The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.
-
CVE-2024-3400 - Command Injection vulnerability in Paloaltonetworks Pan-Os 10.2.0/11.0.0/11.1.0
10.0A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature...