HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code...
DropBox says hackers stole customer data, auth secrets from eSignature service
Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign...
US govt warns of pro-Russian hacktivists targeting water facilities
The US government is warning that pro-Russian hacktivists are seeking out and hacking into...
Infosec biz boss accused of BS'ing the world about his career, anti-crime product, customers
Your profile can be used to present content that appears more relevant based on your possible...
Panda Restaurants discloses data breach after corporate systems hack
Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San,...
US charges 16 over 'depraved' grandparent scams
Your profile can be used to present content that appears more relevant based on your possible...
French hospital CHC-SV refuses to pay LockBit extortion demand
The Hôpital de Cannes - Simone Veil in France announced it received a ransom demand from the...
Vulnerabilities by Risk level (Last 12 months)
Vulnerabilities by Vendor (Last 12 months)
Vendor | Last 12 months | # |
1281 | ||
Microsoft | 814 | |
Apple | 527 | |
Adobe | 487 | |
Fedoraproject | 484 |
Latest Vulnerabilities
-
CVE-2024-25575
8.8A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger...
-
CVE-2024-25648
8.8A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a...
-
CVE-2024-25938
8.8A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a...
-
CVE-2024-1895
7.5The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via...
networkhigh complexity -
CVE-2024-2663
8.3The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible for...
networklow complexity
Latest Critical Vulnerabilities
-
CVE-2024-3375
9.4Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from...
-
CVE-2024-4300
9.8E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login....
-
CVE-2024-3342
9.9The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including,...
networklow complexitycritical -
CVE-2024-4040 - Code Injection vulnerability in Crushftp
10.0A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem...
-
CVE-2023-39367
9.1An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...
-
CVE-2024-20997
9.9Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical -
CVE-2024-21010
9.9Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical -
CVE-2024-21014
9.8Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....
networklow complexitycritical