Telegram captcha tricks you into running malicious PowerShell scripts
Telegram captcha tricks you into running malicious PowerShell scripts

Telegram captcha tricks you into running malicious PowerShell scripts

2025-01-22 20:35

Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to...

Supply chain attack hits Chrome extensions, could expose millions

Supply chain attack hits Chrome extensions, could expose millions

2025-01-22 19:45

Threat actor exploited phishing and OAuth abuse to inject malicious code Cybersecurity outfit...

Cisco warns of denial of service flaw with PoC exploit code

Cisco warns of denial of service flaw with PoC exploit code

2025-01-22 18:47

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability,...

Stratoshark: Wireshark for the cloud – now available!

Stratoshark: Wireshark for the cloud – now available!

2025-01-22 18:19

Stratoshark is an innovative open-source tool that brings Wireshark’s detailed network...

PowerSchool hacker claims they stole data of 62 million students

PowerSchool hacker claims they stole data of 62 million students

2025-01-22 17:39

The hacker who breached education tech giant PowerSchool claimed in an extortion demand that...

Give users confidence in your digital infrastructure

Give users confidence in your digital infrastructure

2025-01-22 17:00

Why Digital Trust and crypto-agility are essential to authentication and data security Sponsored...

Conduent confirms cybersecurity incident behind recent outage

Conduent confirms cybersecurity incident behind recent outage

2025-01-22 16:56

American business services giant and government contractor Conduent confirmed today that a...

Vulnerabilities by Risk level (Last 12 months)

Risk level Last 12 months #
Critical 2516
High 7005
Medium 9988
Low 332

Vulnerabilities by Vendor (Last 12 months)

Vendor Last 12 months #
Linux 2745
Google 662
Apple 592
Microsoft 476
Adobe 463

Latest Vulnerabilities

  • CVE-2024-13091

    9.8

    The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and...

    network
    low complexity
    CWE-434
    critical
    9.8

  • CVE-2024-21245

    5.4

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Business Logic Infra SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily...

    network
    low complexity
    5.4

  • CVE-2025-21489

    6.1

    Vulnerability in the Oracle Advanced Outbound Telephony product of Oracle E-Business Suite (component: Region Mapping). Supported versions that are affected are 12.2.3-12.2.10. Easily exploitable...

    network
    low complexity
    6.1

  • CVE-2025-21490

    4.9

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable...

    network
    low complexity
    4.9

  • CVE-2025-21491

    4.9

    Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8.4.3 and prior and 9.1.0 and prior. Easily exploitable...

    network
    low complexity
    4.9

Latest Critical Vulnerabilities

  • CVE-2024-13091

    9.8

    The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'qcld_wpcfb_file_upload' function in all versions up to, and...

    network
    low complexity
    CWE-434
    critical
    9.8

  • CVE-2025-21524

    9.8

    Vulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Monitoring and Diagnostics SEC). Supported versions that are affected are Prior to 9.2.9.0. Easily...

    network
    low complexity
    critical
    9.8

  • CVE-2025-21535

    9.8

    Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable...

    network
    low complexity
    critical
    9.8

  • CVE-2025-21547

    9.1

    Vulnerability in the Oracle Hospitality OPERA 5 product of Oracle Hospitality Applications (component: Opera Servlet). Supported versions that are affected are 5.6.19.20, 5.6.25.8, 5.6.26.6 and...

    network
    low complexity
    critical
    9.1

  • CVE-2025-21556

    9.9

    Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Agile Integration Services). The supported version that is affected is 9.3.6. Easily exploitable...

    network
    low complexity
    critical
    9.9

  • CVE-2025-0585

    9.8

    The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.

    network
    low complexity
    CWE-89
    critical
    9.8

  • CVE-2024-38337

    9.1

    IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow an unauthorized attacker to retrieve or alter sensitive information contents due to incorrect...

    network
    low complexity
    CWE-732
    critical
    9.1

  • CVE-2024-41783

    9.1

    IBM Sterling Secure Proxy 6.0.0.0, 6.0.0.1, 6.0.0.2, 6.0.0.3, 6.1.0.0, and 6.2.0.0 could allow a privileged user to inject commands into the underlying operating system due to improper validation...

    network
    low complexity
    critical
    9.1