CVE CyberSecurity Database News (Page 454)

Dec 13, 2024 WordPress API

CVE-2024-11275 - Critical Vulnerability in WP Timetics Plugin Lets Customers Delete Any Users – Full Analysis & Exploit Demo

Discovered: Early 2024 Severity: High Affected Plugin: WP Timetics Vulnerable Versions: ≤ 1..27 Plugin Purpose: Appointment booking & scheduling with AI features Bug Type: Broken

Dec 12, 2024 XXE Java

CVE-2024-55875 - XXE Vulnerability in http4k – How Your Kotlin Server May Be at Risk

If you develop Kotlin-based web applications with http4k, pay close attention to this: a recent vulnerability, CVE-2024-55875, puts your server’s sensitive files and network

Dec 12, 2024 RCE Microsoft Exploit Java

CVE-2024-49147 - Microsoft Update Catalog Deserialization Vulnerability – How Attackers Can Elevate Privileges (With Code Example)

--- Summary: In June 2024, CVE-2024-49147 exposed a serious vulnerability in the Microsoft Update Catalog website (https://www.catalog.update.microsoft.com/). The root culprit?

Dec 12, 2024 Windows Microsoft API

CVE-2024-49071 - How Windows Defender’s Global Files Search Leaks Sensitive Info With Improper Authorization

June 2024 has seen another serious security issue: CVE-2024-49071, a privilege escalation vulnerability in Windows Defender. This bug exposes sensitive index information to attackers with

Dec 12, 2024

CVE-2024-9367 - GitLab Changelog Template Parsing DoS Vulnerability Explained

CVE-2024-9367 is a security vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The issue affects all versions from 13.9 before 17.4.