CVE Alert: CVE-2024-50528
Vulnerability Summary: CVE-2024-50528 Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Stacks Stacks Mobile App Builder...
Month: November 2024
CVE Alert: CVE-2024-50526
Vulnerability Summary: CVE-2024-50526 Unrestricted Upload of File with Dangerous Type vulnerability in mahlamusa Multi Purpose Mail Form allows Upload a...
CVE Alert: CVE-2024-51582
Vulnerability Summary: CVE-2024-51582 Path Traversal: '.../...//' vulnerability in ThimPress WP Hotel Booking allows PHP Local File Inclusion.This issue affects WP...
CVE Alert: CVE-2024-51665
Vulnerability Summary: CVE-2024-51665 Server-Side Request Forgery (SSRF) vulnerability in Noor alam Magical Addons For Elementor allows Server Side Request Forgery.This...
CVE Alert: CVE-2024-51251
Vulnerability Summary: CVE-2024-51251 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling...
CVE Alert: CVE-2024-51408
Vulnerability Summary: CVE-2024-51408 AppSmith Community 1.8.3 before 1.46 allows SSRF via New DataSource for application/json requests to 169.254.169.254 to retrieve...
CVE Alert: CVE-2024-51249
Vulnerability Summary: CVE-2024-51249 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling...
CVE Alert: CVE-2024-51246
Vulnerability Summary: CVE-2024-51246 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling...
CVE Alert: CVE-2024-51253
Vulnerability Summary: CVE-2024-51253 In Draytek Vigor3900 1.5.1.3, attackers can inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling...
[QILIN] – Ransomware Victim: ebrso
Ransomware Group: QILIN VICTIM NAME: ebrso NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[LYNX] – Ransomware Victim: Model Die & Mold
Ransomware Group: LYNX VICTIM NAME: Model Die & Mold NOTE: No files or stolen information are by RedPacket Security. Any...
FBI Seeks Public Help to Identify Chinese Hackers Behind Global Cyber Intrusions
The U.S. Federal Bureau of Investigation (FBI) has sought assistance from the public in connection with an investigation involving the...
HackerOne Bug Bounty Disclosure: overwrite-any-file-of-the-web-server-goedix
Company Name: MacTaggart Scott Company HackerOne URL: https://hackerone.com/mactaggart_scott Submitted By:goedixLink to Submitters Profile:https://hackerone.com/goedix Report Title:Overwrite any file of the web...
HackerOne Bug Bounty Disclosure: open-redirect-via-redirect-to-parameter-in-tumblr-com-shivangmauryaa
Company Name: Automattic Company HackerOne URL: https://hackerone.com/automattic Submitted By:shivangmauryaaLink to Submitters Profile:https://hackerone.com/shivangmauryaa Report Title:Open redirect via redirect_to parameter in tumblrcomReport...
[EMBARGO] – Ransomware Victim: mh-m[.]org
Ransomware Group: EMBARGO VICTIM NAME: mh-morg NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
[BIANLIAN] – Ransomware Victim: Falco Sult
Ransomware Group: BIANLIAN VICTIM NAME: Falco Sult NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
[INCRANSOM] – Ransomware Victim: Webb Institute
Ransomware Group: INCRANSOM VICTIM NAME: Webb Institute NOTE: No files or stolen information are by RedPacket Security. Any legal issues...
[RANSOMHUB] – Ransomware Victim: apoyoconsultoria[.]com
Ransomware Group: RANSOMHUB VICTIM NAME: apoyoconsultoriacom NOTE: No files or stolen information are by RedPacket Security. Any legal issues relating...
New Android Banking Malware ‘ToxicPanda’ Targets Users with Fraudulent Money Transfers
Over 1,500 Android devices have been infected by a new strain of Android banking malware called ToxicPanda that allows threat...
CVE Alert: CVE-2024-51677
Vulnerability Summary: CVE-2024-51677 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WebberZone Knowledge Base...
CVE Alert: CVE-2024-45884
Vulnerability Summary: CVE-2024-45884 DrayTek Vigor3900 1.5.1.3 contains a post-authentication command injection vulnerability. This vulnerability occurs when the `action` parameter in...
CVE Alert: CVE-2024-50531
Vulnerability Summary: CVE-2024-50531 Unrestricted Upload of File with Dangerous Type vulnerability in David F. Carr RSVPMaker for Toastmasters allows Upload...
CVE Alert: CVE-2024-51672
Vulnerability Summary: CVE-2024-51672 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPDeveloper BetterLinks allows...
CVE Alert: CVE-2024-45882
Vulnerability Summary: CVE-2024-45882 DrayTek Vigor3900 1.5.1.3 contains a command injection vulnerability. This vulnerability occurs when the `action` parameter in `cgi-bin/mainfunction.cgi`...
