Aggregator

A vulnerability, which was classified as critical, was found in Apple Mac OS X up to 10.10. Affected is an unknown function of the component Online Store Kit. The manipulation leads to information disclosure. This vulnerability is traded as CVE-2015-5836. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Apple Mac OS X up to 10.10 and classified as critical. Affected by this vulnerability is an unknown functionality of the component AppleEvents. The manipulation leads to improper access controls. This vulnerability is known as CVE-2015-5849. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in Apple Mac OS X up to 10.11.0. Affected by this vulnerability is an unknown functionality of the component Directory Utility. The manipulation leads to improper access controls. This vulnerability is known as CVE-2015-6980. Attacking locally is a requirement. There is no exploit available. It is recommended to upgrade the affected component.

❗Disclaimer: This is Part 4 of our six-article series on Advanced Web Scraping. New to the series? C

在披露严重远程代码执行(RCE) 漏洞后，友讯（D-Link）建议旧型号 VPN 路由器的用户淘汰和更换其设备。CVE 编号尚未分配，漏洞细节尚未披露，因为公开细节可能会导致漏洞被广泛利用。目前所知的是该漏洞属于缓冲溢出漏洞，会导致未经身份验证的远程代码执行。友讯警告，如果客户继续使用受影响的产品，连接路由器的设备也会面临安全风险。受影响设备包括：DSR-150（2024 年 5 月终止支持)，DSR-150N (同上)，DSR-250(同上)，DSR-250N(同上)，DSR-500N (2015 年 9 月终止支持) 和 DSR-1000N (2015 年 10 月终止支持)。

A vulnerability was found in InfluxData InfluxDB up to 2.7.10 and classified as problematic. This issue affects some unknown processing. The manipulation leads to information disclosure. The identification of this vulnerability is CVE-2024-30896. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability has been found in wpmudev Branda Plugin up to 3.4.21 on WordPress and classified as problematic. This vulnerability affects the function remove_query_arg. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9371. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in britner Gutenberg Blocks with AI Plugin up to 3.3.3 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10785. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in MBed OS 6.16.0. Affected by this issue is some unknown functionality of the component HCI Parsing. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2024-48984. The attack needs to be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as problematic was found in codelizarplugs Ultimate YouTube Video & Shorts Player with Vimeo Plugin up to 3.3 on WordPress. Affected by this vulnerability is the function del_ytsingvid. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-11354. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in litestar up to 2.12.x. Affected is an unknown function of the component Multipart Form Handler. The manipulation leads to allocation of resources. This vulnerability is traded as CVE-2024-52581. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in codersaiful UltraAddons Plugin up to 1.1.8 on WordPress. It has been rated as problematic. This issue affects the function show_template of the component Shortcode Handler. The manipulation leads to authorization bypass. The identification of this vulnerability is CVE-2024-10696. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in wproyal Bard Extra Plugin up to 1.2.7 on WordPress. It has been declared as problematic. This vulnerability affects the function bardxtra_import_xml. The manipulation leads to missing authorization. This vulnerability was named CVE-2024-10532. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in babatechs Lock User Account Plugin up to 1.0.5 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to protection mechanism failure. This vulnerability is uniquely identified as CVE-2024-11197. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in krishaweb Contact Form 7 Email Add On Plugin up to 1.9 on WordPress and classified as critical. Affected by this issue is the function cf7_email_add_on_add_admin_template. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is handled as CVE-2024-10898. The attack may be launched remotely. There is no exploit available.

The CWE list of the 25 most dangerous software weaknesses demonstrates the currently most common and impactful software flaws. Identifying the root causes of these vulnerabilities provides insights to shape investments, policies, and practices that proactively prevent their occurrence. The CWE top 25 most dangerous software weaknesses list was calculated by analyzing public vulnerability information in Common Vulnerabilities and Exposures (CVE) Records for CWE root cause mappings. This year’s dataset included 31,770 CVE Records for … More →

The post CWE top 25 most dangerous software weaknesses appeared first on Help Net Security.

A vulnerability has been found in eSoft Planner 3.24.08271-USA and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-48533. The attack needs to be initiated within the local network. There is no exploit available.

2024-11-206 min readWhen cable cuts occur, whether submarine or terrestrial, they often result in ob

A vulnerability, which was classified as critical, was found in MBed OS 6.16.0. Affected is an unknown function of the component HCI Packet Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-48981. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in MBed OS 6.16.0. This issue affects some unknown processing of the component HCI Packet Handler. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-48985. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.