Aggregator

A vulnerability classified as problematic has been found in GiveWP Plugin up to 3.12.0 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-35679. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in wpecommerce Recurring PayPal Donations Plugin up to 1.7 on WordPress. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-35676. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in Plechev Andrey WP-Recall Plugin up to 16.26.6 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability was named CVE-2024-35657. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in 10up ElasticPress Plugin up to 5.1.0 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2024-35684. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in ILLID Advanced Woo Labels Plugin up to 1.93 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-35675. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in lunary-ai lunary up to 1.2.13. Affected by this issue is some unknown functionality. The manipulation leads to insufficient granularity of access control. This vulnerability is handled as CVE-2024-5389. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in parisneo lollms-webui up to 9.6. This affects the function clear_personality_files_list of the component Requests Handler. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-4328. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Comtrend WLD71-T1 GRG-4280us. Affected is an unknown function of the component Web Application Handler. The manipulation leads to cross-site request forgery. This vulnerability is traded as CVE-2024-5786. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Livebox Collaboration vDesk up to 018. It has been rated as problematic. This issue affects some unknown processing of the file /api/v1/getbodyfile. The manipulation of the argument uri leads to cross site scripting. The identification of this vulnerability is CVE-2022-45176. The attack may be initiated remotely. There is no exploit available.

Хакеры опубликовали диаграммы и CSV-файлы с личной информацией поступавших.

Security Onion, a widely used open-source platform for network security monitoring, has recently released Security Onion 2.4.140. This latest update focuses on enhancing key components such as Suricata and Zeek, offering improved security and functionality to its users. Below is a breakdown of what’s new and how this release impacts security teams worldwide. Key Component […]

The post Security Onion 24.10 Released: Everything You Need to Know appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Фальшивая критика Маска разлетелась по соцсетям.

A vulnerability was found in Custom Field Template Plugin up to 2.6.1 on WordPress. It has been classified as problematic. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2024-0653. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Custom Field Template Plugin up to 2.6.1 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Custom Field Name Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-0627. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic was found in Custom Field Template Plugin up to 2.6.1 on WordPress. This vulnerability affects unknown code of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability was named CVE-2023-6745. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in SiteOrigin Widgets Bundle Plugin up to 1.61.1 on WordPress. This affects an unknown part of the component Blog Widget. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-5090. It is possible to initiate the attack remotely. There is no exploit available.

The Ukrainian State Railways, known as Ukrzaliznytsia, has experienced a massive disruption to its online services. The railway company issued a statement acknowledging an IT failure, which has temporarily suspended all online operations, impacting ticket sales and other digital services. According to Ukrzaliznytsia’s communication, the shutdown of online services is due to a technical issue, […]

The post Massive Cyberattack Disrupts Ukrainian State Railway’s Online Services appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Rilide, a sophisticated malware, has been masquerading as a legitimate browser extension to steal sensitive information from users of Chromium-based browsers like Google Chrome and Microsoft Edge. First identified in April 2023, this malware is designed to capture screenshots, log passwords, and collect credentials for cryptocurrency wallets. It often disguises itself as a Google Drive […]

The post Rilide Malware Poses as Browser Extension to Steal Login Credentials from Chrome and Edge Users appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Wiz Security finds four critical RCE vulnerabilities in the Ingress NGINX Controller for Kubernetes

Researchers has discovered a sophisticated malware operation that poses as a fake coding challenge and targets Polish-speaking professionals. This campaign, known as “FizzBuzz to FogDoor,” exploits job seekers by disguising malware as legitimate recruitment tests on GitHub. The attackers use a GitHub repository named “FizzBuzz” to host an ISO file titled “Zadanie rekrutacyjne.iso,” which translates […]

The post Beware Developers – Fake Coding Challenges Will Deploy FogDoor on Your System appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.