Aggregator

CVE-2024-6332 | Booking for Appointments and Events Calendar Plugin authorization

10 months 1 week ago

A vulnerability has been found in Booking for Appointments and Events Calendar Plugin up to 1.2.3/7.7 on WordPress and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to missing authorization. This vulnerability is known as CVE-2024-6332. The attack can be launched remotely. There is no exploit available.

vuldb.com

CVE-2024-5309 | Form Vibes Plugin up to 1.4.12 on WordPress authorization

Vuldb Updates

10 months 1 week ago

A vulnerability was found in Form Vibes Plugin up to 1.4.12 on WordPress and classified as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-5309. The attack can only be done within the local network. There is no exploit available.

vuldb.com

CVE-2024-8363 | Share This Image Plugin up to 2.02 on WordPress Shortcode cross site scripting

Vuldb Updates

10 months 1 week ago

A vulnerability classified as problematic has been found in Share This Image Plugin up to 2.02 on WordPress. Affected is an unknown function of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-8363. It is possible to launch the attack remotely. There is no exploit available.

vuldb.com

CVE-2024-43102 | FreeBSD UMTX_SHM_DESTROY Sub-Request use after free

Vuldb Updates

10 months 1 week ago

A vulnerability has been found in FreeBSD and classified as critical. This vulnerability affects unknown code of the component UMTX_SHM_DESTROY Sub-Request Handler. The manipulation leads to use after free. This vulnerability was named CVE-2024-43102. The attack can only be initiated within the local network. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-32668 | FreeBSD USB off-by-one

Vuldb Updates

10 months 1 week ago

A vulnerability was found in FreeBSD and classified as critical. This issue affects some unknown processing of the component USB. The manipulation leads to off-by-one. The identification of this vulnerability is CVE-2024-32668. It is possible to launch the attack on the local host. There is no exploit available. It is recommended to apply a patch to fix this issue.

vuldb.com

CVE-2024-6846 | Chatbot with ChatGPT Plugin up to 2.4.4 on WordPress REST Route access control

Vuldb Updates

10 months 1 week ago

A vulnerability was found in Chatbot with ChatGPT Plugin up to 2.4.4 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component REST Route Handler. The manipulation leads to improper access controls. This vulnerability is known as CVE-2024-6846. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

vuldb.com

Bitcoin ATM scams skyrocket – Week in security with Tony Anscombe

WeLiveSecurity

10 months 1 week ago

The schemes disproportionately victimize senior citizens, as those aged 60 or over were more than three times as likely as younger adults to fall prey to the scams

CISA больше не борется с ложью в соцсетях – что это значит

Securitylab.ru

10 months 1 week ago

Изменит ли ситуацию на выборах новая политика агентства?

CVE-2014-5911 | jellytap Free App Icons / Icon Packs 1.4 X.509 Certificate cryptographic issues (VU#582497)

Vuldb Updates

10 months 1 week ago

A vulnerability classified as critical was found in jellytap Free App Icons and Icon Packs 1.4. This vulnerability affects unknown code of the component X.509 Certificate Handler. The manipulation leads to cryptographic issues. This vulnerability was named CVE-2014-5911. Access to the local network is required for this attack. There is no exploit available.

vuldb.com

US and Allies Accuse Russian Military of Destructive Cyber-Attacks

Information Security Magazine

10 months 1 week ago

The joint government advisory highlighted the cyber activities of Unit 29155, which has launched destructive cyber-attacks against critical infrastructure globally

Пациент с чипом Neuralink в голове осваивает языки и готовится управлять армией роботов

Securitylab.ru

10 months 1 week ago

Как дела у Ноланда Арбо, который больше полугода живет с мозговым имплантом?

连续三年荣登榜单！默安科技稳居2024年中国网安产业竞争力50强

默安科技

10 months 1 week ago

默安科技稳居中国网安产业竞争力50强！

CACTER直播预告：畅联海外，高效通邮——解锁海外通邮新路径

不安全

10 months 1 week ago

CACTER直播预告：畅联海外，高效通邮——解锁海外通邮新路径在全球化的今天，企业通信的无障碍至关重要。然而，随着企

Hunters

Dark Feed IO

10 months 1 week ago

cohenido

【火绒安全周报】美国人脸识别公司面临巨额罚款/VK遭大规模数据泄露

火绒安全实验室

10 months 1 week ago

CVE-2014-9142 | Technicolor TD5130 Router 2.05.C29GV failrefer cross site scripting (ID 129374 / EDB-35462)

Vuldb Updates

10 months 1 week ago

A vulnerability classified as problematic was found in Technicolor TD5130 Router 2.05.C29GV. Affected by this vulnerability is an unknown functionality. The manipulation of the argument failrefer leads to cross site scripting. This vulnerability is known as CVE-2014-9142. The attack can be launched remotely. Furthermore, there is an exploit available.

vuldb.com

Librarian Ghouls ведет промышленный шпионаж: новые цели – файлы САПР

Securitylab.ru

10 months 1 week ago

Злоумышленники теперь нацелились на критически важные проектные данные и чертежи.

VPN за копейки: США планируют сделать интернет свободным для всех

Securitylab.ru

10 months 1 week ago

С ростом интернет-цензуры растёт и необходимость в мощных VPN, которые могут выдержать десятки миллионов пользователей.

全国顶尖战队同台博弈，第二届“天网杯”网络安全大赛圆满收官

嘶吼

10 months 1 week ago

9月4日，第二届“天网杯”网络安全大赛线下决赛圆满落幕。在决赛的对决中，来自全国的网络安全精英战队都充分展现出了自身强硬的安全实力。历经连续两天的比拼博弈，最终共有3支战队荣膺大赛一等奖，6支战队勇夺大赛二等奖，10支战队获得大赛三等奖。

本次大赛由天津市人民政府主办，国家计算机病毒应急处理中心、公安部第一研究所、天津市公安局、天津市委网信办、天津市工业和信息化局、天津市数据局、天津市滨海新区人民政府共同承办，360数字安全集团、先进计算与关键软件（信创）海河实验室、中汽数据有限公司、大数据协同安全技术国家工程研究中心、ISC平台、南京赛宁信息技术有限公司共同支持。

第二届“天网杯”网络安全大赛致力于选拔重要人才，集聚产业生态，推动数字化转型的高质量发展，共设置安全漏洞挖掘挑战赛、人工智能大模型安全挑战赛和智能网联汽车安全挑战赛三大赛道。

其中，安全漏洞挖掘挑战赛聚焦在操作系统、中间件、数据库、网络安全产品和外设产品五大类28款主流产品的安全风险以及漏洞挖掘上；人工智能大模型安全挑战赛则聚焦大模型工具的深伪识别，为识别欺诈、虚假信息活动以及有害深度伪造内容提供参考借鉴；智能网联汽车安全挑战赛则围绕硬件安全、操作系统安全、外部连接安全、通信安全、应用及业务安全等方面，对不同类型智能网联汽车安全能力进行检验。

在社会各界的高度关注与通力支持下，大赛一经开启，成功召集到230余支战队的千余名选手踊跃参赛；历经层层选拔，共有近百支战队的380名选手通过审核，获得线上初赛参赛资格。经专家裁判组对线上赛比赛成绩的评审，最终36支战队成功进入线下决赛。

决赛之中，各个战队的表现堪称实力非凡，充分展现了良好的竞技状态和高超的技术水平。

当前，数字化浪潮奔涌，以大模型技术为代表的AI技术和应用在蓬勃发展的同时，也带来了多重安全挑战，看见安全风险、筑牢安全屏障，成为保障数字经济发展的基座。未来，“天网杯”网络安全大赛将集聚政产学研各方力量，进一步总结提升大赛经验，做好成果转化和人才培养，推动天津市成为网络空间安全的重要人才中心和创新产业高地，保障经济连续运转稳定，为新质生产力的高质量发展保驾护航。

企业资讯

【安全圈】被警方逮捕后，Telegram创始人首次公开发声：更安全，更强大

安全圈

10 months 1 week ago

Aggregator

Managed ad