Aggregator

A vulnerability, which was classified as problematic, has been found in Pegasystems Pega Infinity up to 24.2.0. Affected by this issue is some unknown functionality of the component Search. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-10716. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WeGIA 3.2.0. This affects an unknown part. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2024-53472. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in WeGIA 3.2.0. It has been classified as problematic. Affected is an unknown function of the file /configuracao/gateway_pagamento.php. The manipulation of the argument id/name leads to cross site scripting. This vulnerability is traded as CVE-2024-53470. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Broadcast Plugin up to 51.01 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11379. The attack may be launched remotely. There is no exploit available.

A vulnerability classified as problematic has been found in Flixita Plugin up to 1.0.82 on WordPress. This affects an unknown part. The manipulation of the argument id leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-10836. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability, which was classified as problematic, has been found in Video Gallery Plugin up to 2.4.1 on WordPress. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-9769. The attack may be initiated remotely. There is no exploit available.

A critical security flaw in Sitevision CMS versions 10.3.1 and older has exposed SAML authentication signing keys, enabling potential authentication bypass and session hijacking. The vulnerability, tracked as CVE-2022-35202, stems from weak auto-generated passwords protecting Java keystores, which could be extracted and brute-forced to compromise private keys. Sitevision, a widely adopted content management system in […]

The post Auto-Generated Password Vulnerability In Sitevision Leaks Signing Key appeared first on Cyber Security News.

A vulnerability, which was classified as problematic, has been found in Microsoft Edge. This issue affects some unknown processing. The manipulation leads to the ui performs the wrong action. The identification of this vulnerability is CVE-2024-49041. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability classified as problematic was found in myCred Plugin up to 2.7.5.2 on WordPress. Affected by this vulnerability is the function mycred_send of the component Shortcode Handler. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-11201. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in ForumWP Plugin up to 2.1.2 on WordPress. It has been declared as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-10879. The attack can be launched remotely. There is no exploit available.

A vulnerability was found in ForumWP Plugin up to 2.1.2 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality of the component URL Parameter Handler. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-11204. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, was found in Campcodes Online Marriage Registration System 1.0. Affected is an unknown function of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. This vulnerability is traded as CVE-2024-2776. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability has been found in Campcodes Online Examination System 1.0 and classified as critical. This vulnerability affects unknown code of the file /adminpanel/admin/query/deleteExamExe.php. The manipulation of the argument id leads to sql injection. This vulnerability was named CVE-2024-2943. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Online Examination System 1.0 and classified as critical. This issue affects some unknown processing of the file /adminpanel/admin/query/deleteCourseExe.php. The manipulation of the argument id leads to sql injection. The identification of this vulnerability is CVE-2024-2944. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Online Examination System 1.0. It has been classified as critical. Affected is an unknown function of the file /adminpanel/admin/facebox_modal/updateExaminee.php. The manipulation of the argument id leads to sql injection. This vulnerability is traded as CVE-2024-2945. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as problematic, has been found in 8theme XStore Core Plugin up to 5.3.5 on WordPress. Affected by this issue is some unknown functionality. The manipulation leads to deserialization. This vulnerability is handled as CVE-2024-33553. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in 8theme XStore Core Plugin up to 5.3.5 on WordPress. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation leads to missing authorization. This vulnerability is handled as CVE-2024-33558. The attack may be launched remotely. There is no exploit available.

Cyberattacks detected by Trend Micro and Orange Cyberdefense find hackers using malware linked to China-backed groups and ransomware, adding more evidence that nation-state cyberespionage groups are also now using ransomware and further blurring the line between the two.

The post Cases of China-Backed Spy Groups Using Ransomware Come to Light appeared first on Security Boulevard.

A vulnerability, which was classified as problematic, was found in mPAY24 up to 1.5.1. This affects an unknown part of the component Installation. The manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2014-2009. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in Davethewebguy Battle Blog 1.25 and classified as critical. This vulnerability affects unknown code of the file admin/authenticate.asp. The manipulation of the argument UserName leads to sql injection. This vulnerability was named CVE-2009-3718. The attack can be initiated remotely. Furthermore, there is an exploit available.