HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
HPE Aruba Networking fixes four critical RCE flaws in ArubaOS

HPE Aruba Networking fixes four critical RCE flaws in ArubaOS

2024-05-01 22:31

HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code...

DropBox says hackers stole customer data, auth secrets from eSignature service

DropBox says hackers stole customer data, auth secrets from eSignature service

2024-05-01 22:22

Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign...

US govt warns of pro-Russian hacktivists targeting water facilities

US govt warns of pro-Russian hacktivists targeting water facilities

2024-05-01 19:14

The US government is warning that pro-Russian hacktivists are seeking out and hacking into...

Infosec biz boss accused of BS'ing the world about his career, anti-crime product, customers

Infosec biz boss accused of BS'ing the world about his career, anti-crime product, customers

2024-05-01 18:58

Your profile can be used to present content that appears more relevant based on your possible...

Panda Restaurants discloses data breach after corporate systems hack

Panda Restaurants discloses data breach after corporate systems hack

2024-05-01 17:35

Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San,...

US charges 16 over 'depraved' grandparent scams

US charges 16 over 'depraved' grandparent scams

2024-05-01 17:00

Your profile can be used to present content that appears more relevant based on your possible...

French hospital CHC-SV refuses to pay LockBit extortion demand

French hospital CHC-SV refuses to pay LockBit extortion demand

2024-05-01 16:38

The Hôpital de Cannes - Simone Veil in France announced it received a ransom demand from the...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 3812
High 9199
Medium 10765
Low 371

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Google 1281
Microsoft 814
Apple 527
Adobe 487
Fedoraproject 484

Latest Vulnerabilities

  • CVE-2024-25575

    8.8

    A type confusion vulnerability vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Lock object. A specially crafted Javascript code inside a malicious PDF document can trigger...

    network
    low complexity
    CWE-843
    8.8

  • CVE-2024-25648

    8.8

    A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a ComboBox widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a...

    network
    low complexity
    CWE-416
    8.8

  • CVE-2024-25938

    8.8

    A use-after-free vulnerability exists in the way Foxit Reader 2024.1.0.23997 handles a Barcode widget. A specially crafted JavaScript code inside a malicious PDF document can trigger reuse of a...

    network
    low complexity
    CWE-416
    8.8

  • CVE-2024-1895

    7.5

    The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via...

    network
    high complexity
    7.5

  • CVE-2024-2663

    8.3

    The ZD YouTube FLV Player plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 1.2.6 via the $_GET['image'] parameter. This makes it possible for...

    network
    low complexity
    8.3

Latest Critical Vulnerabilities

  • CVE-2024-3375

    9.4

    Incorrect Permission Assignment for Critical Resource vulnerability in Havelsan Inc. Dialogue allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Dialogue: from...

    network
    low complexity
    CWE-732
    critical
    9.4

  • CVE-2024-4300

    9.8

    E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login....

    network
    low complexity
    CWE-200
    critical
    9.8

  • CVE-2024-3342

    9.9

    The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including,...

    network
    low complexity
    critical
    9.9

  • CVE-2024-4040 - Code Injection vulnerability in Crushftp

    10.0

    A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem...

    network
    low complexity
    crushftp CWE-94
    critical
    10

  • CVE-2023-39367

    9.1

    An OS command injection vulnerability exists in the web interface mac2name functionality of Peplink Smart Reader v1.2.0 (in QEMU). A specially crafted HTTP request can lead to arbitrary command...

    network
    low complexity
    CWE-78
    critical
    9.1

  • CVE-2024-20997

    9.9

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.9

  • CVE-2024-21010

    9.9

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.9

  • CVE-2024-21014

    9.8

    Vulnerability in the Oracle Hospitality Simphony product of Oracle Food and Beverage Applications (component: Simphony Enterprise Server). Supported versions that are affected are 19.1.0-19.5.4....

    network
    low complexity
    critical
    9.8