U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse
U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

2024-04-23 06:43

The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on...

Misconfigured cloud server leaked clues of North Korean animation scam

Misconfigured cloud server leaked clues of North Korean animation scam

2024-04-23 05:26

Your profile can be used to present content that appears more relevant based on your possible...

The rising influence of AI on the 2024 US election

The rising influence of AI on the 2024 US election

2024-04-23 05:00

We stand at a crossroads for election misinformation: on one side our election apparatus has...

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware

2024-04-23 04:23

The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the...

10 colleges and universities shaping the future of cybersecurity education

10 colleges and universities shaping the future of cybersecurity education

2024-04-23 04:00

Institutions featured on this list often provide undergraduate and graduate degrees, courses, as...

People doubt their own ability to spot AI-generated deepfakes

People doubt their own ability to spot AI-generated deepfakes

2024-04-23 04:00

The actual number of people exposed to political and other deepfakes is expected to be much...

What is multi-factor authentication (MFA), and why is it important?

What is multi-factor authentication (MFA), and why is it important?

2024-04-23 03:30

Setting up MFA can seem daunting for consumers just beginning to clean up their security...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 4079
High 9783
Medium 11585
Low 394

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Google 1326
Microsoft 829
Fedoraproject 536
Apple 531
Adobe 515

Latest Vulnerabilities

  • CVE-2024-29991

    5.0

    Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

    network
    high complexity
    5.0

  • CVE-2024-29986

    5.4

    Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

    network
    low complexity
    5.4

  • CVE-2024-29003

    7.5

    The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

    low complexity
    CWE-79
    7.5

  • CVE-2024-28076

    7.0

    The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the...

    high complexity
    CWE-601
    7.0

  • CVE-2023-39367

    9.1

    An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...

    network
    low complexity
    CWE-78
    critical
    9.1

Latest Critical Vulnerabilities

  • CVE-2023-39367

    9.1

    An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...

    network
    low complexity
    CWE-78
    critical
    9.1

  • CVE-2024-20997

    9.9

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.9

  • CVE-2024-21010

    9.9

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.9

  • CVE-2024-21014

    9.8

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.8

  • CVE-2024-21071

    9.1

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable...

    network
    low complexity
    critical
    9.1

  • CVE-2024-21082

    9.8

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability...

    network
    low complexity
    critical
    9.8

  • CVE-2024-3777

    9.8

    The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.

    network
    low complexity
    CWE-284
    critical
    9.8

  • CVE-2024-3400 - Command Injection vulnerability in Paloaltonetworks Pan-Os 10.2.0/11.0.0/11.1.0

    10.0

    A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature...

    network
    low complexity
    paloaltonetworks CWE-77
    critical
    10