Aggregator

A vulnerability classified as critical has been found in WebCodingPlace Ultimate Classified Listings Plugin up to 1.4 on WordPress. Affected is an unknown function. The manipulation leads to path traversal. This vulnerability is traded as CVE-2024-52448. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Navneil Naicer Bootscraper Plugin up to 2.1.0 on WordPress. It has been rated as critical. This issue affects some unknown processing. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-52449. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Linux Kernel up to 2.4.28/2.6.9. This affects the function ip_options_get. The manipulation leads to memory corruption. This vulnerability is uniquely identified as CVE-2004-1335. The attack needs to be approached within the local network. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Moodle. It has been classified as problematic. This affects an unknown part of the component oauth2. The manipulation leads to improper control of resource identifiers. This vulnerability is uniquely identified as CVE-2024-45690. The attack needs to be done within the local network. There is no exploit available.

印度外包巨头 Infosys 联合创始人 Narayama Murthy 重申了他早先的言论：印度需要每周工作 70 小时，周末是一种错误。他再次宣称不相信工作和生活的平衡。他表示会将自己的观点一直带到坟墓里。Murthy 及其有同样想法的人所坚持的观点是：印度是一个贫穷的国家，需要努力提高自己，工作与生活之间的平衡可以等等再说。他称，坦白地说，印度在 1986 年将每周工作六天改为工作五天时他感到失望。Murthy 声称在退休前自己每周工作六天半，每天通常工作 14 小时 10 分钟，早上 6:20 打卡上班，晚上 8:30 下班。

A vulnerability classified as critical has been found in Mitsubishi Electric MELSEC iQ-F FX5-ENET IP. Affected is an unknown function of the component SLMP Packet Handler. The manipulation leads to improper validation of specified type of input. This vulnerability is traded as CVE-2024-8403. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Sirv Plugin up to 7.3.0 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-10855. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic was found in ProfileGrid Plugin up to 5.9.3.6 on WordPress. Affected by this vulnerability is an unknown functionality of the component User Meta Handler. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-10900. The attack can be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in WooCommerce Product Table Lite Plugin up to 3.8.6 on WordPress. Affected by this issue is some unknown functionality of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-10899. The attack may be launched remotely. There is no exploit available.

A vulnerability has been found in Booster for WooCommerce Plugin up to 7.2.3 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross site scripting. This vulnerability was named CVE-2024-9239. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in GD bbPress Attachments Plugin up to 4.7.2 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-11278. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in 404 Solution Plugin up to 2.35.19 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-11277. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Restaurant Menu Plugin up to 2.4.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-9653. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in MailMunch MailChimp Forms Plugin up to 3.2.3 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-8726. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as critical has been found in MStore API Plugin up to 4.15.7 on WordPress. This affects an unknown part. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-11179. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Getwid Plugin up to 2.0.12 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10872. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in Pdfcrowd Save as PDF Plugin up to 4.2.1 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-10891. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in Yaad Sarig Payment Gateway for WC Plugin up to 2.2.4 on WordPress and classified as critical. Affected by this issue is some unknown functionality of the component Log Handler. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-10665. The attack may be launched remotely. There is no exploit available.

San Francisco, California – Today the U.S. Department of Commerce and U.S. Department of State are co-hosting the inaugural convening of the International Network of AI Safety Institutes, a new global effort to advance the science of AI safety and

Today, the Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. 

USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. 

This report offers examples to help organizations strengthen their cybersecurity posture through use cases, recommended actions, and resources. USDA successfully implemented MFA by adopting a centralized model, making incremental improvements, and addressing specific use cases. Organizations facing challenges with phishing-resistant authentication are encouraged to review this report. 

For more information about phishing-resistant MFA, visit Phishing-Resistant MFA is Key to Peace of Mind and Implementing Phishing-Resistant MFA.