CVE ID : CVE-2024-12264 Published : Jan. 7, 2025, 5:15 a.m. | 4 hours, 11 minutes ago Description : The PayU CommercePro Plugin plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 3.8.3. This is due to /wp-json/payu/v1/generate-user-token and /wp-json/payu/v1/get-shipping-cost REST API endpoints not properly verifying a user’s identity prior to…

CVE ID : CVE-2025-22395 Published : Jan. 7, 2025, 3:15 a.m. | 6 hours, 11 minutes ago Description : Dell Update Package Framework, versions prior to 22.01.02, contain(s) a Local Privilege Escalation Vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary remote scripts on the server. Exploitation may lead…

CVE ID : CVE-2024-12402 Published : Jan. 7, 2025, 4:15 a.m. | 5 hours, 11 minutes ago Description : The Themes Coder – Create Android & iOS Apps For Your Woocommerce Site plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.3.4. This is due to the plugin…

CVE ID : CVE-2024-55076 Published : Jan. 6, 2025, 9:15 p.m. | 12 hours, 11 minutes ago Description : Grocy through 4.3.0 has no CSRF protection, as demonstrated by changing the Administrator’s password. Severity: 8.1 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE-2024-20154: Critical RCE Flaw in MediaTek Chipsets Impacts Millions MediaTek has released its January 2025 Product Security Bulletin, addressing a range of security vulnerabilities affecting its various chipsets. The bulletin details flaws found in products ranging fr … Read more Published Date: Jan 07, 2025 (7 hours, 30 minutes ago) Vulnerabilities has been mentioned in this article.…

CVE-2024-43096 and More: Critical RCE Flaws Patched in Android Security Update The Android Security Bulletin for January 2025 highlights critical security vulnerabilities affecting millions of Android devices globally. With the 2025-01-05 security patch level, Google has address … Read more Published Date: Jan 07, 2025 (7 hours, 24 minutes ago) Vulnerabilities has been mentioned in this article.…

CVE-2024-51741 and CVE-2024-46981: Redis Flaws Expose Millions to DoS and RCE Risks Two vulnerabilities have been discovered in Redis, the popular in-memory database, leaving millions of users at risk. CVE-2024-51741 allows attackers to trigger a denial-of-service (DoS) attack, while … Read more Published Date: Jan 07, 2025 (7 hours, 17 minutes ago) Vulnerabilities has been mentioned in…

CVE-2024-8474: OpenVPN Connect Vulnerability Leaks Private Keys Popular VPN client app, OpenVPN Connect, patched a critical security flaw that could have exposed users’ private keys and decrypted their VPN traffic.A recently disclosured vulnerability (CVE-2024-847 … Read more Published Date: Jan 07, 2025 (7 hours, 47 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-8474 CVE-2023-46850 Go…

Exploiting Misconfigurations in Argo Workflows for Kubernetes Cluster Takeover Argo Workflows, a widely-used open-source tool for orchestrating workflows in Kubernetes, has become a valuable asset for cloud-native automation. However, recent findings by Yali Mintus, a Cloud Secu … Read more Published Date: Jan 07, 2025 (7 hours, 41 minutes ago) Vulnerabilities has been mentioned in this article.…

Thousands of SonicWall Devices Remain Vulnerable to CVE-2024-40766 In September 2024, a critical vulnerability in SonicWall NSA devices, tracked as CVE-2024-40766, was disclosed. Since then, threat actors Akira and Fog have reportedly exploited this flaw to infiltrat … Read more Published Date: Jan 07, 2025 (7 hours, 37 minutes ago) Vulnerabilities has been mentioned in this article.…