Lucene search

K

Sermon'e – Sermons Online Security Vulnerabilities

hackread
hackread

Surfshark VPN Brings Data Breach Awareness with See-Through Toilet Campaign

By Waqas Surfshark pulls a unique stunt in London with a see-through toilet! This security campaign uses public discomfort to spark a conversation about online data privacy. Learn how Surfshark VPN can help you protect your information. This is a post from HackRead.com Read the original post:...

7.2AI Score

2024-05-13 12:16 PM
19
krebs
krebs

How Did Authorities Identify the Alleged Lockbit Boss?

Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how...

7.1AI Score

2024-05-13 11:26 AM
10
cvelist
cvelist

CVE-2024-4798 SourceCodester Online Computer and Laptop Store manage_brand.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

6.3CVSS

7AI Score

0.0004EPSS

2024-05-12 01:31 PM
vulnrichment
vulnrichment

CVE-2024-4798 SourceCodester Online Computer and Laptop Store manage_brand.php sql injection

A vulnerability, which was classified as critical, has been found in SourceCodester Online Computer and Laptop Store 1.0. Affected by this issue is some unknown functionality of the file /admin/maintenance/manage_brand.php. The manipulation of the argument id leads to sql injection. The attack may....

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-12 01:31 PM
cvelist
cvelist

CVE-2024-4797 Campcodes Online Laundry Management System ajax.php cross site scripting

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been declared as problematic. This vulnerability affects unknown code of the file /ajax.php. The manipulation of the argument name/customer_name/username leads to cross site scripting. The attack can be initiated...

3.5CVSS

4.2AI Score

0.0004EPSS

2024-05-12 07:31 AM
vulnrichment
vulnrichment

CVE-2024-4796 Campcodes Online Laundry Management System manage_inv.php sql injection

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as critical. This affects an unknown part of the file /manage_inv.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-12 06:31 AM
cvelist
cvelist

CVE-2024-4796 Campcodes Online Laundry Management System manage_inv.php sql injection

A vulnerability was found in Campcodes Online Laundry Management System 1.0. It has been classified as critical. This affects an unknown part of the file /manage_inv.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely. The exploit has...

6.3CVSS

7AI Score

0.0004EPSS

2024-05-12 06:31 AM
cvelist
cvelist

CVE-2024-4795 Campcodes Online Laundry Management System manage_user.php sql injection

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

6.3CVSS

7AI Score

0.0004EPSS

2024-05-12 05:31 AM
2
vulnrichment
vulnrichment

CVE-2024-4795 Campcodes Online Laundry Management System manage_user.php sql injection

A vulnerability was found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /manage_user.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit...

6.3CVSS

7.3AI Score

0.0004EPSS

2024-05-12 05:31 AM
cvelist
cvelist

CVE-2024-4794 Campcodes Online Laundry Management System manage_receiving.php sql injection

A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /manage_receiving.php. The manipulation of the argument id leads to sql injection. The attack can be launched...

6.3CVSS

7.1AI Score

0.0004EPSS

2024-05-12 03:31 AM
vulnrichment
vulnrichment

CVE-2024-4793 Campcodes Online Laundry Management System manage_laundry.php sql injection

A vulnerability, which was classified as critical, was found in Campcodes Online Laundry Management System 1.0. Affected is an unknown function of the file /manage_laundry.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The exploit has....

6.3CVSS

7.4AI Score

0.0004EPSS

2024-05-12 03:00 AM
cvelist
cvelist

CVE-2024-4792 Campcodes Online Laundry Management System admin_class.php sql injection

A vulnerability, which was classified as critical, has been found in Campcodes Online Laundry Management System 1.0. This issue affects some unknown processing of the file /admin_class.php. The manipulation of the argument...

6.3CVSS

7.1AI Score

0.0004EPSS

2024-05-12 02:00 AM
nessus
nessus

FreeBSD : chromium -- multiple security fixes (3cf8ea44-1029-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 3cf8ea44-1029-11ef-9f97-a8a1599412c6 advisory. Use after free in Visuals. (CVE-2024-4671) Note that Nessus has not tested for this issue but has...

9.6CVSS

9.6AI Score

0.001EPSS

2024-05-12 12:00 AM
3
nessus
nessus

RHEL 6 : kernel (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. kernel: Buffer overflow due to unbounded strcpy in ISDN I4L driver (CVE-2017-12762) kernel: lack of port...

8.7AI Score

EPSS

2024-05-11 12:00 AM
43
malwarebytes
malwarebytes

Dell notifies customers about data breach

Dell is warning its customers about a data breach after a cybercriminal offered a 49 million-record database of information about Dell customers on a cybercrime forum. A cybercriminal called Menelik posted the following message on the “Breach Forums” site: “The data includes 49 million customer...

7.5AI Score

2024-05-10 02:04 PM
8
cvelist
cvelist

CVE-2024-32985 Stellar-core's Overlay - security fix for DDoS mitigation

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online...

5.9CVSS

6AI Score

0.0004EPSS

2024-05-09 08:54 PM
vulnrichment
vulnrichment

CVE-2024-32985 Stellar-core's Overlay - security fix for DDoS mitigation

Stellar-core is a reference implementation for the peer-to-peer agent that manages the Stellar network. Prior to 20.4.0, core nodes could be randomly crashed due to a race condition with a 3rd party library. The likelihood of affecting the network is low since crashed nodes come back up online...

5.9CVSS

7AI Score

0.0004EPSS

2024-05-09 08:54 PM
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (April 29, 2024 to May 5, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 164 vulnerabilities disclosed in 145...

9.8CVSS

9.7AI Score

EPSS

2024-05-09 04:49 PM
13
github
github

How AI enhances static application security testing (SAST)

In a 2023 GitHub survey, developers reported that their top task, second only to writing code (32%), was finding and fixing security vulnerabilities (31%). As their teams "shift left" and integrate security checks earlier into the software development lifecycle (SDLC), developers have become the...

7.8AI Score

2024-05-09 04:00 PM
6
malwarebytes
malwarebytes

DocGo patient health data stolen in cyberattack

Medical health care provider DocGo has disclosed in a form 8-K that it experienced a cybersecurity incident involving some of the company’s systems. As part of the investigation of the incident, the company says it has determined that the attacker accessed and acquired data, including certain...

7.7AI Score

2024-05-09 10:46 AM
9
nessus
nessus

FreeBSD : Gitlab -- vulnerabilities (fbc2c629-0dc5-11ef-9850-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the fbc2c629-0dc5-11ef-9850-001b217b3468 advisory. Gitlab reports: ReDoS in branch search when using wildcards ReDoS in markdown render pipeline...

6.5CVSS

5.8AI Score

EPSS

2024-05-09 12:00 AM
1
nessus
nessus

FreeBSD : electron29 -- multiple vulnerabilities (ec994672-5284-49a5-a7fc-93c02126e5fb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ec994672-5284-49a5-a7fc-93c02126e5fb advisory. Use after free in V8 in Google Chrome prior to 124.0.6367.60 allowed a remote attacker to...

7.7AI Score

0.0005EPSS

2024-05-09 12:00 AM
4
nessus
nessus

FreeBSD : electron29 -- multiple vulnerabilities (059a99a9-45e0-492b-b9f9-5a79573c8eb6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 059a99a9-45e0-492b-b9f9-5a79573c8eb6 advisory. Type confusion in ANGLE in Google Chrome prior to 124.0.6367.78 allowed a remote attacker to...

8.8CVSS

9.4AI Score

0.001EPSS

2024-05-08 12:00 AM
5
hackread
hackread

Hackers Leak COVID-19 Data of 820K Dominicans, Including Vaccination Info

By Deeba Ahmed A massive data leak of 820,000 Dominicans' personal information (including COVID vaccination status) has been leaked online puting individuals at risk of identity theft, scams, and social engineering attacks. This is a post from HackRead.com Read the original post: Hackers Leak...

7AI Score

2024-05-07 11:46 AM
5
nvd
nvd

CVE-2024-4186

The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible...

9.8CVSS

9.7AI Score

0.001EPSS

2024-05-07 06:15 AM
cve
cve

CVE-2024-4186

The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible...

9.8CVSS

7AI Score

0.001EPSS

2024-05-07 06:15 AM
33
cvelist
cvelist

CVE-2024-4186

The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it possible...

9.8CVSS

9.8AI Score

0.001EPSS

2024-05-07 05:32 AM
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (OEM) vulnerabilities (USN-6765-1)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6765-1 advisory. In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed...

7.8CVSS

7.5AI Score

EPSS

2024-05-07 12:00 AM
6
nessus
nessus

Ubuntu 20.04 LTS / 22.04 LTS : Linux kernel vulnerabilities (USN-6766-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6766-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...

7.8CVSS

7.1AI Score

EPSS

2024-05-07 12:00 AM
18
wpvulndb
wpvulndb

Edwiser Bridge < 3.0.6 - Authentication Bypass due to Missing Empty Value Check

Description The Build App Online plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.0.5. This is due to the 'eb_user_email_verification_key' default value is empty, and the not empty check is missing in the 'eb_user_email_verify' function. This makes it....

9.8CVSS

7.1AI Score

0.001EPSS

2024-05-07 12:00 AM
5
nessus
nessus

Ubuntu 18.04 LTS / 20.04 LTS : Linux kernel vulnerabilities (USN-6767-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6767-1 advisory. In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able...

7.8CVSS

6.7AI Score

0.0004EPSS

2024-05-07 12:00 AM
23
wpvulndb
wpvulndb

Masteriyo - LMS < 1.7.4 - Insecure Direct Object Reference

Description The Masteriyo LMS – eLearning and Online Course Builder for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.7.3 via the REST API due to missing validation on a user controlled key. This makes it possible for...

6.5AI Score

EPSS

2024-05-07 12:00 AM
4
malwarebytes
malwarebytes

&#8220;No social media &#8217;til 16,&#8221; and other fixes for a teen mental health crisis, with Dr. Jean Twenge: Lock and Code S04E10

_This week on the Lock and Code podcast… _ You’ve likely felt it: The dull pull downwards of a smartphone scroll. The “five more minutes” just before bed. The sleep still there after waking. The edges of your calm slowly fraying. After more than a decade of our most recent technological...

7.3AI Score

2024-05-06 03:13 PM
3
securelist
securelist

Financial cyberthreats in 2023

Money is what always attracts cybercriminals. A significant share of scam, phishing and malware attacks is about money. With trillions of dollars of digital payments made every year, it is no wonder that attackers target electronic wallets, online shopping accounts and other financial assets,...

7.3AI Score

2024-05-06 10:00 AM
16
malwarebytes
malwarebytes

A week in security (April 29 &#8211; May 5)

Last week on Malwarebytes Labs: You get a passkey, you get a passkey, everyone should get a passkey Dropbox Sign customer data accessed in breach Watch out for tech support scams lurking in sponsored search results Psychotherapy practice hacker gets jail time after extorting patients, publishing...

7.2AI Score

2024-05-06 08:40 AM
13
nessus
nessus

Debian dsa-5681 : affs-modules-5.10.0-29-4kc-malta-di - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5681 advisory. Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an...

8CVSS

8.2AI Score

0.0005EPSS

2024-05-06 12:00 AM
14
hackread
hackread

A Checklist for What Every Online Coding Class for Kids Needs

By Uzair Amir Is your coding class engaging and effective? Learn what makes the best online coding classes for kids fun, effective, and future-proof! This is a post from HackRead.com Read the original post: A Checklist for What Every Online Coding Class for Kids...

7.3AI Score

2024-05-04 05:21 PM
5
malwarebytes
malwarebytes

Dropbox Sign customer data accessed in breach

Dropbox is reporting a recent "security incident" in which an attacker gained unauthorized access to the Dropbox Sign (formerly HelloSign) production environment. During this access, the attacker had access to Dropbox Sign customer information. Dropbox Sign is a platform that allows customers to...

7.5AI Score

2024-05-02 08:44 PM
8
nvd
nvd

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated....

6.3CVSS

6.2AI Score

0.0004EPSS

2024-05-02 05:15 PM
1
cve
cve

CVE-2024-3942

The MasterStudy LMS WordPress Plugin – for Online Courses and Education plugin for WordPress is vulnerable to unauthorized access, modification, and loss of data due to a missing capability check on several functions in versions up to, and including, 3.3.8. This makes it possible for authenticated....

6.3CVSS

6.5AI Score

0.0004EPSS

2024-05-02 05:15 PM
26
cve
cve

CVE-2024-3553

The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the hide_notices function in all versions up to, and including, 2.6.2. This makes it possible for unauthenticated attackers to enable...

6.5CVSS

6.6AI Score

0.0005EPSS

2024-05-02 05:15 PM
23
nvd
nvd

CVE-2024-2542

The Jotform Online Forms – Drag & Drop Form Builder, Securely Embed Contact Forms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's shortcode(s) in all versions up to, and including, 1.3.1 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

5.7AI Score

0.0004EPSS

2024-05-02 05:15 PM
Total number of security vulnerabilities42530