EUVD-2023-41186

Malicious code in bioql PyPI...

EUVD-2024-0357

Malicious code in bioql PyPI...

Acrobat out-of-bounds and Foxit use-after-free PDF reader vulnerabilities found

Cisco Talos' Vulnerability Research team recently disclosed three out-of-bounds read vulnerabilities in Adobe Acrobat Reader, and two use-after-free vulnerabilities in Foxit Reader. These vulnerabilities exist in Adobe Acrobat Reader and Foxit Reader, two of the most popular and feature-rich PDF...

PT-2024-28393 · Aginode · Aginode Gigaswitch V5

Name of the Vulnerable Software and Affected Versions: Aginode GigaSwitch V5 versions prior to 7.06G Description: The issue allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities. This can be do...

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance CSA as zero-days to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain...

A Flaw in Windows Update Opens the Door to Zombie Exploits

A researcher found a vulnerability that would let hackers strategically downgrade a target’s Windows version to reexpose patched vulnerabilities. Microsoft is working on fixes for the issue...

OPENSUSE-SU-2024:10726-1 dovecot23-2.3.16-1.6 on GA media

These are all security issues fixed in the dovecot23-2.3.16-1.6 package on the GA media of openSUSE Tumbleweed...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90 WordPress...

APT28’s Tactical Exploitation of Critical Vulnerabilities

Summary: The APT28 adversary, originating from Russia, has garnered notoriety through sophisticated phishing activities. By exploiting patched vulnerabilities as an initial access point, APT28 conducts extensive campaigns targeting diverse sectors, including government, aerospace, education,...

Wordfence Intelligence Weekly WordPress Vulnerability Report (August 21, 2023 to August 27, 2023)

Last week, there were 43 vulnerabilities disclosed in 38 WordPress Plugins and no WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 23 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities ...

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 8, 2023 to May 14, 2023)

Last week, there were 139 vulnerabilities disclosed in 105 WordPress Plugins and 2 WordPress themes that have been added to the Wordfence Intelligence Vulnerability Database, and there were 47 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 27, 2023 to Apr 2, 2023)

Last week, there were 82 vulnerabilities disclosed in 70 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 34 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in...

Wordfence Intelligence Weekly WordPress Vulnerability Report (Mar 20, 2023 to Mar 26, 2023)

Last week, there were 80 vulnerabilities disclosed in 69 WordPress Plugins and 1 WordPress theme that have been added to the Wordfence Intelligence Vulnerability Database, and there were 31 Vulnerability Researchers that contributed to WordPress Security last week. Review those vulnerabilities in...

SUSE CVE-2008-3972

pkcs15-tool in OpenSC before 0.11.6 does not apply security updates to a smart card unless the card's label matches the "OpenSC" string, which might allow physically proximate attackers to exploit vulnerabilities that the card owner expected were patched, as demonstrated by exploitation of...

All Vulnerabilities for caption.me Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| caption.me ---|--- Open Bug Bounty...

All Vulnerabilities for join.com Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

All Vulnerabilities for olb.de Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Affected Website:| olb.de ---|--- Open Bug Bounty Program:...

Google to Pay Hackers $31,337 for Exploiting Patched Linux Kernel Flaws

Google on Monday announced that it will pay security researchers to find exploits using vulnerabilities, previously remediated or otherwise, over the next three months as part of a new bug bounty program to improve the security of the Linux kernel. To that end, the company is expected to issue...

All Vulnerabilities for curator.jsc.nasa.gov Patched via Open Bug Bounty

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Update now! Google Chrome fixes two in-the-wild zero-days

Google announced on Monday that it will be issuing patches for 11 high severity vulnerabilities found in Chrome, including two that are currently being exploited in the wild. The patch, which is part of the Stable Channel Update for Chrome 93 93.0.4577.82, will be released for Windows, Mac, and...