Aggregator

Submit #497249 / VDB-295144

A Threat Actor Claims to be Selling the Data of Cin Learn

Submit #497045 / VDB-196788

Submit #497043 / VDB-196788

A vulnerability was found in Codezips Gym Management System 1.0. It has been classified as critical. This affects an unknown part of the file /dashboard/admin/viewdetailroutine.php. The manipulation of the argument id leads to sql injection. This vulnerability is uniquely identified as CVE-2025-1206. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in OPC UA .NET Standard Stack and classified as critical. Affected by this issue is some unknown functionality of the component HTTPS Endpoint Handler. The manipulation leads to improper authentication. This vulnerability is handled as CVE-2024-42513. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in OPC UA .NET Standard Stack and classified as critical. Affected by this vulnerability is an unknown functionality of the component Basic128Rsa15 Security Policy. The manipulation leads to improper authentication. This vulnerability is known as CVE-2024-42512. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic has been found in Amiro.CMS up to 5.4.0.0. This affects an unknown part of the component Error Message Handler. The manipulation leads to improper input validation. This vulnerability is uniquely identified as CVE-2009-3802. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Today, an Alabama man pleaded guilty to hijacking the U.S. Securities and Exchange Commission (SEC) account on X in a January 2024 SIM swapping attack. [...]

Submit #496961 / VDB-295143

We’re just getting started down the road to the Internet of Everything (IoE.)

Related: IoT growing at a 24% clip

To get there – to fully tap the potential of a hyper-interconnected ecosystem where devices, data, AI and humans converge … (more…)

The post MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier first appeared on The Last Watchdog.

The post MY TAKE: Securing the Internet of Everything: why self-healing devices are the next frontier appeared first on Security Boulevard.

A vulnerability, which was classified as critical, was found in cool-admin-java 1.0. Affected is an unknown function of the file /comm/upload of the component File Handler. The manipulation leads to unrestricted upload. This vulnerability is traded as CVE-2024-57408. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, has been found in Timo 2.0.3. This issue affects some unknown processing of the file /userPicture of the component File Handler. The manipulation leads to unrestricted upload. The identification of this vulnerability is CVE-2024-57407. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic was found in cool-admin-java 1.0. This vulnerability affects unknown code of the component Parameter List Module. The manipulation of the argument internet pictures leads to cross site scripting. This vulnerability was named CVE-2024-57409. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in OneBlog 2.3.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Template Management Page. The manipulation leads to injection. This vulnerability is handled as CVE-2024-54954. The attack can only be initiated within the local network. There is no exploit available.

A vulnerability classified as problematic has been found in PHPGurukul Small CRM 3.0. This affects an unknown part of the file profile.php. The manipulation of the argument name leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-48170. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in Apple visionOS and classified as critical. This issue affects some unknown processing of the component Web Contents Handler. The manipulation leads to memory corruption. The identification of this vulnerability is CVE-2024-54658. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple macOS. It has been classified as critical. Affected is an unknown function of the component Web Contents Handler. The manipulation leads to memory corruption. This vulnerability is traded as CVE-2024-54658. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Apple iOS and iPadOS. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component Web Contents Handler. The manipulation leads to memory corruption. This vulnerability is known as CVE-2024-54658. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.