Aggregator

A vulnerability, which was classified as critical, was found in Microsoft HEVC Video Extensions. This affects an unknown part. The manipulation leads to out-of-bounds write. This vulnerability is uniquely identified as CVE-2022-21917. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability has been found in Microsoft Windows up to Server 2022 and classified as critical. This vulnerability affects unknown code of the component DirectX Graphics. The manipulation leads to denial of service. This vulnerability was named CVE-2022-21918. The attack can be initiated remotely. There is no exploit available. It is recommended to apply a patch to fix this issue.

A vulnerability was found in Microsoft Windows and classified as critical. This issue affects some unknown processing of the component User Profile Service. The manipulation leads to link following. The identification of this vulnerability is CVE-2022-21919. The attack may be initiated remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.

Каталонский суд становится ареной битвы за права и приватность.

美国黑客 Ilya Lichtenstein 因在 2016 年入侵交易所 Bitfinex 窃取 12 万枚比特币而被判 5 年徒刑。他在妻子 Heather Morgan 的帮助下洗钱，Morgan 将于 11 月 18 日宣布刑期。在盗窃发生时比特币价值 7000 万美元，等到他们于 2022 年被捕时总价值升至了 45 亿美元，如今随着币值单价接近 9 万美总价值再次翻倍。这是至今金额最高的比特币盗窃案之一。

A vulnerability was found in Tenda AC10 16.03.10.13 and classified as critical. Affected by this issue is the function formSetRebootTimer of the file /goform/SetSysAutoRebbotCfg. The manipulation of the argument rebootTime leads to stack-based buffer overflow. This vulnerability is handled as CVE-2024-11248. The attack may be launched remotely. Furthermore, there is an exploit available.

随着人工智能等新技术的兴起，相关利用AI进行的网络犯罪活动也逐渐增多。日前，谷歌发出警告，称发现多种颇具欺骗性的网络欺诈活动。

A vulnerability has been found in SourceCodester Online Eyewear Shop 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /oews/classes/Master.php?f=save_product of the component Inventory Page. The manipulation of the argument brand leads to cross site scripting. This vulnerability is known as CVE-2024-11247. The attack can be launched remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.

A vulnerability, which was classified as problematic, was found in code-projects Farmacia 1.0. Affected is an unknown function of the file /adicionar-cliente.php. The manipulation of the argument nome/cpf/dataNascimento leads to cross site scripting. This vulnerability is traded as CVE-2024-11246. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The initial researcher advisory mentions the parameter "nome" to be affected. But further inspection indicates that other parameters might be affected as well.

A vulnerability, which was classified as critical, has been found in code-projects Farmacia 1.0. This issue affects some unknown processing of the file /editar-produto.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-11245. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Farmacia 1.0. This vulnerability affects unknown code of the file /editar-cliente.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2024-11244. The attack can be initiated remotely. Furthermore, there is an exploit available.

A critical vulnerability has been discovered in the popular “Really Simple Security” WordPress plugin, formerly known as “Really Simple SSL,” putting over 4 million websites at risk. The flaw, identified as CVE-2024-10924, exposes websites using the plugin to potential remote attacks, enabling threat actors to gain unauthorized administrative access. Vulnerability Overview The vulnerability affects versions 9.0.0 […]

The post 4M+ WordPress Websites to Attacks, Following Plugin Vulnerability appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Submit #443204 / VDB-284684

Полиция поймала участника крупнейшего криптоограбления в Индии.

Submit #443194 / VDB-284683

近期，安天CERT监测到一起挖矿木马攻击事件，该挖矿木马从2024年3月开始出现，并持续更新攻击脚本。

Submit #443189 / VDB-284682

Submit #443188 / VDB-284681

Submit #443177 / VDB-284680

A vulnerability classified as problematic has been found in code-projects Online Shop Store 1.0. This affects an unknown part of the file /signup.php. The manipulation of the argument m2 with the input <svg%20onload=alert(document.cookie)> leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-11243. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.