Latest CyberSec News by @thecyberpicker

DataDome warns that DYI bots are snapping up driving test places en masse

Smart Manager 8.27.0 - Post-Authenticated SQL Injection. CVE-2024-0566 . webapps exploit for PHP platform

WooCommerce Customers Manager 29.4 - Post-Authenticated SQL Injection. CVE-2024-0399 . webapps exploit for Multiple platform

FLIR AX8 1.46.16 - Remote Command Injection. CVE-2022-37061 . webapps exploit for Hardware platform

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database

Ethercreative Logs 3.0.3 - Path Traversal. CVE-2022-23409 . webapps exploit for Multiple platform

Ruckus IoT Controller 1.7.1.0 - Undocumented Backdoor Account. CVE-2021-33216 . local exploit for Hardware platform

ASUS ASMB8 iKVM 1.14.51 - Remote Code Execution (RCE). CVE-2023-26602 . local exploit for Hardware platform

KodExplorer 4.52 - Open Redirect.. webapps exploit for PHP platform

Car Rental Project 1.0 - Remote Code Execution. CVE-2020-5509 . webapps exploit for PHP platform

ABB Cylon Aspect 4.00.00 (factorySaved.php) - Unauthenticated XSS.. hardware exploit for PHP platform

ABB Cylon Aspect 4.00.00 (factorySetSerialNum.php) - Remote Code Execution.. hardware exploit for PHP platform

Security community reacts with shock at US government’s decision not to renew MITRE contract for CVE database

phpMyFAQ 3.2.10 - Unintended File Download Triggered by Embedded Frames. CVE-2024-55889 . webapps exploit for PHP platform

ABB Cylon Aspect 3.08.03 (webServerDeviceLabelUpdate.php) - File Write DoS.. hardware exploit for PHP platform

Fortinet FortiOS, FortiProxy, and FortiSwitchManager 7.2.0 - Authentication bypass. CVE-2022-40684 . remote exploit for Windows platform

Garage Management System 1.0 (categoriesName) - Stored XSS. CVE-2022-41358 . webapps exploit for Multiple platform

WebMethods Integration Server 10.15.0.0000-0092 - Improper Access on Login Page. CVE-2024-23733 . remote exploit for Windows platform

ProConf 6.0 - Insecure Direct Object Reference (IDOR). CVE-2018-16606 . webapps exploit for Multiple platform

Malware-laced SHOWJI phones shipped with fake WhatsApp, stealing $1.6M in crypto via address swaps.

MonServiceSécurisé, un service gratuit pour aider le secteur public à se mettre en conformité, a enregistré une augmentation de 100% de...-Cybersécurité

NagVis 1.9.33 - Arbitrary File Read. CVE-2022-46945 . webapps exploit for PHP platform

Zabbix 7.0.0 - SQL Injection. CVE-2024-42327 . webapps exploit for PHP platform

ABB Cylon Aspect 3.08.02 - Cross-Site Request Forgery (CSRF). CVE-2024-48846 . hardware exploit for Multiple platform

Hugging Face Transformers MobileViTV2 4.41.1 - Remote Code Execution (RCE). CVE-2024-11392 . remote exploit for Python platform

CVE funding ends April 16, risking delays in vulnerability tracking, advisories, and cyber response tools.

MITRE Vice President Yosry Barsoum has warned that U.S. government funding for the Common Vulnerabilities and Exposures (CVE) and Common Weakness Enumeration (CWE) programs expires today, which could lead to widespread disruption across the global cybersecurity industry.

Teedy 1.11 - Account Takeover via Stored Cross-Site Scripting (XSS). CVE-2024-46278 . webapps exploit for Multiple platform

phpMyFAQ 3.1.7 - Reflected Cross-Site Scripting (XSS). CVE-2022-4407 . webapps exploit for PHP platform

A critical resource that cybersecurity professionals worldwide rely on to identify, mitigate and fix security vulnerabilities in software and hardware is in danger of breaking down. The federally funded, non-profit research and development organization MITRE warned today that its contract…