Aggregator

A vulnerability has been found in Sophos XG Firewall up to 17.5 MR12 and classified as critical. Affected by this vulnerability is an unknown functionality of the component HTTPS Bookmark Handler. The manipulation leads to buffer overflow. This vulnerability is known as CVE-2020-15069. The attack can be launched remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in SonicWALL SonicOS 6.0.5.3/6.5.1.12/6.5.4.7/6.5.4.v/7.0.0.0. It has been rated as critical. Affected by this issue is some unknown functionality. The manipulation leads to buffer overflow. This vulnerability is handled as CVE-2020-5135. The attack may be launched remotely. Furthermore, there is an exploit available.

CISA and the FDA are warning that Contec CMS8000 and Epsimed MN-120 patient monitors are open to meddling and data theft; Claroty Team82 flagged the vulnerability as an avoidable insecure design issue.

A vulnerability, which was classified as problematic, has been found in wptableeditor Table Editor Plugin up to 1.5.1 on WordPress. This issue affects the function wptableeditor_vtabs of the component Shortcode Handler. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13661. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in wpbean WP Post List Table Plugin up to 1.0.3 on WordPress. Affected is the function wpb_post_list_table of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-13664. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in filipmedia WP Image Uploader Plugin up to 1.0.1 on WordPress. It has been declared as problematic. This vulnerability affects the function gky_image_uploader_main_function. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-13707. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in malcolm-oph StageShow Plugin up to 9.8.6 on WordPress. It has been rated as problematic. This issue affects the function remove_query_arg. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13705. The attack may be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in efreja Music Sheet Viewer Plugin up to 4.1 on WordPress. Affected by this issue is the function pn_msv of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-13670. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in spanrig Embed Swagger UI Plugin up to 1.0.0 on WordPress. This affects the function wpsgui of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-13700. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Your Google Map Professional Plugin up to 1.0 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-13220. The attack may be initiated remotely. There is no exploit available.

The National Security Agency (NSA) has launched Ghidra 11.3, the latest version of its open-source software reverse engineering (SRE) framework. The National Security Agency (NSA) has developed Ghidra, a cutting-edge Software Reverse Engineering (SRE) framework designed to analyze compiled code across multiple platforms, including Windows, macOS, and Linux. This open-source tool offers disassembly, decompilation, debugging, […]

The post Ghidra 11.3 Released – NSA’s Powerful Reverse Engineering Tool appeared first on Cyber Security News.

Password and credential monitoring are essential. Spot compromised accounts early and stop breaches before they happen.

The post Five Must-Know Insights for Credential Monitoring appeared first on Security Boulevard.

UNDERGROUND-NET Defaced and Leaked the Data of SM Health Care Sdn Bhd

Node Denial of Service via kubelet Checkpoint API

TechSpective Podcast Episode 146   Loneliness is a powerful emotion, and scammers know how to exploit it. Every year, in the weeks leading up to Valentine’s Day, there is a sharp rise in online romance scams. Similar spikes occur around […]

The post How Romance Scammers Prey on Vulnerability appeared first on TechSpective.

The post How Romance Scammers Prey on Vulnerability appeared first on Security Boulevard.

Authors/Presenters: Chloé Messdaghi, Kasimir Schulz

Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel.

Permalink

The post DEF CON 32 – Got 99 Problems But Prompt Injection Ain’t Pineapple appeared first on Security Boulevard.

A vulnerability has been found in Smartcom Bulgaria AD SAM-4G1G-TT-W-VC and SAM-4F1F-TT-W-A1 and classified as problematic. This vulnerability affects unknown code of the component WiFi Password Handler. The manipulation leads to use of default password. This vulnerability was named CVE-2025-22936. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in IBM Jazz for Service Management up to 1.1.3.23. This affects an unknown part of the component Web UI. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-52892. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.