Aggregator

A vulnerability classified as problematic was found in Breadcrumbs2 Extension up to 1.39.10/1.41.4/1.42.3 on Mediawiki. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2025-23078. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linksys E7350 1.1.00.032. This affects the function vif_disable. The manipulation of the argument iface leads to command injection. This vulnerability is uniquely identified as CVE-2024-57228. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Linksys E7350 1.1.00.032. It has been rated as critical. Affected by this issue is the function apcli_do_enr_pbc_wps. The manipulation of the argument ifname leads to command injection. This vulnerability is handled as CVE-2024-57227. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Linksys E7350 1.1.00.032. It has been declared as critical. Affected by this vulnerability is the function vif_enable. The manipulation of the argument iface leads to command injection. This vulnerability is known as CVE-2024-57226. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Microweber 2.0.9. It has been classified as problematic. Affected is an unknown function of the file /admin/module/view?type=users. The manipulation of the argument First Name/Last Name leads to cross site scripting. This vulnerability is traded as CVE-2024-33299. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Microweber 2.0.9 and classified as problematic. This issue affects some unknown processing of the file /admin/module/view?type=admin__backup. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-33298. The attack may be initiated remotely. There is no exploit available.

A vulnerability has been found in Linksys E7350 1.1.00.032 and classified as critical. This vulnerability affects the function reset_wifi. The manipulation of the argument devname leads to command injection. This vulnerability was named CVE-2024-57225. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Linksys E7350 1.1.00.032. This affects the function apcli_do_enr_pin_wps. The manipulation of the argument ifname leads to command injection. This vulnerability is uniquely identified as CVE-2024-57224. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Linksys E7350 1.1.00.032. Affected by this issue is the function apcli_wps_gen_pincode. The manipulation of the argument ifname leads to command injection. This vulnerability is handled as CVE-2024-57223. The attack needs to be initiated within the local network. There is no exploit available.

Cryptocurrency Mixer Operators Indicted for Money Laundering

A vulnerability classified as problematic was found in Jan Syski MegaBIP up to 5.14. Affected by this vulnerability is an unknown functionality of the file /registered.php of the component Administrative Portal. The manipulation leads to file and directory information exposure. This vulnerability is known as CVE-2024-6880. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical has been found in Linksys E7350 1.1.00.032. Affected is the function apcli_cancel_wps. The manipulation of the argument ifname leads to command injection. This vulnerability is traded as CVE-2024-57222. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in vTiger CRM up to 6.1. It has been rated as problematic. This issue affects the function uploadAndSaveFile of the file CRMEntity.php of the component Documents Module. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-54687. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Jan Syski MegaBIP up to 5.14. It has been declared as problematic. This vulnerability affects unknown code of the file edytor/index.php?id=7,7,0. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-6662. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Spanish telecommunications company Telefónica confirms an internal ticketing system was breached after stolen data was leaked on a hacking forum. [...]

Cybercrime History Teaches That Paying a Ransom for Data Deletion Is Foolish
Data breach victim PowerSchool, maker of a widely used K-12 student information system platform, has been attempting to assure schools, and parents and guardians, by saying its attacker has promised to delete the stolen data. What's the old saying about those who fail to learn from history?

Firm Folds AI Studio, Gemini API Into DeepMind; Sets up World Model Team
Google is restructuring its artificial intelligence teams and forming a new division under its DeepMind unit. Both the AI Studio team and the Gemini API team will now be run under DeepMind, a shift Google says will make DeepMind's work more accessible to the public.

The Year of the Typhoon Highlights from this edition:

The post Below the Surface Winter 2024 Edition – The Year in Review appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post Below the Surface Winter 2024 Edition – The Year in Review appeared first on Security Boulevard.