CVE ID : CVE-2024-47519 Published : Jan. 10, 2025, 10:15 p.m. | 1 day, 17 hours ago Description : Backup uploads to ETM subject to man-in-the-middle interception Severity: 8.3 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-12847 Published : Jan. 10, 2025, 8:15 p.m. | 1 day, 19 hours ago Description : NETGEAR DGN1000 before 1.1.00.48 is vulnerable to an authentication bypass vulnerability. A remote and unauthenticated attacker can execute arbitrary operating system commands as root by sending crafted HTTP requests to the setup.cgi endpoint. This vulnerability has been exploited…

CVE ID : CVE-2025-22598 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the cadastrarSocio.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected…

CVE ID : CVE-2025-22597 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : WeGIA is a web manager for charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the CobrancaController.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the local_recepcao parameter. The injected…

CVE ID : CVE-2025-22152 Published : Jan. 10, 2025, 4:15 p.m. | 1 day, 23 hours ago Description : Atheos is a self-hosted browser-based cloud IDE. Prior to v600, the $path and $target parameters are not properly validated across multiple components, allowing an attacker to read, modify, or execute arbitrary files on the server. These vulnerabilities can…

CVE ID : CVE-2024-57687 Published : Jan. 10, 2025, 2:15 p.m. | 2 days, 1 hour ago Description : An OS Command Injection vulnerability was found in /landrecordsys/admin/dashboard.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the “Cookie” GET request parameter. Severity: 9.8 | CRITICAL Visit the link for more…

CVE ID : CVE-2024-57686 Published : Jan. 10, 2025, 2:15 p.m. | 2 days, 1 hour ago Description : A Cross Site Scripting (XSS) vulnerability was found in /landrecordsys/admin/contactus.php in PHPGurukul Land Record System v1.0, which allows remote attackers to execute arbitrary code via the “pagetitle” parameter. Severity: 9.8 | CRITICAL Visit the link for more details,…

CVE ID : CVE-2024-41787 Published : Jan. 10, 2025, 2:15 p.m. | 2 days, 1 hour ago Description : IBM Engineering Requirements Management DOORS Next 7.0.2 and 7.0.3 could allow a remote attacker to bypass security restrictions, caused by a race condition. By sending a specially crafted request, an attacker could exploit this vulnerability to remotely execute…

TheCyberThrone Security Weekly Review – January 11, 2025 Welcome to TheCyberThrone cybersecurity week in review will be posted covering the important security happenings. This review is for the week ending Saturday, January 11, 2025.Redis was affected by CV … Read more Published Date: Jan 12, 2025 (2 hours, 1 minute ago) Vulnerabilities has been mentioned in this…

Chinese MirrorFace APT targets Japan The MirrorFace Advanced Persistent Threat (APT) group, also known as Earth Kasha, has been linked to a series of cyber-attacks targeting Japan. These attacks have been ongoing since 2019 and have prim … Read more Published Date: Jan 12, 2025 (6 hours, 11 minutes ago) Vulnerabilities has been mentioned in this article.…