Threat Intelligence
Secure Today. Defend Tomorrow.
Real-time threat feed from trusted sources. Updated continuously to keep you informed of the latest malicious activity.
VMware vCenter Server Improper Input Validation Vulnerability
VMware vSphere Client contains an improper input validation vulnerability in the Virtual SAN Health Check plug-in, which is enabled by default in vCenter Server, which allows for remote code execution.
Read More →Multiple VMware Products Command Injection Vulnerability
VMware Workspace One Access, Access Connector, Identity Manager, and Identity Manager Connector contain a command injection vulnerability. An attacker with network access to the administrative configurator on port 8443 and a valid password for the configurator administrator account can execute commands with unrestricted privileges on the underlying operating system.
Read More →WordPress File Manager Plugin Remote Code Execution Vulnerability
WordPress File Manager plugin contains a remote code execution vulnerability that allows unauthenticated users to execute PHP code and upload malicious files on a target site.
Read More →WordPress Snap Creek Duplicator Plugin File Download Vulnerability
WordPress Snap Creek Duplicator plugin contains a file download vulnerability when an administrator creates a new copy of their site that allows an attacker to download the generated files from their Wordpress dashboard. This vulnerability affects Duplicator and Dulplicator Pro.
Read More →WordPress Social Warfare Plugin Cross-Site Scripting (XSS) Vulnerability
WordPress Social Warfare plugin contains a cross-site scripting (XSS) vulnerability that allows for remote code execution. This vulnerability affects Social Warfare and Social Warfare Pro.
Read More →Yealink Device Management Server-Side Request Forgery (SSRF) Vulnerability
Yealink Device Management contains a server-side request forgery (SSRF) vulnerability that allows for unauthenticated remote code execution.
Read More →Zoho ManageEngine ADSelfService Plus Authentication Bypass Vulnerability
Zoho ManageEngine ADSelfService Plus contains an authentication bypass vulnerability affecting the REST API URLs which allow for remote code execution.
Read More →Zoho ManageEngine Desktop Central File Upload Vulnerability
Zoho ManageEngine Desktop Central contains a file upload vulnerability that allows for unauthenticated remote code execution.
Read More →Zoho ManageEngine ServiceDesk Plus (SDP) File Upload Vulnerability
Zoho ManageEngine ServiceDesk Plus (SDP) contains an unspecified vulnerability that allows remote users to upload files via login page customization.
Read More →Zyxel Multiple Products Use of Hard-Coded Credentials Vulnerability
Zyxel firewalls (ATP, USG, VM) and AP Controllers (NXC2500 and NXC5500) contain a use of hard-coded credentials vulnerability in an undocumented account ("zyfwp") with an unchangeable password.
Read More →Sources
- AlienVault OTX
- CISA KEV
- URLhaus
Stay Ahead of Threats
Secure Today. Defend Tomorrow.
Get daily threat intelligence and CVE digests delivered to your inbox.