Aggregator

A vulnerability was found in Premium Packages Plugin up to 5.9.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-7386. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Kodex Posts Likes Plugin up to 2.5.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-8713. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Xen and classified as critical. This vulnerability affects the function vlapic_error of the component APIC Architecture Handler. The manipulation leads to deadlock. This vulnerability was named CVE-2024-45817. Access to the local network is required for this attack. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as problematic, was found in WP GPX Maps Plugin up to 1.7.08 on WordPress. This affects an unknown part of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-9028. It is possible to initiate the attack remotely. There is no exploit available.

Создатель известной пиратской онлайн-библиотеки сообщил о своей болезни.

A vulnerability, which was classified as problematic, has been found in Material Design Icons Plugin up to 0.0.5 on WordPress. Affected by this issue is the function mdi-icon of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-9024. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical was found in REST API TO MiniProgram Plugin up to 4.7.1 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to sql injection. This vulnerability is known as CVE-2024-8484. The attack can be launched remotely. There is no exploit available.

HPE announced the expansion of HPE Aruba Networking Central, its security-first, AI-powered network management solution, with new AI insights and capabilities that include integration of OpsRamp for third-party network device monitoring of industry vendors such as Cisco, Juniper Networks, and Palo Alto Networks. New capabilities of HPE Aruba Networking Central also include an improved network device configuration engine, expanded network observability, and AI-generated network optimizations, powered by AI insights from a rapidly growing customer base. … More →

The post HPE unveils AI insights and third-party network device monitoring capabilities appeared first on Help Net Security.

A vulnerability classified as problematic has been found in PeepSo Community Plugin up to 6.4.6.0 on WordPress. Affected is an unknown function. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-7426. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in OneElements Plugin up to 1.3.7 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component SVG File Upload Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-9068. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in GutenGeek Free Gutenberg Blocks Plugin up to 1.1.3 on WordPress. It has been declared as problematic. This vulnerability affects unknown code of the component SVG File Upload Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9073. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Special Text Boxes Plugin up to 6.2.2 on WordPress. It has been classified as critical. This affects an unknown part of the component Shortcode Handler. The manipulation leads to improper authentication. This vulnerability is uniquely identified as CVE-2024-8481. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in SAP EnjoySAP and classified as problematic. Affected by this vulnerability is an unknown functionality of the component ActiveX Control. The manipulation leads to an unknown weakness. This vulnerability is known as CVE-2007-3608. The attack can be launched remotely. Furthermore, there is an exploit available.

卡巴斯基报告，Google Play 市场提供的两款应用“无他相机（Wuta Camera）”和 Max Browser 被发现含有了恶意 SDK。这两款应用的下载量达到 1100 万次。SDK 表面上支持广告展示，但背后使用了一系列复杂方法与恶意服务器秘密通信，上传用户数据并下载可随时执行和更新的恶意代码。该恶意程序家族被称为 Necro。在包含恶意 SDK 的应用中，无他相机下载量愈千万次，受影响的版本为 v6.3.2.148 到 6.3.6.148， Max Browser 下载量百万次，它已从 Google Play 下架。其它受影响应用包括了 Spotify、Minecraft、WhatsApp、Stumble Guys、Car Parking Multiplayer 和 Melon Sandbox 的修改版本。

A vulnerability was found in Scriptcase 9.4.019 and classified as problematic. Affected by this issue is some unknown functionality of the component URL Handler. The manipulation of the argument id_form_msg_title leads to cross site scripting. This vulnerability is handled as CVE-2024-8942. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Scriptcase 9.4.019 and classified as very critical. Affected by this vulnerability is an unknown functionality in the library /scriptcase/devel/lib/third/jquery_plugin/jQuery-File-Upload/server/php/ of the component POST Request Handler. The manipulation leads to unrestricted upload. This vulnerability is known as CVE-2024-8940. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Scriptcase 9.4.019. Affected is an unknown function of the file /scriptcase/devel/compat/nm_edit_php_edit.php. The manipulation of the argument subpage leads to path traversal. This vulnerability is traded as CVE-2024-8941. It is possible to launch the attack remotely. There is no exploit available.

The U.S. Department of Commerce (DoC) said it's proposing a ban on the import or sale of connected vehicles that integrate software and hardware made by foreign adversaries, particularly that of the People's Republic of China (PRC) and Russia. "The proposed rule focuses on hardware and software integrated into the Vehicle Connectivity System (VCS) and software integrated into the Automated

Absolute Security announced AI Threat Insights. This new AI-powered threat detection capability is now available through the Absolute Secure Access Security Service Edge (SSE) offering. With the AI Threat Insights module activated, customers using Absolute to continuously monitor all network traffic across PC fleets can detect and act against zero-day threats, ransomware, other malware, and suspicious user, device and application behaviors. This innovation provides proactive alerts to help organizations anticipate and respond to security risks, … More →

The post Absolute AI Threat Insights monitors, detects, and prioritizes suspicious activity appeared first on Help Net Security.

Cloudflare is now verifying WhatsApp’s Key Transparency audit proofs to ensure the security of end-to-end encrypted messaging conversations without having to manually check QR codes. We are publishing the results of the proof verification to https://dash.key-transparency.cloudflare.com for independent researchers and security experts to compare against WhatsApp’s. Cloudflare does not have access to underlying public key material or message metadata as part of this infrastructure.