U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse
The U.S. Department of State on Monday said it's taking steps to impose visa restrictions on...
Misconfigured cloud server leaked clues of North Korean animation scam
Your profile can be used to present content that appears more relevant based on your possible...
The rising influence of AI on the 2024 US election
We stand at a crossroads for election misinformation: on one side our election apparatus has...
Russia's APT28 Exploited Windows Print Spooler Flaw to Deploy 'GooseEgg' Malware
The Russia-linked nation-state threat actor tracked as APT28 weaponized a security flaw in the...
10 colleges and universities shaping the future of cybersecurity education
Institutions featured on this list often provide undergraduate and graduate degrees, courses, as...
People doubt their own ability to spot AI-generated deepfakes
The actual number of people exposed to political and other deepfakes is expected to be much...
What is multi-factor authentication (MFA), and why is it important?
Setting up MFA can seem daunting for consumers just beginning to clean up their security...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Vendor | Last 12 months | # |
1326 | ||
Microsoft | 829 | |
Fedoraproject | 536 | |
Apple | 531 | |
Adobe | 515 |
Latest Vulnerabilities
-
CVE-2024-29991
5.0Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability
networkhigh complexity -
CVE-2024-29986
5.4Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability
networklow complexity -
CVE-2024-29003
7.5The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.
low complexityCWE-79 -
CVE-2024-28076
7.0The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the...
high complexityCWE-601 -
CVE-2023-39367
9.1An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...
Latest Critical Vulnerabilities
-
CVE-2023-39367
9.1An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...
-
CVE-2024-20997
9.9Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical -
CVE-2024-21010
9.9Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical -
CVE-2024-21014
9.8Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical -
CVE-2024-21071
9.1Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable...
networklow complexitycritical -
CVE-2024-21082
9.8Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability...
networklow complexitycritical -
CVE-2024-3777
9.8The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.
-
CVE-2024-3400 - Command Injection vulnerability in Paloaltonetworks Pan-Os 10.2.0/11.0.0/11.1.0
10.0A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature...