EUVD-2023-56144

Malicious code in bioql PyPI...

CVE-2024-11271

The CVE-2024-11271 entry concerns the WordPress Webinar Plugin – WebinarPress (WP Webinar System) vulnerable to data modification due to a missing capability check in multiple functions. Affected versions include all up to 1.33.24. The vulnerability allows authenticated users with subscriber-leve...

PT-2025-1633 · WordPress · Webinarpress

Name of the Vulnerable Software and Affected Versions: WordPress Webinar Plugin – WebinarPress plugin for WordPress versions up to, and including, 1.33.24 Description: The WordPress WebinarPress plugin is vulnerable due to a missing capability check on several functions. This makes it possible fo...

CVE-2024-3275

The eRoom – Zoom Meetings & Webinars plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.18 via the searchposts function. This makes it possible for authenticated attackers, with subscriber access and higher, to obtain post excerpts...

Sql injection

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instan...

CVE-2023-51422

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings |...

CVE-2023-51422

CVE-2023-51422 is a Deserialization of Untrusted Data issue affecting the WebinarIgnition WordPress plugin. Public details in connected sources indicate: affected software are Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition, with versions...

CVE-2023-51422 WordPress WebinarIgnition Plugin <= 3.05.0 is vulnerable to PHP Object Injection

Deserialization of Untrusted Data vulnerability in Saleswonder Team Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings | WebinarIgnition.This issue affects Webinar Plugin: Create live/evergreen/automated/instant webinars, stream & Zoom Meetings |...

Webinar recap: Ransomware gangs and Living Off The Land attacks (LOTL)

Discover the intersection of Ransomware-as-a-Service RaaS gangs and Living Off The Land LOTL attacks in our latest webinar, now available on-demand, led by cybersecurity experts Ian Thomas, Mark Stockley, and Bill Cozens. The webinar revealed how RaaS gangs use LOTL tactics, leveraging legitimate...

Be Empathetic and Hug Your CISO More!

In the rapidly evolving landscape of cloud computing, the adoption of multi-cloud environments has become a prevailing trend. Organizations increasingly turn to multiple cloud providers to harness diverse features, prevent vendor lock-in, and optimize costs. The multi-cloud approach offers...

Changes in OWASP API Security Top-10 2023RC | API Security Newsletter

Welcome to our March API newsletter, recapping some of the events of last month. And what a month it was. Among other buzzworthy news, OWASP published the initial Release Candidate for the 2023 API Security Top-10 list – we analyzed the ins & outs and presented them over the course of a couple of...

CVE-2021-44228: Apache Log4j2 Zero-Day Exploited in the Wild (Log4Shell)

Update Take advantage of our free service to quickly detect vulnerabilities in your external attack surface. Visit qualys.com/was-log4shell-help to get started. Update – December 22, 2021 7:53 PM ET A bug in external scanners could result in false negatives when unauthenticated Log4Shell scans we...

webinars-mx.com Improper Access Control vulnerability OBB-2268531

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

How to Get into the Bug-Bounty Biz: The Good, Bad and Ugly

Zero-day disclosures, those known bugs without a fix, can have potentially catastrophic results. One of the best ways to combat them is by discovering them before the bad guys do. Some of the biggest tech brands on the planet have been pummeled by a rash of high-profile zero-day exploits. In the...

Stay ahead of multi-cloud attacks with Azure Security Center

The COVID-19 crisis has challenged just about every business on the planet to quickly adapt and transform. With massive workforces now remote, IT administrators and security professionals are under increased pressure to keep these workers connected and productive while combating evolving threats,...

SAS, sweet SAS

As you may already know from our social network posts, we have rescheduled the SAS 2020 conference for November 18-21 due to the COVID-19 pandemic and to ensure your safety. Though we still think that Barcelona is a great place to meet and it will not be a "real" SAS if we cannot hug, shake hands...

This Week in Security News: Exploring Common Threats to Cloud Security and Zoom Removes Meeting IDs from App Title Bar to Improve Privacy

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about why Zoom has released an update for its Linux, Mac, and Windows apps that removes the meeting ID from the app's title bar. Also,...

Zoom Client for Meetings < 4.6.19253.0401 Multiple Vulnerabilities

The version of Zoom Client for Meetings installed on the remote Windows host is prior to 4.6.19253.0401. It is, therefore, affected by the following vulnerabilities: - A malicious party can use UNC links to leak a user's hashed password. - Users can access chat in a webinar when chat is disabled...

Continuing Education On Cyber Threats And Defenses

Anyone who has been in cybersecurity for any length of time knows, the threat landscape is constantly changing and requires regularly monitoring of news, blogs, podcasts, and other ways to ensure you know what is happening today. I have tried to bring this information to the public since starting...

Quarterly SPM Support Bulletin 2015 Q4

Question Quarterly SPM Support Bulletin 2015 Q4 Answer SPM Support Bulletin ICM 9.0.2 Released ICM 9.0.2 has been released. You can find the release documentation here. Highlights include; setting scheduler properties per process allowing more flexible on error handling, new charts in Presenter...