WordPress WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin <= 3.2.0 - Unauthenticated Stored Cross-Site Scripting via Client-IP header vulnerability

Unauthenticated Stored Cross-Site Scripting via Client-IP header vulnerability discovered by Krzysztof Zając in WordPress Plugin WP Cookie Notice for GDPR, CCPA & ePrivacy Consent versions = 3.2.0...

How to Cut Costs with a Browser Security Platform

Browser security is becoming increasingly popular, as organizations understand the need to protect at the point of risk - the browser. Network and endpoint solutions are limited in their ability to protect from web-borne threats like phishing websites or malicious browser extensions. They also do...

CVE-2024-22168 Cross-Site Scripting (XSS) vulnerability on Western Digital My Cloud and SanDisk ibi Web Apps

A Cross-Site Scripting XSS vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to carry...

The vulnerability of Windows operating system-based Cryptographic Services allows attackers to disclose protected information.

The vulnerability of Windows operating system-based Cryptographic Services is related to insufficient protection of service data. Exploiting this vulnerability can allow attackers to disclose protected information...

The vulnerability of the Adobe FrameMaker Publishing Server (FMPS) in automating document publishing and content management processes stems from insufficient protection of administrative data. This vulnerability allows attackers to escalate their privileges.

The vulnerability of the Adobe FrameMaker Publishing Server FMPS in automating document publishing and content management is related to insufficient protection of administrative data. Exploiting this vulnerability can allow unauthorized actors to enhance their privileges remotely...

TikTok facing fresh lawsuit in US over children&#8217;s privacy

The Federal Trade Commission FTC has announced its referred a complaint against TikTok and parent company ByteDance to the Department of Justice. The investigation originally focused on Musical.ly which was acquired by ByteDance on November 10, 2017, and merged it into TikTok. The FTC started a...

CVE-2024-38329

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

CVE-2024-38329 IBM Storage Protect for Virtual Environments: Data Protection for VMware security bypass

IBM Storage Protect for Virtual Environments: Data Protection for VMware 8.1.0.0 through 8.1.22.0 could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of user permission. By sending a specially crafted request, an attacker could exploit this...

CVE-2024-38329

CVE-2024-38329 affects IBM Storage Protect for Virtual Environments: Data Protection for VMware, versions 8.1.0.0–8.1.22.0. The root cause is improper validation of user permissions, allowing a remote authenticated attacker to bypass restrictions and change settings, trigger or restore backups, a...

PT-2024-27945 · Ibm · Ibm Storage Protect For Virtual Environments

Name of the Vulnerable Software and Affected Versions: IBM Storage Protect for Virtual Environments: Data Protection for VMware versions 8.1.0.0 through 8.1.22.0 Description: The issue is caused by improper validation of user permission, allowing a remote authenticated attacker to bypass security...

The vulnerability of the Microsoft Visual Studio software development tool lies in the violation of data protection mechanisms, allowing attackers to execute arbitrary code.

The vulnerability of the Microsoft Visual Studio software development tool is related to a breach of data protection mechanisms. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created file...

Meta Pauses AI Training on EU User Data Amid Privacy Concerns

Meta on Friday said it's delaying its efforts to train the company's large language models LLMs using public content shared by adult users on Facebook and Instagram in the European Union following a request from the Irish Data Protection Commission DPC. The company expressed disappointment at...

Google's Privacy Sandbox Accused of User Tracking by Austrian Non-Profit

Google's plans to deprecate third-party tracking cookies in its Chrome web browser with Privacy Sandbox has run into fresh trouble after Austrian privacy non-profit noyb none of your business said the feature can still be used to track users. "While the so-called 'Privacy Sandbox' is advertised a...

The vulnerability of the foreman-installer component of the Red Hat Satellite system management software allows a hacker to obtain the password from the process list.

The vulnerability of the foreman-installer component of the Red Hat Satellite system management software is related to insufficient protection for operational data. Exploiting this vulnerability could allow an attacker to obtain the password from the process list...

When things go wrong: A digital sharing warning for couples

“When things go wrong” is a troubling prospect for most couples to face, but the internet—and the way that romantic partners engage both with and across it—could require that this worst-case scenario become more of a best practice. In new research that Malwarebytes will release this month, romant...

Moderate: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.2 security and bug fix update

OpenShift API for Data Protection OADP 1.3.2 is now available. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

PT-2024-4126

Name of the Vulnerable Software and Affected Versions Microsoft Visual Studio affected versions not specified Description The issue is related to a violation of the data protection mechanism in Microsoft Visual Studio, allowing an attacker to execute arbitrary code using a specially crafted file...

PT-2024-4226 · Adobe · Framemaker Publishing Server

Name of the Vulnerable Software and Affected Versions: Adobe FrameMaker Publishing Server versions 2020.3, 2022.2 and earlier Description: The issue is related to insufficient protection of internal data, which could allow a remote attacker to elevate their privileges. An attacker could exploit...

The vulnerability of GE HealthCare’s ultrasonic diagnostic system’s Kiosk Mode allows intruders to bypass security restrictions, gain unauthorized access to protected information, and enhance their privileges.

The vulnerability of GE HealthCare’s ultrasonic diagnostic system’s Kiosk Mode feature is related to a breach in data protection mechanisms. Exploiting this vulnerability can allow attackers to circumvent security restrictions, gain unauthorized access to protected information, and enhance their...

WordPress GDPR CCPA Compliance & Cookie Consent Banner plugin <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting vulnerability

Missing Authorization to Settings Update and Stored Cross-Site Scripting vulnerability discovered by Lucio Sá in WordPress Plugin GDPR CCPA Compliance Support versions = 2.7.0...