Aggregator

AWS S3 bucket names are global with predictable names that can be exploited in "S3 bucket namesquatting" attacks to access or hijack S3 buckets. In this article, Varonis explains how these attacks work and how you can prevent them. [...]

The North Korea-linked Lazarus Group has been linked to an active campaign that leverages fake LinkedIn job offers in the cryptocurrency and travel sectors to deliver malware capable of infecting Windows, macOS, and Linux operating systems. According to cybersecurity company Bitdefender, the scam begins with a message sent on a professional social media network, enticing them with the promise of

433 теста подтвердили: технология работает.

Почему «красные процессоры» всегда выдают «4» при генерации случайных чисел?

A vulnerability, which was classified as critical, has been found in Customer Reviews for WooCommerce Plugin up to 5.38.12 on WordPress. This issue affects the function submit_review. The manipulation leads to improper authorization. The identification of this vulnerability is CVE-2024-1044. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Customer Reviews for WooCommerce Plugin up to 5.46.0 on WordPress. Affected is an unknown function of the component Email Sending Handler. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2024-3243. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability classified as problematic has been found in ivole Customer Reviews for WooCommerce Plugin up to 5.46.0 on WordPress. This affects the function woocommerce_json_search_coupons. The manipulation leads to missing authorization. This vulnerability is uniquely identified as CVE-2024-3869. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in Customer Reviews for WooCommerce Plugin up to 5.47.0 on WordPress. Affected is an unknown function. The manipulation of the argument s leads to cross site scripting. This vulnerability is traded as CVE-2024-3731. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability has been found in hakeemnala Build App Online Plugin up to 1.0.21 on WordPress and classified as problematic. This vulnerability affects unknown code. The manipulation leads to weak password recovery. This vulnerability was named CVE-2023-7264. The attack can be initiated remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress. This affects the function service_list[0][service_id]. The manipulation leads to sql injection. This vulnerability is uniquely identified as CVE-2024-11729. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in iqonicdesign KiviCare Plugin up to 3.6.4 on WordPress and classified as critical. This vulnerability affects the function static_data_list. The manipulation of the argument sort[] leads to sql injection. This vulnerability was named CVE-2024-11730. The attack can be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Strategy11 Form Builder Team Formidable Forms Plugin up to 5.5.4 on WordPress. Affected is an unknown function. The manipulation leads to missing authorization. This vulnerability is traded as CVE-2022-45806. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, was found in GSheetConnector for Forminator Forms Plugin up to 1.0.11 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. This vulnerability is traded as CVE-2025-22752. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Google Chrome. Affected by this issue is some unknown functionality of the component Freetype. The manipulation leads to heap-based buffer overflow. This vulnerability is handled as CVE-2020-15999. The attack may be launched remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as critical was found in WP Project Manager Plugin up to 2.6.7 on WordPress. This vulnerability affects unknown code. The manipulation leads to missing authorization. This vulnerability was named CVE-2023-40003. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/list_resource_icon.php?action=delete. The manipulation of the argument IconId leads to sql injection. This vulnerability is handled as CVE-2024-2329. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been classified as critical. This affects an unknown part of the file /protocol/index.php. The manipulation of the argument IPAddr leads to sql injection. This vulnerability is uniquely identified as CVE-2024-2330. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way. The vendor was contacted early about this disclosure but did not respond in any way.