CVE-2024-7572

Insufficient permissions in Ivanti DSM before version 2024.3.5740 allows a local authenticated attacker to delete arbitrary files...

CVE-2024-50626

An issue was discovered in Digi ConnectPort LTS before 1.4.12. A Directory Traversal vulnerability exists in WebFS. This allows an attacker on the local area network to manipulate URLs to include traversal sequences, potentially leading to unauthorized access to data...

CVE-2024-12110

CVE-2024-12110 affects WordPress plugin Gold Addons for Elementor. All versions up to 1.3.2 are vulnerable due to missing capability checks in activate() and deactivate(), enabling authenticated users with Subscriber+ rights to modify licenses. Public sources in connected documents confirm the is...

AI chatbot provider exposes 346,000 customer files, including ID documents, resumes, and medical records

Researchers have discovered a huge Google Cloud Storage bucket, found freely accessible on the internet and containing a treasure trove of personal information. AI startup WotNot provides companies with the ability to create their own customized chatbot. The company reportedly has 3,000 customers...

Propertyrec Leak Exposes Over Half a Million Background Check Records

Summary A critical data security lapse has left a massive trove of personal information vulnerable, raising concerns about…...

PT-2024-9481 · Advantech · Advantech Eki-6333Ac-2G +1

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements us...

CVE-2024-1867

G DATA Total Security Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of G DATA Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in orde...

Unlocking Google Workspace Security: Are You Doing Enough to Protect Your Data?

Google Workspace has quickly become the productivity backbone for businesses worldwide, offering an all-in-one suite with email, cloud storage and collaboration tools. This single-platform approach makes it easy for teams to connect and work efficiently, no matter where they are, enabling seamles...

G DATA Software Total Security 后置链接漏洞

G Data G DATA Software Total Security is a suite of antivirus software from the German company G Data. The software is anti-phishing, anti-virus and anti-spam. G DATA Software Total Security suffers from a backlink vulnerability that originates from allowing a local attacker to delete files by...

CVE-2024-10316 Stratum – Elementor Widgets <= 1.4.4 - Authenticated (Contributor+) Sensitive Information Exposure via Elementor Templates

The Stratum – Elementor Widgets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.4 in includes/templates/content-switcher.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract...

Apple iOS < 18.1.1 Multiple Vulnerabilities (121752)

Binary data appleios1811check.nbin...

115cms 代码注入漏洞

115cms is a multi-module intelligent website builder from Guizhou Forxin Technology 115cms Company in China. A code injection vulnerability exists in 115cms version 20240807 and earlier versions, which stems from an incorrect operation of the parameter ks that can lead to cross-site scripting...

Siemens SCALANCE M-800 Missing Encryption of Sensitive Data (CVE-2023-28450)

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C...

CVE-2023-0657 Keycloak: impersonation via logout token exchange

A flaw was found in Keycloak. This issue occurs due to improperly enforcing token types when validating signatures locally. This could allow an authenticated attacker to exchange a logout token for an access token and possibly gain access to data outside of enforced permissions...

Best Practices for Cloud Compliance

Introduction In today’s data-driven landscape, businesses are embracing cloud computing technology for its efficiency and scalability. A Cloud Security Alliance CSA report revealed that 98% of organizations worldwide use cloud services. Yet, more than 1/3rd of those organizations may not be using...

Business Logic Attacks Target Election-Related Sites on Election Day

As U.S. citizens headed to the polls, cyber threat activity against election-related websites was unusually high. One of the most prominent attack types observed this Election Day was business logic attacks —a complex threat that manipulates the intended workflow of applications, often without...

CVE-2024-1682

CVE-2024-1682 concerns an unclaimed Amazon S3 bucket named 'codeconf' referenced in an audio-file link in .rst docs. Connected sources confirm this bucket has been claimed and discuss potential data integrity, leakage, availability, trust, and pivot risks if used to host or relay malicious conten...

CVE-2024-10921

CVE-2024-10921 affects MongoDB Server: v5.0 prior to 5.0.30; v6.0 prior to 6.0.19; v7.0 prior to 7.0.15; and v8.0 prior to and including 8.0.2. The vulnerability arises from improper handling of BSON, allowing an authorized network user to trigger crashes or read buffer contents via specially cra...

CVE-2024-36294

Insecure inherited permissions for some IntelR DSA software before version 24.3.26.8 may allow an authenticated user to potentially enable escalation of privilege via local access...

Air fryers are the latest surveillance threat you didn&#8217;t consider

Consumer group Which? has warned shoppers to be selective when it comes to buying smart air fryers from Xiaomi, Cosori, and Aigostar. We've learned to expect that “smart” appliances come with privacy risks—toothbrushes aside—but I really hadn’t given my air fryer any thought. Now things are about...