CVE-2024-43999

CVE-2024-43999 pertains to Ninja Forms (WordPress plugin) prior to or equal to 3.8.11 and is described as a Stored XSS vulnerability caused by improper input neutralization during web page generation. The CVE details indicate the issue affects Ninja Forms: from n/a through 3.8.11, with CVSSv3.1 b...

CVE-2024-43999 WordPress Ninja Forms plugin <= 3.8.11 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saturday Drive Ninja Forms allows Stored XSS.This issue affects Ninja Forms: from n/a through 3.8.11...

How to Investigate ChatGPT activity in Google Workspace

When you connect your organization's Google Drive account to ChatGPT, you grant ChatGPT extensive permissions for not only your personal files, but resources across your entire shared drive. As you might imagine, this introduces an array of cybersecurity challenges. This post outlines how to see...

CVE-2024-42642

Micron Crucial MX500 Series Solid State Drives M3CR046 is vulnerable to Buffer Overflow, which can be triggered by sending specially crafted ATA packets from the host to the drive controller. NOTE: The supplier states that this vulnerability was fully remediated in December 2024 and that updated...

CVE-2024-42642

CVE-2024-42642 affects Micron/Crucial MX500 Series SSDs (model M3CR046) with the SM2259 controller. The vulnerability is a buffer overflow triggered by specially crafted ATA packets to the drive controller, leading to potential memory corruption. Public documentation specifies three bug classes i...

PT-2024-30091

Name of the Vulnerable Software and Affected Versions Micron Crucial MX500 Series Solid State Drives version M3CR046 Description The issue is related to a Buffer Overflow that can be triggered by sending specially crafted ATA packets from the host to the drive controller. Recommendations For Micr...

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628 WordPress Ninja Forms plugin <= 3.8.6 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in Saturday Drive Ninja Forms allows Cross Site Request Forgery.This issue affects Ninja Forms: from n/a through 3.8.6...

CVE-2024-39628

CVE-2024-39628 describes a CSRF vulnerability in the Ninja Forms WordPress plugin affecting versions

Cybercriminals Exploit Popular Software Searches to Spread FakeBat Malware

Cybersecurity researchers have uncovered a surge in malware infections stemming from malvertising campaigns distributing a loader called FakeBat. "These attacks are opportunistic in nature, targeting users seeking popular business software," the Mandiant Managed Defense team said in a technical...

CVE-2024-41938

A vulnerability has been identified in SINEC NMS All versions V3.0. The importCertificate function of the SINEC NMS Control web application contains a path traversal vulnerability. This could allow an authenticated attacker it to delete arbitrary certificate files on the drive SINEC NMS is...

Diebold Nixdorf Vynamic Security Suite 安全漏洞

Diebold Nixdorf Vynamic Security Suite Diebold Nixdorf VSS is a security access suite from Diebold Nixdorf, USA. A security vulnerability exists in Diebold Nixdorf Vynamic Security Suite that originates from the inability to validate the directory contents of certain directories during the pre-bo...

Diebold Nixdorf Vynamic Security Suite 安全漏洞

Diebold Nixdorf Vynamic Security Suite Diebold Nixdorf VSS is a security access suite from Diebold Nixdorf, USA. A security vulnerability exists in Diebold Nixdorf Vynamic Security Suite, which originates from the inability to validate file attributes during the pre-boot authorization process, an...

Diebold Nixdorf Vynamic Security Suite 安全漏洞

Diebold Nixdorf Vynamic Security Suite Diebold Nixdorf VSS is a security access suite from Diebold Nixdorf, USA. A security vulnerability exists in Diebold Nixdorf Vynamic Security Suite that originates from the inability to validate symbolic links during the pre-boot authorization process, which...

Diebold Nixdorf Vynamic Security Suite 安全漏洞

Diebold Nixdorf Vynamic Security Suite Diebold Nixdorf VSS is a security access suite from Diebold Nixdorf, USA. A security vulnerability exists in Diebold Nixdorf Vynamic Security Suite that originates from the inability to validate /etc/mtab during pre-boot authorization, which can be exploited...

CVE-2024-31201

A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIPScrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine...

PT-2024-23845 · Unknown · Thermoscanip Scrutation

Name of the Vulnerable Software and Affected Versions: ThermoscanIP Scrutation affected versions not specified Description: A misconfiguration known as "CWE-428: Unquoted Search Path or Element" affects the ThermoscanIP Scrutation service. This issue could be exploited in scenarios where incorrec...

Gh0st RAT Trojan Targets Chinese Windows Users via Fake Chrome Site

The remote access trojan known as Gh0st RAT has been observed being delivered by an "evasive dropper" called Gh0stGambit as part of a drive-by download scheme targeting Chinese-speaking Windows users. These infections stem from a fake website "chrome-web.com" serving malicious installer packages...

CVE-2024-37391

ProtonVPN before 3.2.10 on Windows mishandles the drive installer path, which should use this: '"' + ExpandConstant'autopf\Proton\Drive' + '"' in Setup/setup.iss...