Aggregator

A vulnerability classified as problematic was found in 140+ Widgets Plugin up to 1.4.3 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-4440. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in HCL Commerce 9.1.12/9.1.13. This affects an unknown part. The manipulation leads to improper authorization. This vulnerability is uniquely identified as CVE-2024-23576. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Google Chrome. Affected by this issue is some unknown functionality of the component V8. The manipulation leads to out-of-bounds write. This vulnerability is handled as CVE-2024-4761. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS up to 14.4. It has been classified as critical. This affects an unknown part of the component App. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2024-27829. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in Apple iOS and iPadOS up to 17.4. Affected is an unknown function of the component Webpage Handler. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2024-27852. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

Veriti research recently analyzed stolen data that was published in a telegram group named “Daisy Cloud” (potentially associated with the RedLine Stealer), exposing the inner workings of a cybercrime marketplace. This group offers thousands of stolen credentials in an ongoing basis across a wide range of services, from crypto exchanges to government portals, at disturbingly […]

The post Inside Daisy Cloud: 30K Stolen Credentials Exposed  appeared first on VERITI.

The post Inside Daisy Cloud: 30K Stolen Credentials Exposed  appeared first on Security Boulevard.

A vulnerability classified as critical has been found in Bluestar Micro Mall 1.0. Affected is an unknown function of the file /api/data.php. The manipulation of the argument Search leads to sql injection. This vulnerability is traded as CVE-2025-2951. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

#SKBD #Linux #SSH #Backdoor #Persistence #Injection #Tyrant

The Walmart-owned membership warehouse club chain Sam’s Club is investigating claims of a Cl0p ransomware security breach. Sam’s Club is a membership warehouse club chain in the United States, owned by Walmart. Founded in 1983 by Sam Walton, Walmart’s founder, as Sam’s Wholesale Club, it was renamed Sam’s Club in 1990. These stores operate on a bulk […]

Name: VolgaCTF 2025 Qualifier (an VolgaCTF Qualifier event.)
Date: March 29, 2025, noon — 30 March 2025, 12:00 UTC  [add to calendar]
Format: Jeopardy
On-line
Offical URL: https://q.2025.volgactf.ru/
Rating weight: 27.14
Event organizers: VolgaCTF.org

360与省代、客户共筑数字安全“黄金三角”

360与省代、客户共筑数字安全“黄金三角”

360与省代、客户共筑数字安全“黄金三角”

360与省代、客户共筑数字安全“黄金三角”

360与省代、客户共筑数字安全“黄金三角”

360与省代、客户共筑数字安全“黄金三角”

Currently trending CVE - Hype Score: 1 - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx ...

Currently trending CVE - Hype Score: 1 - A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the ...

Currently trending CVE - Hype Score: 1 - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitrary code execution in the context of ...

Currently trending CVE - Hype Score: 1 - A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context of the ingress-nginx controller, and ...