Aggregator

A vulnerability was found in HCL Compass. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to permissive cross-domain policy with untrusted domains. This vulnerability is known as CVE-2022-42447. The attack can be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Content Blocks Plugin up to 3.3.0 on WordPress. Affected is the function content_block of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-3565. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Atlassian Jira Core Data Center up to 9.4.20/9.4.22/9.12.7/9.12.9/9.16.0. It has been classified as problematic. This affects an unknown part. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2024-21685. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in WC Product Table WooCommerce Product Table Lite Plugin up to 3.5.1 on WordPress. It has been classified as critical. This affects an unknown part. The manipulation leads to code injection. This vulnerability is uniquely identified as CVE-2024-43128. It is possible to initiate the attack remotely. There is no exploit available.

The authentication bypass vulnerability in the OS for the company's firewall devices is under increasing attack and being chained with other bugs, making it imperative for organizations to mitigate the issue ASAP.

A Threat Actor Claims to have Leaked the Data of Ferum Shop

Finastra notifies customers of data breach that took place more than three months ago, impacting sensitive financial information

A Threat Actor Claims to have Leaked The Unified State Register of Real Estate of the Russian Federation

Currently trending CVE - hypeScore: 3 - WeGIA is an open source Web Manager for Institutions with a focus on Portuguese language users. A SQL Injection vulnerability was discovered in the WeGIA application, `historico_paciente.php` endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, a

Currently trending CVE - hypeScore: 1 - Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires t

#Strapi RCE #KTOR-HTTP扫描 #Laravel Monolog 权限提升