APC Easy UPS Online Monitoring Software (Windows 10, 11 Windows Server 2016, 2019, 2022) Security Vulnerabilities

CVE-2024-37087

The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service...

CVE-2024-32111

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

CVE-2024-32111

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

CGA-wj46-pxqf-q6hp

Bulletin has no...

CGA-rhq3-96hj-736x

Bulletin has no...

CGA-vw8v-jp5f-5j9h

Bulletin has no...

CGA-w5gj-whrm-qjww

Bulletin has no...

CGA-v47p-72fh-m2pm

Bulletin has no...

CGA-v32q-j5hh-xh3q

Bulletin has no...

CGA-qm5w-6gg9-7g6f

Bulletin has no...

CGA-pwcc-4xxf-c48h

Bulletin has no...

CGA-m9fq-hq52-q783

Bulletin has no...

CGA-rxr7-qjj9-xf8j

Bulletin has no...

CGA-jr43-5p8x-5hw3

Bulletin has no...

CGA-hh84-2wfx-r9gj

Bulletin has no...

Stolen Singaporean Identities Sold on Dark Web Starting at $8

Singapore citizens, beware! Cybercriminals are targeting your digital identities and KYC data, starting at just $8, putting users at risk of exploitation. Learn how to protect your data, finances, and reputation with strong passwords, multi-factor authentication, and smart online...

CGA-gmc4-4vrp-848q

Bulletin has no...

CGA-87rr-22r2-g8x6

Bulletin has no...

CGA-cm7c-wjqw-rp4x

Bulletin has no...

CGA-598r-p58j-7rqf

Bulletin has no...

CGA-4xr7-qfjp-f5x2

Bulletin has no...

CGA-4xx5-vp4r-9vwm

Bulletin has no...

CGA-4vmm-7hrf-9rx6

Bulletin has no...

CGA-2jpm-8hrp-3x75

Bulletin has no...

CGA-2gpx-j9wf-x7gf

Bulletin has no...

Exploit for CVE-2024-6028

CVE-2024-6028-Poc CVE-2024-6028 Quiz Maker <= 6.5.8.3 -...

boltrics.com Cross Site Scripting vulnerability OBB-3938549

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-32111 WordPress core < 6.5.5 - Auth. Arbitrary .html File Read (Windows Only) vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Automattic WordPress allows Relative Path Traversal.This issue affects WordPress: from 6.5 through 6.5.4, from 6.4 through 6.4.4, from 6.3 through 6.3.4, from 6.2 through 6.2.5, from 6.1 through 6.1.6,.....

From Top Dogs to Unified Pack

Embracing a consolidated security ecosystem Authored by Ralph Wascow Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber...

CVE-2024-6302

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...

CVE-2024-6303

Missing authorization in Client-Server API in Conduit &lt;=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with....

CVE-2024-6303

Missing authorization in Client-Server API in Conduit &lt;=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with....

CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...

CVE-2024-6301

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...

CVE-2024-6302

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...

CVE-2024-5261

Improper Certificate Validation vulnerability in LibreOffice "LibreOfficeKit" mode disables TLS certification verification LibreOfficeKit can be used for accessing LibreOffice functionality through C/C++. Typically this is used by third party components to reuse LibreOffice as a library to...

CVE-2024-4846

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser...

CVE-2024-4846

Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser...

CVE-2024-6299

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry...

CVE-2024-6299

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry...

CGA-w7pc-vv6c-4fmm

Bulletin has no...

CGA-vwqx-qf6m-p26p

Bulletin has no...

CGA-j2qw-2x9r-mg22

Bulletin has no...

CGA-5vrr-fvvw-xjq3

Bulletin has no...

CVE-2024-6299 Use of a Key Past its Expiration Date in Conduit

Lack of consideration of key expiry when validating signatures in Conduit, allowing an attacker which has compromised an expired key to forge requests as the remote server, as well as PDUs with timestamps past the expiry...

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...

CVE-2024-6301 Origin Validation Error in Conduit

Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...

CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...

CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...

CVE-2024-6303 Missing Authorization in Conduit

Missing authorization in Client-Server API in Conduit &lt;=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with....