Mandiant: Orgs are detecting cybercriminals faster than ever
Mandiant: Orgs are detecting cybercriminals faster than ever

Mandiant: Orgs are detecting cybercriminals faster than ever

2024-04-23 13:05

Mandiant says the small increase over last year's figures, which were the lowest ever...

UnitedHealth admits breach could 'cover substantial proportion of people in America'

UnitedHealth admits breach could 'cover substantial proportion of people in America'

2024-04-23 12:30

Your profile can be used to present content that appears more relevant based on your possible...

Grab 9 Ethical Hacking Courses for $30 and Improve Your Business Security

Grab 9 Ethical Hacking Courses for $30 and Improve Your Business Security

2024-04-23 12:00

TL;DR: If you want to improve your knowledge of cybersecurity, The All-in-One Ethical Hacking...

Can a VPN Be Hacked?

Can a VPN Be Hacked?

2024-04-23 11:37

Here we looked into the different types of VPNs, VPN benefits and drawbacks, and a few popular...

Webinar: Learn Proactive Supply Chain Threat Hunting Techniques

Webinar: Learn Proactive Supply Chain Threat Hunting Techniques

2024-04-23 11:28

In the high-stakes world of cybersecurity, the battleground has shifted. Supply chain attacks...

Microsoft and Security Incentives

Microsoft and Security Incentives

2024-04-23 11:09

Grotto told us Microsoft had to be "Dragged kicking and screaming" to provide logging...

Leicester streetlights take ransomware attack personally, shine on 24/7

Leicester streetlights take ransomware attack personally, shine on 24/7

2024-04-23 11:05

Your profile can be used to present content that appears more relevant based on your possible...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 4079
High 9783
Medium 11585
Low 394

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Google 1326
Microsoft 829
Fedoraproject 536
Apple 531
Adobe 515

Latest Vulnerabilities

  • CVE-2024-29991

    5.0

    Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability

    network
    high complexity
    5.0

  • CVE-2024-29986

    5.4

    Microsoft Edge for Android (Chromium-based) Information Disclosure Vulnerability

    network
    low complexity
    5.4

  • CVE-2024-29003

    7.5

    The SolarWinds Platform was susceptible to a XSS vulnerability that affects the maps section of the user interface. This vulnerability requires authentication and requires user interaction.

    low complexity
    CWE-79
    7.5

  • CVE-2024-28076

    7.0

    The SolarWinds Platform was susceptible to a Arbitrary Open Redirection Vulnerability. A potential attacker can redirect to different domain when using URL parameter with relative entry in the...

    high complexity
    CWE-601
    7.0

  • CVE-2023-39367

    9.1

    An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...

    network
    low complexity
    CWE-78
    critical
    9.1

Latest Critical Vulnerabilities

  • CVE-2023-39367

    9.1

    An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...

    network
    low complexity
    CWE-78
    critical
    9.1

  • CVE-2024-20997

    9.9

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.9

  • CVE-2024-21010

    9.9

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.9

  • CVE-2024-21014

    9.8

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.8

  • CVE-2024-21071

    9.1

    Vulnerability in the Oracle Workflow product of Oracle E-Business Suite (component: Admin Screens and Grants UI). Supported versions that are affected are 12.2.3-12.2.13. Easily exploitable...

    network
    low complexity
    critical
    9.1

  • CVE-2024-21082

    9.8

    Vulnerability in the Oracle BI Publisher product of Oracle Analytics (component: XML Services). Supported versions that are affected are 7.0.0.0.0 and 12.2.1.4.0. Easily exploitable vulnerability...

    network
    low complexity
    critical
    9.8

  • CVE-2024-3777

    9.8

    The password reset feature of Ai3 QbiBot lacks proper access control, allowing unauthenticated remote attackers to reset any user's password.

    network
    low complexity
    CWE-284
    critical
    9.8

  • CVE-2024-3400 - Command Injection vulnerability in Paloaltonetworks Pan-Os 10.2.0/11.0.0/11.1.0

    10.0

    A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature...

    network
    low complexity
    paloaltonetworks CWE-77
    critical
    10