Aggregator

A vulnerability was found in krishaweb Contact Form 7 Email Add On Plugin up to 1.9 on WordPress and classified as critical. Affected by this issue is the function cf7_email_add_on_add_admin_template. The manipulation leads to improper control of filename for include/require statement in php program ('php remote file inclusion'). This vulnerability is handled as CVE-2024-10898. The attack may be launched remotely. There is no exploit available.

The CWE list of the 25 most dangerous software weaknesses demonstrates the currently most common and impactful software flaws. Identifying the root causes of these vulnerabilities provides insights to shape investments, policies, and practices that proactively prevent their occurrence. The CWE top 25 most dangerous software weaknesses list was calculated by analyzing public vulnerability information in Common Vulnerabilities and Exposures (CVE) Records for CWE root cause mappings. This year’s dataset included 31,770 CVE Records for … More →

The post CWE top 25 most dangerous software weaknesses appeared first on Help Net Security.

A vulnerability has been found in eSoft Planner 3.24.08271-USA and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-48533. The attack needs to be initiated within the local network. There is no exploit available.

2024-11-206 min readWhen cable cuts occur, whether submarine or terrestrial, they often result in ob

A vulnerability, which was classified as critical, was found in MBed OS 6.16.0. Affected is an unknown function of the component HCI Packet Handler. The manipulation leads to buffer overflow. This vulnerability is traded as CVE-2024-48981. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability, which was classified as critical, has been found in MBed OS 6.16.0. This issue affects some unknown processing of the component HCI Packet Handler. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-48985. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical was found in MBed OS 6.16.0. This vulnerability affects unknown code of the component HCI Parsing. The manipulation leads to buffer overflow. This vulnerability was named CVE-2024-48982. The attack can only be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability classified as critical has been found in MBed OS up to 6.16.0. This affects the function WsfMsgAlloc of the component HCI Packet Handler. The manipulation leads to buffer overflow. This vulnerability is uniquely identified as CVE-2024-48983. The attack needs to be approached within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in MyBB 1.8.38. It has been rated as problematic. Affected by this issue is some unknown functionality of the file install\index.php. The manipulation of the argument Website Name leads to cross site scripting. This vulnerability is handled as CVE-2024-52702. The attack may be launched remotely. There is no exploit available.

新闻速览 •RaaS威胁不断升级，渗透测试技能成为勒索软件团伙新宠 •悬赏400万美元！全球最大规模&#822 […]

根据GitGuardian和CyberArk的研究显示，79%的IT决策者报告经历过凭证泄露事件，较上年的75 […]

A vulnerability was found in ifso If-So Dynamic Content Personalization Plugin up to 1.9.2.1 on WordPress. It has been declared as problematic. Affected by this vulnerability is the function ifso-show-post of the component Shortcode Handler. The manipulation leads to information disclosure. This vulnerability is known as CVE-2024-10796. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in EngineThemes ForumEngine Theme up to 1.8 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-10623. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Mbed OS 6.16.0 and classified as critical. This issue affects some unknown processing of the component HCI Parsing. The manipulation leads to buffer overflow. The identification of this vulnerability is CVE-2024-48986. The attack needs to be done within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in IBM DB2 and DB2 Connect Server 11.1/11.5 and classified as critical. This vulnerability affects unknown code of the component Query Handler. The manipulation leads to denial of service. This vulnerability was named CVE-2024-45663. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

2024年11月21日，以“‘廿’念不忘，‘新’之所向”为主题的“第二十届数字金融联合宣传年智享2024特别活 […]

Ford data breach involved a third-party supplier Pierluigi Paga

The Justice Department unsealed charges against five men accused of running prolific phishing campa

U.S. federal government contractors, healthcare providers, public school systems and a law enforcem

Threat actors are exploiting a new cash-out tactic called “Ghost Tap” to siphon funds from stolen credit card details linked to mobile payment services like Google Pay or Apple Pay, which involves relaying NFC traffic, enabling unauthorized transactions without physical access to the victim’s device.  By understanding this emerging threat, financial institutions can enhance their […]

The post Ghost Tap Attack, Hackers Stolen Credit Card Linked To Google Pay Or Apple Pay appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.