EUVD-2024-34947

Malicious code in bioql PyPI...

Man Gets Suspended Sentence for Hate-Fueled UK Train Stations WiFi Hack

British citizen John Wik sentenced for Islamophobic WiFi hack at UK train stations in Sept 2024. Learn about…...

CVE-2024-34646

Improper access control in DualDarManagerProxy prior to SMR Sep-2024 Release 1 allows local attackers to cause local permanent denial of service...

Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for September and October 2024.

Summary Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation 21.0.3-IF037 and 24.0.0-IF003. Vulnerability Details CVEID:CVE-2024-39249 DESCRIPTION: Async is vulnerable to a denial of service, caused by the ReDoS Regular Expression Denial of Service while...

CVE-2024-8972

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Mobil365 Informatics Saha365 App allows SQL Injection. This issue affects Saha365 App: before 30.09.2024...

Couchbase < 7.2.6 / 7.6.x < 7.6.2 HTTP Host Header Injection

The version of Couchbase installed on the remote host is before 7.2.6, and 7.6.x before 7.6.2. It is, therefore, affected by a HTTP Host header injection. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL...

PT-2024-33520 · Samsung · Galaxy S24

Name of the Vulnerable Software and Affected Versions: Galaxy S24 versions prior to Firmware update Sep-2024 Release Description: The issue is related to an out-of-bounds write in the Battery Full Capacity node, allowing local attackers to write out-of-bounds memory. System privilege is required...

Security Bulletin: security vulnerabilities are addressed with IBM Business Automation Insights iFix for September 2024.

Summary Security vulnerabilities are addressed with IBM Business Automation Insights 24.0.0-IF001 Vulnerability Details CVEID:CVE-2024-43799 DESCRIPTION: pillarjs send is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this...

CVE-2024-9358 ThingsBoard HTTP RPC API resource consumption

A vulnerability has been found in ThingsBoard up to 3.7.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component HTTP RPC API. The manipulation leads to resource consumption. The attack can be launched remotely. The complexity of an attack is...

WordPress Starbox Plugin < 3.5.3 is vulnerable to Cross Site Scripting (XSS)

Software Starbox Type Plugin Vulnerable versions 3.5.3 Fixed in 3.5.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-8239 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 03e73e132e18 Credits Dmitrii Ignatyev Required privileg...

WordPress WP MyLinks Plugin <= 1.0.6 is vulnerable to Cross Site Scripting (XSS)

Software WP MyLinks Type Plugin Vulnerable versions = 1.0.6 Fixed in 1.0.7 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47371 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID a980ce4c70f6 Credits SOPROBRO Required privilege Editor Publishe...

WordPress Premium Blocks – Gutenberg Blocks for WordPress Plugin <= 2.1.33 is vulnerable to Cross Site Scripting (XSS)

Software Premium Blocks – Gutenberg Blocks for WordPress Type Plugin Vulnerable versions = 2.1.33 Fixed in 2.1.34 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47368 Patch priority Low CVSS severity Low 6.5 Developer LeapWorx PSID f6e2745653a5 Credits João Pedro ...

WordPress Elementor Addon Elements Plugin <= 1.13.6 is vulnerable to Broken Access Control

Software Elementor Addon Elements Type Plugin Vulnerable versions = 1.13.6 Fixed in 1.13.7 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-47361 Patch priority Low CVSS severity Low 6.5 Developer WPVibes PSID 2e7a1c5b31a1 Credits Rafie Muhammad Patchstack...

WordPress JobSearch Plugin <= 2.5.9 is vulnerable to PHP Object Injection

Software JobSearch Type Plugin Vulnerable versions = 2.5.9 Fixed in 2.6.1 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-47636 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 5e0aa88de68e Credits Bonds Required privilege Unauthenticated...

WordPress BuddyForms Plugin <= 2.8.12 is vulnerable to Cross Site Scripting (XSS)

Software BuddyForms Type Plugin Vulnerable versions = 2.8.12 Fixed in 2.8.13 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47377 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 9418faef5fbf Credits SOPROBRO Required privilege Editor...

Chromecast Security Bulletin—September 2024Stay organized with collectionsSave and categorize content based on your preferences.

The Chromecast Security Bulletin contains details of security vulnerabilities affecting supported Chromecast with Google TV devices Chromecast devices. For Chromecast devices, security patch levels of 2024-07-01 or later address all applicable issues in the July 2024 Android Security Bulletin and...

G2 Names INE 2024 Enterprise and Small Business Leader

Cary, North Carolina, 27th September 2024, CyberNewsWire...

WordPress Newsletters Plugin <= 4.9.9.1 is vulnerable to Cross Site Scripting (XSS)

Software Newsletters Type Plugin Vulnerable versions = 4.9.9.1 Fixed in 4.9.9.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-47346 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0a4418b91ec6 Credits Le Ngoc Anh Required privilege...

CVE-2024-9249

creationtimestamp| type| source ---|---|--- 2024-09-26 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1301/...

CVE-2024-9255

creationtimestamp| type| source ---|---|--- 2024-09-26 05:00:00+00:00| seen| http://www.zerodayinitiative.com/advisories/ZDI-24-1308/...