Aggregator

CVE-2024-9941 | dasinfomedia WPGYM Plugin up to 67.1.0 on WordPress MJ_gmgt_add_staff_member privileges management

VulDB Recent Entries
7 months ago
A vulnerability classified as critical was found in dasinfomedia WPGYM Plugin up to 67.1.0 on WordPress. This vulnerability affects the function MJ_gmgt_add_staff_member. The manipulation leads to improper privilege management. This vulnerability was named CVE-2024-9941. The attack can be initiated remotely. There is no exploit available.
vuldb.com

CVE-2024-9660 | dasinfomedia School Management System Plugin up to 91.5.0 on WordPress mj_smgt_load_documets_new/mj_smgt_load_documets unrestricted upload

VulDB Recent Entries
7 months ago
A vulnerability classified as critical has been found in dasinfomedia School Management System Plugin up to 91.5.0 on WordPress. This affects the function mj_smgt_load_documets_new/mj_smgt_load_documets. The manipulation leads to unrestricted upload. This vulnerability is uniquely identified as CVE-2024-9660. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2024-10803 | FWDesign MP3 Sticky Player Plugin up to 8.0 on WordPress content/downloader.php path traversal

VulDB Recent Entries
7 months ago
A vulnerability was found in FWDesign MP3 Sticky Player Plugin up to 8.0 on WordPress. It has been rated as critical. Affected by this issue is some unknown functionality of the file content/downloader.php. The manipulation leads to path traversal. This vulnerability is handled as CVE-2024-10803. The attack may be launched remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com

CVE-2024-9511 | techjewel FluentSMTP Plugin up to 2.2.82 on WordPress deserialization (ID 3194359)

VulDB Recent Entries
7 months ago
A vulnerability was found in techjewel FluentSMTP Plugin up to 2.2.82 on WordPress. It has been declared as critical. Affected by this vulnerability is an unknown functionality. The manipulation leads to deserialization. This vulnerability is known as CVE-2024-9511. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

Microsoft seized 240 sites used by the ONNX phishing service

Security Affairs
7 months ago
Microsoft disrupted the ONNX phishing service, seizing 240 sites and naming an Egyptian man as the operator behind the operation. Microsoft announced the disruption of the ONNX phishing service, another success against cybercrime which led to the seizure of 240 sites. The IT giant also identified and publicly disclosed the identity of an Egyptian man, […]
Pierluigi Paganini

North Korean IT Workers Using Fake Sites to Evade Detection

Ransomware DataBreachToday.com
7 months ago
Research Finds Deep Ties to North Korea Among Fake IT Service Firms' Websites
North Korean state actors are using fake websites of foreign technology service firms to sidestep sanctions and raise funding for Kim Jong-Un regime's weapons development programs. SentinelLabs found many of these sites shared similar infrastructure, owners and locations.

ISMG Editors: China-Linked Espionage Targets US Telecoms

Ransomware DataBreachToday.com
7 months ago
Also: Highlights from ISMG's Financial Services Summit and Key Insights on AI Adoption
On the 200th episode of the ISMG Editors' Panel, the team discussed the major China-linked cyberespionage campaign targeting U.S. telecommunications, highlighted key insights from ISMG's Financial Services Summit in New York and unpacked the top findings from ISMG's annual Generative AI Survey.

Haveli Purchases AppViewX to Strengthen Identity Automation

Ransomware DataBreachToday.com
7 months ago
PE Firm Takes Majority Stake to Drive Certificate Lifecycle Management Innovation
Private equity firm Haveli has purchased a majority stake in AppViewX to scale globally, targeting automation in certificate lifecycle management and public key infrastructure. CEO Gregory Webb says the acquisition will fund international expansion and next-gen technology investments.

Managed ad