#vulnerability

Computer Laboratory Management System version 1.0 suffers from an ignored default credential vulnerability.

Ubuntu Security Notice 6200-2 - USN-6200-1 fixed vulnerabilities in ImageMagick. Unfortunately these fixes were incomplete for Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. This update fixes the problem.

Codeprojects E-Commerce version 1.0 suffers from a cross site scripting vulnerability.

Blog Site version 1.0 suffers from a cross site scripting vulnerability.

Red Hat Security Advisory 2024-5001-03 - An update for httpd is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a server-side request forgery vulnerability.

A security vulnerability in Rockwell Automation's ControlLogix 1756 programmable logic controllers, tracked as CVE-2024-6242, could allow tampering with physical processes at plants.

View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a stack-based buffer overflow, resulting in execution of arbitrary code. 3. TECHNICAL DETAILS 3.1 AFFECTED PRODUCTS The following versions of Delta Electronics DIAScreen visualization software are affected: DIAScreen: Versions prior to 1.4.2 3.2 Vulnerability Overview 3.2.1 STACK-BASED BUFFER OVERFLOW CWE-121 A crafted DPA file could force Delta Electronics DIAScreen to overflow a stack-based buffer, which could allow an attacker to execute arbitrary code. CVE-2024-7502 has been assigned to this vulnerability. A CVSS v3.1 base score of 7.8 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). A CVSS v4 score has also been calculated for CVE-2024-7502. A base score of 8.5 has been calculated; the...

Everyone loves the double-agent plot twist in a spy movie, but it’s a different story when it comes to securing company data. Whether intentional or unintentional, insider threats are a legitimate concern. According to CSA research, 26% of companies who reported a SaaS security incident were struck by an insider.  The challenge for many is detecting those threats before they lead to full

The North Korea-linked threat actor known as Moonstone Sleet has continued to push malicious npm packages to the JavaScript package registry with the aim of infecting Windows systems, underscoring the persistent nature of their campaigns. The packages in question, harthat-api and harthat-hash, were published on July 7, 2024, according to Datadog Security Labs. Both the libraries did not attract

Home users are being targeted by a ransomware called Magniber which locks up files and demands money for the key.