CVE-2024-40865 : APPLE VISIONOS UP TO 1.2 VIRTUAL KEYBOARD PRIVILEGE ESCALATION
Description The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS 1.3. Inputs to the virtual…
CVE-2024-8395 : FLYCASS COCKPIT ACCESS SECURITY SYSTEM/KNOWN CREWMEMBER SQL INJECTION
Description FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside attackers with no authentication. References…
CVE-2024-38486 : DELL SMARTFABRIC OS10 SOFTWARE UP TO 10.5.5.10/10.5.6.X COMMAND INJECTION
Description Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used in a Command ('Command Injection')…
CVE-2024-8480 : IMAGE OPTIMIZER, RESIZER AND CDN PLUGIN UP TO 7.2.7 ON WORDPRESS SIRV_SAVE_PREVENTED_SIZES AUTHORIZATION
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check…
What Is GraphQL API And How To Secure Them?
GraphQL API security is critical to protecting your application from threats and vulnerabilities. GraphQL, with its simple and efficient data queries, presents unique security challenges…
CVE-2024-7261 : ZYXEL NWA1123ACV3/WAC500/WAX655E/WBE530/USG LITE 60AX COOKIE HOST OS COMMAND INJECTION
Description The improper neutralization of special elements in the parameter "host" in the CGI program of Zyxel NWA1123ACv3 firmware version 6.70(ABVT.4) and earlier, WAC500 firmware…