-
Cloudflare incident on November 14, 2024, resulting in lost logs
On November 14, 2024, Cloudflare experienced an incident which impacted the majority of customers using Cloudflare Logs. During the roughly 3.5 hours that these services were impacted, about 55% of the logs we normally send to customers were not sent and were lost. We’re very sorry this happened, and we are working to ensure that…
-
Bigger and badder: how DDoS attack sizes have evolved over the last decade
Distributed Denial of Service (DDoS) attacks are cyberattacks that aim to overwhelm and disrupt online services, making them inaccessible to users. By leveraging a network of distributed devices, DDoS attacks flood the target system with excessive requests, consuming its bandwidth or exhausting compute resources to the point of failure. These attacks can be highly effective…
-
Resilient Internet connectivity in Europe mitigates impact from multiple cable cuts
When cable cuts occur, whether submarine or terrestrial, they often result in observable disruptions to Internet connectivity, knocking a network, city, or country offline. This is especially true when there is insufficient resilience or alternative paths — that is, when a cable is effectively a single point of failure. Associated observations of traffic loss resulting…
-
CVE-2024-48197 – Audiocodes MP-202b Cross Site Scripting Privilege Escalation
CVE ID : CVE-2024-48197 Published : Jan. 2, 2025, 7:16 p.m. | 18 minutes ago Description : Cross Site Scripting vulnerability in Audiocodes MP-202b v.4.4.3 allows a remote attacker to escalate privileges via the login page of the web interface. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products,…
-
CVE-2025-0173 – SourceCodester Online Eyewear Shop SQL Injection Vulnerability
CVE ID : CVE-2025-0173 Published : Jan. 2, 2025, 6:15 p.m. | 1 hour, 19 minutes ago Description : A vulnerability was found in SourceCodester Online Eyewear Shop 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /orders/view_order.php. The manipulation of the argument id leads to sql injection. The attack…
-
CVE-2024-56199 – phpMyFAQ HTML Injection Vulnerability
CVE ID : CVE-2024-56199 Published : Jan. 2, 2025, 6:15 p.m. | 1 hour, 19 minutes ago Description : phpMyFAQ is an open source FAQ web application. Starting no later than version 3.2.10 and prior to version 4.0.2, an attacker can inject malicious HTML content into the FAQ editor at `http[:]//localhost/admin/index[.]php?action=editentry`, resulting in a complete disruption of…
-
CVE-2024-11717 – CTFd TokenForgeable Authentication
CVE ID : CVE-2024-11717 Published : Jan. 2, 2025, 5:15 p.m. | 2 hours, 20 minutes ago Description : Tokens in CTFd used for account activation and password resetting can be used interchangeably for these operations. When used, they are sent to the server as a GET parameter and they are not single use, which means, that…
-
CVE-2024-11716 – CTFd Team Bracket Reassignment Vulnerability ( Privilege Escalation )
CVE ID : CVE-2024-11716 Published : Jan. 2, 2025, 5:15 p.m. | 2 hours, 20 minutes ago Description : While assignment of a user to a team (bracket) in CTFd should be possible only once, at the registration, a flaw in logic implementation allows an authenticated user to reset it’s bracket and then pick a new one, joining…
-
CVE-2025-0172 – Code-projects Chat System SQL Injection Vulnerability
CVE ID : CVE-2025-0172 Published : Jan. 2, 2025, 4:15 p.m. | 3 hours, 19 minutes ago Description : A vulnerability has been found in code-projects Chat System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/deleteroom.php. The manipulation of the argument id leads to sql injection. The attack…
-
CVE-2024-9950 – Forescout SecureConnector Directory Traversal Vulnerability
CVE ID : CVE-2024-9950 Published : Jan. 2, 2025, 4:15 p.m. | 3 hours, 19 minutes ago Description : A vulnerability in Forescout SecureConnector v11.3.07.0109 on Windows allows unauthenticated user to modify compliance scripts due to insecure temporary directory. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more……