Aggregator

Over half of the most routinely exploited vulnerabilities worldwide in 2023 affected network devices and infrastructure, according to a cybersecurity advisory issued by CISA and other international cybersecurity agencies in November, 2024. Furthermore, the majority of the routinely exploited vulnerabilities were “initially exploited as a zero-day” which was a change from 2022, when the majority […]

The post CISA: Over Half of Top Routinely Exploited Vulnerabilities in 2023 Affected Network Devices and Infrastructure appeared first on Eclypsium | Supply Chain Security for the Modern Enterprise.

The post CISA: Over Half of Top Routinely Exploited Vulnerabilities in 2023 Affected Network Devices and Infrastructure appeared first on Security Boulevard.

The threat actor known as Mysterious Elephant has been observed using an advanced version of malware called Asyncshell. The attack campaign is said to have used Hajj-themed lures to trick victims into executing a malicious payload under the guise of a Microsoft Compiled HTML Help (CHM) file, the Knownsec 404 team said in an analysis published today. Mysterious Elephant, which is also known as

Threat actors with ties to Russia have been linked to a cyber espionage campaign aimed at organizations in Central Asia, East Asia, and Europe. Recorded Future's Insikt Group, which has assigned the activity cluster the name TAG-110, said it overlaps with a threat group tracked by the Computer Emergency Response Team of Ukraine (CERT-UA) as UAC-0063, which, in turn, overlaps with APT28. The

A vulnerability, which was classified as problematic, was found in AutoListicle Plugin up to 1.2.3 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11426. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Formidable Forms Plugin up to 6.16.1.2 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11188. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Payments Plugin and Checkout Plugin for WooCommerce Plugin up to 1.112.0 on WordPress. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-11362. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in JobBoardWP Plugin up to 1.3.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10880. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in WP Travel Engine Plugin up to 6.2.1 on WordPress. It has been rated as problematic. This issue affects some unknown processing of the component Setting Handler. The manipulation leads to missing authorization. The identification of this vulnerability is CVE-2024-10606. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in HIPAA Compliant Forms Plugin up to 1.3.4 on WordPress. It has been declared as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-11332. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Easy Liveblogs Plugin up to 2.3.5 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11387. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WP-Orphanage Extended Plugin up to 1.2 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. This vulnerability is handled as CVE-2024-11415. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Quotes llama Plugin up to 3.0.0 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-10874. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Twitter Follow Button Plugin up to 0.2 on WordPress. Affected is an unknown function. The manipulation of the argument username leads to cross site scripting. This vulnerability is traded as CVE-2024-10116. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in GuardGiant Brute Force Protection Plugin up to 2.2.6 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-10869. The attack may be initiated remotely. There is no exploit available.

Наука уличила квазары в превышении скорости роста.

A vulnerability classified as problematic was found in DeBounce Email Validator Plugin up to 5.6.5 on WordPress. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-11463. The attack can be initiated remotely. There is no exploit available.