Vulnerebility List 2024 2026 2025 2024 2023 2021 2020 2019 2018
DATE | NAME |
Info | CATEG. |
WEB |
|
28.12.24 | 15,000+ Four-Faith Routers Exposed to New Exploit Due to Default Credentials | A high-severity flaw impacting select Four-Faith routers has come under active exploitation in the wild, according to new findings from VulnCheck. The | Vulnerebility | |
|
28.12.24 | Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately | Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service (DoS) condition on susceptible | Vulnerebility | |
|
28.12.24 | FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks | Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant | Vulnerebility | |
|
28.12.24 | Apache MINA CVE-2024-52046: CVSS 10.0 Flaw Enables RCE via Unsafe Serialization | The Apache Software Foundation (ASF) has released patches to address a maximum severity vulnerability in the MINA Java network application framework | Vulnerebility | |
|
26.12.24 | Critical SQL Injection Vulnerability in Apache Traffic Control Rated 9.9 CVSS — Patch Now | The Apache Software Foundation (ASF) has shipped security updates to address a critical security flaw in Traffic Control that, if successfully exploited, could allow an | Vulnerebility | |
|
26.12.24 | CISA Adds Acclaim USAHERDS Vulnerability to KEV Catalog Amid Active Exploitation | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a now-patched high-severity security flaw impacting Acclaim Systems | Vulnerebility | |
|
26.12.24 | Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks | The Apache Software Foundation (ASF) has released a security update to address an important vulnerability in its Tomcat server software that could result in remote code execution (RCE) under certain conditions. The vulnerability, tracked as CVE- | Vulnerebility | |
| 21.12.24 | Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent Exploitation | Sophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allow | Vulnerebility | |
| 21.12.24 | Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools | A now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remote | Vulnerebility | |
| 21.12.24 | Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits | Fortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitive | Vulnerebility | |
| 18.12.24 | BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products | BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to the | Vulnerebility | |
|
1.11.24 | LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress Websites | A high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticated | Vulnerebility | |
|
30.10.24 | Opera Browser Fixes Big Security Hole That Could Have Exposed Your Information | A now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access to | Vulnerebility | |
|
29.10.24 | New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors | More than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that the | Vulnerebility | |
|
27.10.24 | Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test Suite | A security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code with | Vulnerebility | |
|
27.10.24 | AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks | Cybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) that | Vulnerebility | |
|
27.10.24 | Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active Attack | Cisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security Appliance | Vulnerebility | |
|
27.10.24 | Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation | Fortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild. | Vulnerebility | |
|
27.10.24 |
Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers |
Details have emerged about a now-patched security flaw in Styra's Open Policy Agent ( OPA ) that, if successfully exploited, could have |
||
|
27.10.24 |
VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability |
VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for |
||
|
27.10.24 |
CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack |
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to |
||
|
27.10.24 |
Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers |
Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The |
||
| 26.10.24 | Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari Browser | Microsoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework in | Vulnerebility | The Hacker News |
| 26.10.24 | Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access Risk | A critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain root | Vulnerebility | The Hacker News |
| 26.10.24 | GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance Access | GitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allow | Vulnerebility | The Hacker News |
15.9.24 | WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million Sites | The maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allow | Vulnerebility | The Hacker News |
15.9.24 | Critical Veeam Vulnerability Exploited to Spread Akira and Fog Ransomware | Threat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and Fog | Vulnerebility | The Hacker News |
29.9.24 | Progress urges admins to patch critical WhatsUp Gold bugs ASAP | Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. | Vulnerebility | |
29.9.24 | CUPS flaws enable Linux remote code execution, but there’s a catch | Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. | Vulnerebility | BleepingComputer |
28.9.24 | Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch Now | Progress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two critical | Vulnerebility | The Hacker News |
28.9.24 | HPE Aruba Networking fixes critical flaws impacting Access Points | HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. | Vulnerebility | |
27.9.24 | Critical Linux CUPS Printing System Flaws Could Allow Remote Command Execution | A new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System ( CUPS ) on Linux | Vulnerebility | The Hacker News |
27.9.24 | Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to Attackers | A critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors to | Vulnerebility | The Hacker News |
26.9.24 | Critical Ivanti vTM auth bypass bug now exploited in attacks | CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. | Vulnerebility | |
25.9.24 | Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52% | Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to the | Vulnerebility | The Hacker News |
25.9.24 | CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation Concerns | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual Traffic | Vulnerebility | The Hacker News |
21.9.24 | GitLab releases fix for critical SAML authentication bypass flaw | GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). | Vulnerebility | |
21.9.24 | Broadcom fixes critical RCE bug in VMware vCenter Server | Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. | Vulnerebility | BleepingComputer |
20.9.24 | D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers | D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. | Vulnerebility | |
20.9.24 | Critical Ivanti Cloud Appliance Vulnerability Exploited in Active Cyberattacks | Ivanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in the | Vulnerebility | The Hacker News |
19.9.24 | GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE Editions | GitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could result | Vulnerebility | The Hacker News |
18.9.24 | Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution | Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for | Vulnerebility | The Hacker News |
17.9.24 | SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks | SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical | Vulnerebility | The Hacker News |
16.9.24 | Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution | A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve | Vulnerebility | The Hacker News |
15.9.24 | GitLab warns of critical pipeline execution vulnerability | GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. | Vulnerebility | |
14.9.24 | Ivanti fixes maximum severity RCE bug in Endpoint Management software | Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. | Vulnerebility | |
14.9.24 | Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability | Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 | Vulnerebility | The Hacker News |
12.9.24 | Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution | GitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows an | Vulnerebility | The Hacker News |
11.9.24 | Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws | Microsoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under active | Vulnerebility | The Hacker News |
11.9.24 | Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities | Ivanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 critical | Vulnerebility | The Hacker News |
10.9.24 | Progress LoadMaster vulnerable to 10/10 severity RCE flaw | Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. | Vulnerebility | |
9.9.24 | Progress Software Issues Patch for Vulnerability in LoadMaster and MT Hypervisor | Progress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor that | Vulnerebility | The Hacker News |
8.9.24 | SonicWall SSLVPN access control flaw is now exploited in attacks | SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. | Vulnerebility | |
8.9.24 | Apache fixes critical OFBiz remote code execution vulnerability | Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. | Vulnerebility | |
8.9.24 | Veeam warns of critical RCE flaw in Backup & Replication software | Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. | Vulnerebility | |
8.9.24 | Zyxel warns of critical OS command injection flaw in routers | Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. | Vulnerebility | |
7.9.24 | D-Link says it is not fixing four RCE flaws in DIR-846W routers | D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. | Vulnerebility | |
7.9.24 | SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible Exploitation | SonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. The | Vulnerebility | The Hacker News |
7.9.24 | GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code | Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading | Vulnerebility | The Hacker News |
6.9.24 | Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPress | Cybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that could | Vulnerebility | The Hacker News |
6.9.24 | Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution | A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code | Vulnerebility | The Hacker News |
6.9.24 | Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical Issues | Veeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five critical | Vulnerebility | The Hacker News |
5.9.24 | Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote Attacks | Cisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allow | Vulnerebility | The Hacker News |
4.9.24 | Zyxel Patches Critical OS Command Injection Flaw in Access Points and Routers | Zyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versions | Vulnerebility | The Hacker News |
31.8.24 | Google increases Chrome bug bounty rewards up to $250,000 | Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. | Vulnerebility | |
31.8.24 | Fortra fixes critical FileCatalyst Workflow hardcoded password issue | Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges. | Vulnerebility | |
30.8.24 | Atlassian Confluence Vulnerability Exploited in Crypto Mining Campaigns | Threat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and Confluence | Vulnerebility | The Hacker News |
29.8.24 | Fortra Issues Patch for High-Risk FileCatalyst Workflow Security Vulnerability | Fortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gain | Vulnerebility | The Hacker News |
28.8.24 | CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation Reports | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its Known | Vulnerebility | The Hacker News |
28.8.24 | Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution | A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute | Vulnerebility | The Hacker News |
27.8.24 | SonicWall warns of critical access control flaw in SonicOS | SonicWall's SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash. | Vulnerebility | |
27.8.24 | Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 Copilot | Details have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user information | Vulnerebility | The Hacker News |
27.8.24 | Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active Exploitation | Google has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser has | Vulnerebility | The Hacker News |
27.8.24 | SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized Access | SonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grant | Vulnerebility | The Hacker News |
26.8.24 | Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps Platforms | Cybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discovery | Vulnerebility | The Hacker News |
26.8.24 | Critical Flaws in Traccar GPS System Expose Users to Remote Attacks | Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by | Vulnerebility | The Hacker News |
24.8.24 | SolarWinds fixes hardcoded credentials flaw in Web Help Desk | SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. | Vulnerebility | |
24.8.24 | Google fixes ninth Chrome zero-day tagged as exploited this year | Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one tagged as exploited this year. | Vulnerebility | |
24.8.24 | Litespeed Cache bug exposes millions of WordPress sites to takeover attacks | A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. | Vulnerebility | |
24.8.24 | GitHub Enterprise Server vulnerable to critical auth bypass flaw | A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. | Vulnerebility | |
23.8.24 | Hardcoded Credential Vulnerability Found in SolarWinds Web Help Desk | SolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remote | Vulnerebility | The Hacker News |
23.8.24 | New 'ALBeast' Vulnerability Exposes Weakness in AWS Application Load Balancer | As many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentially | Vulnerebility | The Hacker News |
22.8.24 | Google Fixes High-Severity Chrome Flaw Actively Exploited in the Wild | Google has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come under | Vulnerebility | The Hacker News |
22.8.24 | Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin Access | Cybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permit | Vulnerebility | The Hacker News |
22.8.24 | GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges | GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug | Vulnerebility | The Hacker News |
21.8.24 | Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now | Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. | Vulnerebility | |
21.8.24 | SolarWinds fixes critical RCE bug affecting all Web Help Desk versions | A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. | Vulnerebility | |
21.8.24 | GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at Risk | A maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposes | Vulnerebility | The Hacker News |
17.8.24 | Critical SAP flaw allows remote attackers to bypass authentication | SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. | Vulnerebility | |
16.8.24 | Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at Risk | A large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be used | Vulnerebility | The Hacker News |
16.8.24 | Cisco warns of critical RCE zero-days in end of life IP phones | Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. | Vulnerebility | |
15.8.24 | SolarWinds Releases Patch for Critical Flaw in Web Help Desk Software | SolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited to | Vulnerebility | The Hacker News |
15.8.24 | GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover | A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain | Vulnerebility | The Hacker News |
15.8.24 | Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days | Microsoft on Tuesday shipped fixes to address a total of 90 security flaws , including 10 zero-days, of which six have come under active | Vulnerebility | The Hacker News |
15.8.24 | Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin Access | Ivanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve an | Vulnerebility | The Hacker News |
15.8.24 | GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted Attacks | A team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bug | Vulnerebility | The Hacker News |
13.8.24 | Researchers Uncover Vulnerabilities in Solarman and Deye Solar Systems | Cybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platforms | Vulnerebility | The Hacker News |
11.8.24 | Critical Progress WhatsUp RCE flaw now under active exploitation | Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. | Vulnerebility | |
11.8.24 | Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick Share | As many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could be | Vulnerebility | The Hacker News |
10.8.24 | Microsoft Warns of Unpatched Office Vulnerability Leading to Data Exposure | Microsoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure of | Vulnerebility | The Hacker News |
10.8.24 | Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service Takeovers | Cybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited, | Vulnerebility | The Hacker News |
10.8.24 | Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPE | Microsoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained to | Vulnerebility | The Hacker News |
9.8.24 | New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on Users | Cybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors to | Vulnerebility | The Hacker News |
8.8.24 | 0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux Devices | Cybersecurity researchers have discovered a new " 0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability | Vulnerebility | The Hacker News |
8.8.24 | Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch Now | A critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that users | Vulnerebility | The Hacker News |
7.8.24 | Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords | Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute | Vulnerebility | The Hacker News |
6.8.24 | New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution | A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source | Vulnerebility | The Hacker News |
5.8.24 | Researchers Uncover Flaws in Windows Smart App Control and SmartScreen | Cybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that could | Vulnerebility | The Hacker News |
3.8.24 | DigiCert mass-revoking TLS certificates due to domain validation bug | DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. | Vulnerebility | |
31.7.24 | Critical Flaw in Acronis Cyber Infrastructure Exploited in the Wild | Cybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) product | Vulnerebility | The Hacker News |
28.7.24 | Google fixes Chrome Password Manager bug that hides credentials | Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. | Vulnerebility | |
28.7.24 | Critical ServiceNow RCE flaws actively exploited to steal credentials | Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. | Vulnerebility | |
27.7.24 | Progress warns of critical RCE bug in Telerik Report Server | Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. | Vulnerebility | |
27.7.24 | Docker fixes critical 5-year old authentication bypass flaw | Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. | Vulnerebility | |
27.7.24 | CrowdStrike: 'Content Validator' bug let faulty update pass checks | CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. | Vulnerebility | |
26.7.24 | Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk | Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked | Vulnerebility | The Hacker News |
26.7.24 | Researchers Reveal ConfusedFunction Vulnerability in Google Cloud Platform | Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions | Vulnerebility | The Hacker News |
26.7.24 | Critical Docker Engine Flaw Allows Attackers to Bypass Authorization Plugins | Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization | Vulnerebility | The Hacker News |
20.7.24 | SolarWinds fixes 8 critical bugs in access rights audit software | SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. | Vulnerebility | BleepingComputer |
20.7.24 | Critical Cisco bug lets hackers add root users on SEG devices | Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. | Vulnerebility | |
20.7.24 | Cisco SSM On-Prem bug lets hackers change any user's password | Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. | Vulnerebility | |
19.7.24 | SolarWinds Patches 8 Critical Flaws in Access Rights Manager Software | SolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited to | Vulnerebility | The Hacker News |
18.7.24 | Cisco Warns of Critical Flaw Affecting On-Prem Smart Software Manager | Cisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On- | Vulnerebility | |
18.7.24 | CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks | CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. | Vulnerebility | |
17.7.24 | Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAP | Threat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead to | Vulnerebility | The Hacker News |
15.7.24 | Microsoft fixes bug causing Windows Update automation issues | Microsoft has resolved a known issue caused by the June 2024 KB5039302 preview update, causing update problems when using Windows Update automation scripts on Windows 11 systems. | Vulnerebility | |
15.7.24 | Critical Exim bug bypasses security filters on 1.5 million mail servers | Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. | Vulnerebility | |
14.7.24 | Netgear warns users to patch auth bypass, XSS router flaws | Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. | Vulnerebility | |
14.7.24 | GitLab: Critical bug lets attackers run pipelines as other users | GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. | Vulnerebility | |
12.7.24 |
Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments |
A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious |
||
12.7.24 |
Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool |
Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910 |
||
11.7.24 | Hackers target WordPress calendar plugin used by 150,000 sites | Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. | Vulnerebility | |
11.7.24 | RCE bug in widely used Ghostscript library now exploited in attacks | A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks. | Vulnerebility | |
11.7.24 | GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Jobs | GitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bug | Vulnerebility | |
10.7.24 | New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk | Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code | Vulnerebility | |
8.7.24 | Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service | Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that | Vulnerebility | The Hacker News |
2.7.24 | New regreSSHion OpenSSH RCE bug gives root on Linux servers | A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. | Vulnerebility | |
2.7.24 | Juniper releases out-of-cycle fix for max severity auth bypass flaw | Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. | Vulnerebility | |
2.7.24 | Dev rejects CVE severity, makes his GitHub repo read-only | The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects. | Vulnerebility | |
2.7.24 | Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver Malware | A China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used in | Vulnerebility | The Hacker News |
2.7.24 | Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks | A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that | Vulnerebility | The Hacker News |
1.7.24 | New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems | OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems. | Vulnerebility | The Hacker News |
1.7.24 | Juniper Networks Releases Critical Security Update for Routers | Juniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authentication | Vulnerebility | The Hacker News |
29.6.24 | GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others | GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run | Vulnerebility | |
29.6.24 | Critical GitLab bug lets attackers run pipelines as any user | A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. | Vulnerebility | |
29.6.24 | Hackers target new MOVEit Transfer critical auth bypass bug | Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday. | Vulnerebility | |
| 28.6.24 | Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment | Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to | Vulnerebility | The Hacker News |
| 28.6.24 | Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks | Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote | Vulnerebility | The Hacker News |
| 28.6.24 | Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application | A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper | Vulnerebility | The Hacker News |
| 27.6.24 | Phoenix UEFI vulnerability impacts hundreds of Intel PC models | A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw. | Vulnerebility | |
| 27.6.24 | CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites | A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. | Vulnerebility | |
| 27.6.24 | VMware fixes critical vCenter RCE vulnerability, patch now | VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. | Vulnerebility | |
| 25.6.24 | Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool | Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) | Vulnerebility | The Hacker News |
| 23.6.24 | SolarWinds Serv-U Vulnerability Under Active Attack - Patch Immediately | A recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actors | Vulnerebility | The Hacker News |
| 20.6.24 | Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUs | Cybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affects | Vulnerebility | The Hacker News |
| 19.6.24 | Mailcow Mail Server Flaws Expose Servers to Remote Code Execution | Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious | Vulnerebility | The Hacker News |
| 18.6.24 | VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi | VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be | Vulnerebility | The Hacker News |
| 17.6.24 | ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models | ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors | Vulnerebility | The Hacker News |
| 16.6.24 | ASUS warns of critical remote authentication bypass on 7 routers | ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices. | Vulnerebility | |
| 15.6.24 | Exploit for Veeam Recovery Orchestrator auth bypass available, patch now | A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. | Vulnerebility | |
| 14.6.24 | JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens | JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. | Vulnerebility | |
| 14.6.24 | ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws | An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that | Vulnerebility | The Hacker News |
| 13.6.24 | Netgear WNR614 flaws allow device takeover, no fix available | Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. | Vulnerebility | |
| 13.6.24 | Exploit for critical Veeam auth bypass available, patch now | A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. | Vulnerebility | |
| 12.6.24 | Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ Vulnerability | Microsoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities, | Vulnerebility | The Hacker News |
| 9.6.24 | PHP fixes critical RCE flaw impacting all versions for Windows | A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. | Vulnerebility | |
| 9.6.24 | Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells | Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. | Vulnerebility | |
| 8.6.24 | TikTok fixes zero-day bug used to hijack high-profile accounts | Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. | Vulnerebility | |
| 8.6.24 | Zyxel issues emergency RCE patch for end-of-life NAS devices | Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. | Vulnerebility | |
| 8.6.24 | Cox fixed an API auth bypass exposing millions of modems to attacks | Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information. | Vulnerebility | |
| 8.6.24 | Azure Service Tags tagged as security risk, Microsoft disagrees | Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tags that could allow attackers to access customers' private data. | Vulnerebility | |
| 8.6.24 | Exploit for critical Progress Telerik auth bypass released, patch now | Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. | Vulnerebility | |
5.6.24 | Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS Models | Zyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices that | Vulnerebility | The Hacker News |
5.6.24 | Telerik Report Server Flaw Could Let Attackers Create Rogue Admin Accounts | Progress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could be | Vulnerebility | The Hacker News |
3.6.24 | Researcher Uncovers Flaws in Cox Modems, Potentially Impacting Millions | Now-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorized | Vulnerebility | The Hacker News |
31.5.24 | Check Point releases emergency fix for VPN zero-day exploited in attacks | Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. | Vulnerebility | |
30.5.24 | Researchers Uncover Active Exploitation of WordPress Plugin Vulnerabilities | Cybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being actively | Vulnerebility | The Hacker News |
29.5.24 | Check Point Warns of Zero-Day Attacks on its VPN Gateway Products | Check Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919 , the issue impacts CloudGuard | Vulnerebility | The Hacker News |
29.5.24 | TP-Link fixes critical RCE bug in popular C5400X gaming router | The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. | Vulnerebility | |
28.5.24 |
TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks |
A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code | Vulnerebility | The Hacker News |
26.5.24 | Google fixes eighth actively exploited Chrome zero-day this year | Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. | Vulnerebility | |
25.5.24 | A journey into forgotten Null Session and MS-RPC interfaces | It has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. | Vulnerebility | Securelist |
25.5.24 | Veeam warns of critical Backup Enterprise Manager auth bypass bug | Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). | Vulnerebility | |
25.5.24 | GitHub warns of SAML auth bypass flaw in Enterprise Server | GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4985, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. | Vulnerebility | BleepingComputer |
23.5.24 | Google rolls out Chrome fix for empty pages when switching tabs | Google is rolling out a server-side fix for a known issue affecting the Chrome browser that causes webpage content to temporarily disappear when users change between open tabs. | Vulnerebility | |
23.5.24 | Critical Fluent Bit flaw impacts all major cloud providers | A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. | Vulnerebility | |
23.5.24 | Ivanti Patches Critical Remote Code Execution Flaws in Endpoint Manager | Ivanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploited | Vulnerebility | The Hacker News |
22.5.24 | QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS Appliances | Taiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some of | Vulnerebility | The Hacker News |
22.5.24 | Critical Veeam Backup Enterprise Manager Flaw Allows Authentication Bypass | Users of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a critical | Vulnerebility | The Hacker News |
22.5.24 | Critical GitHub Enterprise Server Flaw Allows Authentication Bypass | GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker | Vulnerebility | The Hacker News |
22.5.24 | Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox | A critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited by | Vulnerebility | The Hacker News |
21.5.24 | "Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent Bit | Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could | Vulnerebility | The Hacker News |
17.5.24 | CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch Now | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers to | Vulnerebility | The Hacker News |
17.5.24 | Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound Machines | Security researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family that | Vulnerebility | The Hacker News |
15.5.24 | Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days | Microsoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024, | Vulnerebility | The Hacker News |
15.5.24 | VMware Patches Severe Security Flaws in Workstation and Fusion Products | Multiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threat | Vulnerebility | The Hacker News |
15.5.24 | New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active Exploitation | Google on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come under | Vulnerebility | The Hacker News |
15.5.24 | Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious Code | The maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen security | Vulnerebility | The Hacker News |
14.5.24 | Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various Industries | Cybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited by | Vulnerebility | The Hacker News |
12.5.24 | Google fixes fifth Chrome zero-day exploited in attacks this year | Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. | Vulnerebility | |
11.5.24 | Citrix warns admins to manually mitigate PuTTY SSH client bug | Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. | Vulnerebility | |
11.5.24 | New BIG-IP Next Central Manager bugs allow device takeover | F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets. | Vulnerebility | |
10.5.24 |
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability |
Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the |
||
| 9.5.24 | Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw | Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. | Vulnerebility | |
| 9.5.24 | Critical F5 Central Manager Vulnerabilities Allow Enable Full Device Takeover | Two security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seize | Vulnerebility | The Hacker News |
| 6.5.24 | Google rolls back reCaptcha update to fix Firefox issues | Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. | Vulnerebility | |
| 6.5.24 | HPE Aruba Networking fixes four critical RCE flaws in ArubaOS | HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. | Vulnerebility | |
| 6.5.24 | Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code Execution | More than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a critical | Vulnerebility | The Hacker News |
| 5.5.24 | R language flaw allows code execution via RDS/RDX files | A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. | Vulnerebility | |
| 5.5.24 | Google now pays up to $450,000 for RCE bugs in some Android apps | Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. | Vulnerebility | BleepingComputer |
| 4.5.24 | Microsoft fixes bug behind incorrect BitLocker encryption errors | Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. | Vulnerebility | BleepingComputer |
| 3.5.24 | Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE Attacks | HPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS that | Vulnerebility | The Hacker News |
| 30.4.24 | New R Programming Vulnerability Exposes Projects to Supply Chain Attacks | A security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create a | Vulnerebility | The Hacker News |
| 30.4.24 | Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete Takeover | Multiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploited | Vulnerebility | The Hacker News |
| 30.4.24 | Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office Flaw | Cybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven- | Vulnerebility | The Hacker News |
| 26.4.24 | Severe Flaws Disclosed in Brocade SANnav SAN Management Software | Several security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws | Vulnerebility | The Hacker News |
| 26.4.24 | Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack | Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has | Vulnerebility | The Hacker News |
| 25.4.24 | Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App Users | Security vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefarious | Vulnerebility | The Hacker News |
| 22.4.24 | Critical Forminator plugin flaw impacts over 300k WordPress sites | The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. | Vulnerebility | |
| 20.4.24 | MITRE says state hackers breached its network via Ivanti zero-days | The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. | Vulnerebility | |
| 20.4.24 | Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under Attack | Palo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation in | Vulnerebility | The Hacker News |
| 17.4.24 | Exploit released for Palo Alto PAN-OS bug used in attacks, patch now | Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. | Vulnerebility | |
| 17.4.24 | PuTTY SSH client flaw allows recovery of cryptographic private keys | A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. | Vulnerebility | |
| 17.4.24 | Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New Campaign | Cybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClient | Vulnerebility | The Hacker News |
| 16.4.24 | Palo Alto Networks fixes zero-day exploited to backdoor firewalls | Palo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls. | Vulnerebility | |
| 16.4.24 | Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery Attack | The maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions from | Vulnerebility | The Hacker News |
| 16.4.24 | Intel and Lenovo BMCs Contain Unpatched Lighttpd Server Flaw | A security flaw impacting the Lighttpd web server used in baseboard management controllers ( BMCs ) has remained | Vulnerebility | The Hacker News |
| 15.4.24 | Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS Vulnerability | Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come | Vulnerebility | The Hacker News |
| 14.4.24 | Telegram fixes Windows app zero-day used to launch Python scripts | Telegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts. | Vulnerebility | |
| 14.4.24 | Intel and Lenovo servers impacted by 6-year-old BMC flaw | An almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo. | Vulnerebility | |
| 12.4.24 | Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active Attack | Palo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploited | Vulnerebility | The Hacker News |
| 11.4.24 | Critical Rust flaw enables Windows command injection attacks | Threat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks. | Vulnerebility | |
| 11.4.24 | New SharePoint flaws help hackers evade detection when stealing files | Researchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint. | Vulnerebility | |
| 11.4.24 | Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks | Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw. | Vulnerebility | |
| 11.4.24 | Fortinet Rolls Out Critical Security Patches for FortiClientLinux Vulnerability | Fortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieve | Vulnerebility | The Hacker News |
| 9.4.24 | Researchers Discover LG Smart TV Vulnerabilities Allowing Root Access | Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass | Vulnerebility | The Hacker News |
| 9.4.24 | Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware Attacks | Threat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D- | Vulnerebility | The Hacker News |
| 7.4.24 | New Ivanti RCE flaw may impact 16,000 exposed VPN gateways | Approximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week. | Vulnerebility | |
| 7.4.24 | Microsoft fixes Outlook security alerts bug caused by December updates | Microsoft has fixed an issue that triggers erroneous Outlook security alerts when opening .ICS calendar files after installing the December 2023 Outlook Desktop security updates | Vulnerebility | |
| 6.4.24 | Critical flaw in LayerSlider WordPress plugin impacts 1 million sites | A premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin. | Vulnerebility | |
| 6.4.24 | Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacks | IT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways. | Vulnerebility | |
| 6.4.24 | Google fixes one more Chrome zero-day exploited at Pwn2Own | Google has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month. | Vulnerebility | |
| 6.4.24 | Google fixes two Pixel zero-day flaws exploited by forensics firms | Google has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them. | Vulnerebility | |
| 5.4.24 | Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security Flaws | Multiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliances | Vulnerebility | The Hacker News |
| 4.4.24 | Microsoft warns Gmail blocks some Outlook email as spam, shares fix | Microsoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts. | Vulnerebility | |
| 4.4.24 | Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy Secure | Ivanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that could | Vulnerebility | The Hacker News |
| 3.4.24 | Critical Security Flaw Found in Popular LayerSlider WordPress Plugin | A critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information from | Vulnerebility | The Hacker News |
| 31.3.24 | Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords | A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. | Vulnerebility | |
| 31.3.24 | Google fixes Chrome zero-days exploited at Pwn2Own 2024 | Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. | Vulnerebility | |
| 30.3.24 | Germany warns of 17K vulnerable Microsoft Exchange servers exposed online | The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. | Vulnerebility | BleepingComputer |
| 28.3.24 | CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft Sharepoint Server | Vulnerebility | The Hacker News |
| 28.3.24 | Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious Extensions | A now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users' | Vulnerebility | The Hacker News |
| 26.3.24 | New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption Keys | A new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographic | Vulnerebility | The Hacker News |
| 23.3.24 | US Defense Dept received 50,000 vulnerability reports since 2016 | The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. | Vulnerebility | |
| 22.3.24 | AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking | Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows for | Vulnerebility | The Hacker News |
| 21.3.24 | Apex Legends players worried about RCE flaw after ALGS hacks | Electronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament. | Vulnerebility | |
| 21.3.24 | Ivanti Releases Urgent Fix for Critical Sentry RCE Vulnerability | Ivanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as | Vulnerebility | The Hacker News |
| 21.3.24 | Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug | Atlassian has released patches for more than two dozen security flaws , including a critical bug impacting Bamboo Data Center and Server that could | Vulnerebility | The Hacker News |
| 18.3.24 | Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer Tool | Fortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticated | Vulnerebility | The Hacker News |
| 18.3.24 | WordPress Admins Urged to Remove miniOrange Plugins Due to Critical Flaw | WordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites following | Vulnerebility | The Hacker News |
| 16.3.24 | GhostRace – New Data Leak Vulnerability Affects Modern CPUs | A group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed | Vulnerebility | The Hacker News |
| 14.3.24 | Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover | Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code | Vulnerebility | The Hacker News |
| 14.3.24 | Fortinet warns of critical RCE bug in endpoint management software | Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. | Vulnerebility | |
| 14.3.24 | DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day Attack | A DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day using | Vulnerebility | The Hacker News |
| 14.3.24 | Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software | Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected | Vulnerebility | The Hacker News |
| 10.3.24 | Critical Fortinet flaw may impact 150,000 exposed devices | Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. | Vulnerebility | |
| 10.3.24 | QNAP warns of critical auth bypass flaw in its NAS devices | QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. | Vulnerebility | |
| 10.3.24 | AnyCubic fixes exploited 3D printer zero day flaw with new firmware | AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. | Vulnerebility | |
| 10.3.24 | Critical TeamCity flaw now widely exploited to create admin accounts | Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. | Vulnerebility | |
| 9.3.24 | VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion | VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system. | Vulnerebility | |
| 8.3.24 | Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure Client | Cisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actor | Vulnerebility | The Hacker News |
| 6.3.24 | ScreenConnect flaws exploited to drop new ToddlerShark malware | The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark. | Vulnerebility | |
| 6.3.24 | VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws | VMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to code | Vulnerebility | The Hacker News |
| 3.3.24 | Citrix, Sophos software impacted by 2024 leap year bugs | Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products. | Vulnerebility | |
| 28.2.24 | WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at Risk | A security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate their | Vulnerebility | The Hacker News |
| 27.2.24 | WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ Websites | A critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations. | Vulnerebility | The Hacker News |
| 24.2.24 | Joomla fixes XSS flaws that could expose sites to RCE attacks | Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. | Vulnerebility | |
| 24.2.24 | VMware urges admins to remove deprecated, vulnerable auth plug-in | VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. | Vulnerebility | |
| 23.2.24 | ConnectWise urges ScreenConnect admins to patch critical RCE flaw | ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks. | Vulnerebility | |
| 22.2.24 | New Wi-Fi Vulnerabilities Expose Android and Linux Devices to Hackers | Cybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devices | Vulnerebility | The Hacker News |
| 21.2.24 | VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at Risk | VMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as | Vulnerebility | The Hacker News |
| 20.2.24 | Critical Flaws Found in ConnectWise ScreenConnect Software - Patch Now | ConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including a | Vulnerebility | The Hacker News |
| 20.2.24 | WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ Sites | A critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptible | Vulnerebility | The Hacker News |
| 18.2.24 | Three critical application security flaws scanners can’t detect | In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security. | Vulnerebility | |
| 18.2.24 | Zoom patches critical privilege elevation flaw in Windows apps | The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network. | Vulnerebility | |
| 17.2.24 | ExpressVPN bug has been leaking some DNS requests for years | ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers. | Vulnerebility | |
| 16.2.24 | Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated Libraries | A reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoring | Vulnerebility | The Hacker News |
| 15.2.24 | Critical Exchange Server Flaw (CVE-2024-21410) Under Active Exploitation | Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a | Vulnerebility | The Hacker News |
| 15.2.24 | Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT Infrastructures | Threat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy a | Vulnerebility | The Hacker News |
| 9.2.24 | Ivanti: Patch new Connect Secure auth bypass bug immediately | Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. | Vulnerebility | |
| 9.2.24 | Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure | Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. | Vulnerebility | |
| 9.2.24 | Critical Cisco bug exposes Expressway gateways to CSRF attacks | Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. | Vulnerebility | |
| 9.2.24 | Critical Cisco bug exposes Expressway gateways to CSRF attacks | Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. | Vulnerebility | |
| 9.2.24 | Critical flaw in Shim bootloader impacts major Linux distros | A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms. | Vulnerebility | |
| 9.2.24 | Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA Gateways | Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow | Vulnerebility | The Hacker News |
| 7.2.24 | Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error | It turns out that critical Fortinet FortiSIEM vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 are not new and have been published this year in error. | Vulnerebility | |
| 7.2.24 | JetBrains warns of new TeamCity auth bypass vulnerability | JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges. | Vulnerebility | |
| 7.2.24 | Newest Ivanti SSRF zero-day now under mass exploitation | An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers. | Vulnerebility | |
| 7.2.24 | Leaky Vessels flaws allow hackers to escape Docker, runc containers | Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system. | Vulnerebility | BleepingComputer |
| 7.2.24 | Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux Distros | The maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote code | Vulnerebility | The Hacker News |
| 7.2.24 | Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now | JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) | Vulnerebility | The Hacker News |
| 6.2.24 | High Severity Flaws Found in Azure HDInsight Spark, Kafka, and Hadoop Services | Three new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop , Kafka , and Spark services that could be exploited to | Vulnerebility | The Hacker News |
| 4.2.24 | Mastodon vulnerability allows attackers to take over accounts | Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account. | Vulnerebility | |
| 4.2.24 | Microsoft fixes connection issue affecting Outlook email apps | Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts. | Vulnerebility | |
| 4.2.24 | Google shares fix for Pixel phones hit by bad system update | Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update. | Vulnerebility | |
| 4.2.24 | New Windows Event Log zero-day flaw gets unofficial patches | Free unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain. | Vulnerebility | |
3.2.24 | Ivanti warns of new Connect Secure zero-day exploited in attacks | Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation. | Vulnerebility | |
3.2.24 | New Linux glibc flaw lets attackers get root on major distros | Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc). | Vulnerebility | |
3.2.24 | Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized Account | The decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account. | Vulnerebility | The Hacker News |
2.2.24 | 45k Jenkins servers exposed to RCE attacks using public exploits | Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. | Vulnerebility | BleepingComputer |
| 1.2.24 | Cisco warns of critical RCE flaw in communications software | Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue. | Vulnerebility | |
1.2.24 | Over 5,300 GitLab servers exposed to zero-click account takeover attacks | Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. | Vulnerebility | |
1.2.24 | New Glibc Flaw Grants Attackers Root Access on Major Linux Distros | Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka | Vulnerebility | The Hacker News |
31.1.24 | Fortra warns of new critical GoAnywhere MFT auth bypass, patch now | Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user. | Vulnerebility | |
31.1.24 | Ivanti: VPN appliances vulnerable if pushing configs after mitigation | Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities. | Vulnerebility | |
31.1.24 | URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite | GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to | Vulnerebility | The Hacker News |
30.1.24 | Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws | Juniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor to | Vulnerebility | The Hacker News |
30.1.24 | Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM Passwords | A now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords when | Vulnerebility | The Hacker News |
26.1.24 | Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems | Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could | Vulnerebility | The Hacker News |
26.1.24 | Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP! | The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolved | Vulnerebility | The Hacker News |
23.1.24 | ~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active Exploitation | Malicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and Confluence | Vulnerebility | The Hacker News |
21.1.24 | Chinese hackers exploit VMware bug as zero-day for two years | A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021. | Vulnerebility | |
20.1.24 | AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks | A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. | Vulnerebility | |
20.1.24 | GitHub rotates keys to mitigate impact of credential-exposing flaw | GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. | Vulnerebility | |
19.1.24 | Citrix warns of new Netscaler zero-days exploited in attacks | Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities. | Vulnerebility | |
19.1.24 | Google fixes first actively exploited Chrome zero-day of 2024 | Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year. | Vulnerebility | |
19.1.24 | PixieFail flaws impact PXE network boot in enterprise systems | A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers. | Vulnerebility | |
19.1.24 | Atlassian warns of critical RCE flaw in older Confluence versions | Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases. | Vulnerebility | |
19.1.24 | Ivanti Connect Secure zero-days now under mass exploitation | Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation. | Vulnerebility | |
19.1.24 | Microsoft working on a fix for Windows 10 0x80070643 errors | Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability. | Vulnerebility | |
19.1.24 | Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks | Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks. | Vulnerebility | |
19.1.24 | TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks | Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could | Vulnerebility | The Hacker News |
19.1.24 | PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data Theft | Multiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the Unified | Vulnerebility | The Hacker News |
18.1.24 | GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials | GitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentials | Vulnerebility | The Hacker News |
17.1.24 | Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP! | Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that are | Vulnerebility | The Hacker News |
16.1.24 | Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows | Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be.. | Vulnerebility | The Hacker News |
15.1.24 | High-Severity Flaws Uncovered in Bosch Thermostats and Smart Nutrunners | Multiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, if | Vulnerebility | The Hacker News |
13.1.24 | Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX Switches | Juniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue, | Vulnerebility | The Hacker News |
13.1.24 | GitLab warns of critical zero-click account hijacking vulnerability | GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. | Vulnerebility | |
12.1.24 | Juniper warns of critical RCE bug in its firewalls and switches | Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. | Vulnerebility | |
12.1.24 | Ivanti Connect Secure zero-days exploited to deploy custom malware | Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes. | Vulnerebility | |
12.1.24 | Over 150k WordPress sites at takeover risk via vulnerable plugin | Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication. | Vulnerebility | |
12.1.24 | Microsoft shares script to update Windows 10 WinRE with BitLocker fixes | Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. | Vulnerebility | |
11.1.24 | Cisco says critical Unity Connection bug lets attackers get root | Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. | Vulnerebility | |
11.1.24 | Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy Secure | A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to | Vulnerebility | The Hacker News |
11.1.24 | Cisco Fixes High-Risk Vulnerability Impacting Unity Connection Software | Cisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitrary | Vulnerebility | The Hacker News |
9.1.24 | Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device Manager | A security flaw has been disclosed in Kyocera's Device Manager product that could be exploited by bad actors to carry out malicious activities on affected | Vulnerebility | The Hacker News |
6.1.24 | Hackers target Apache RocketMQ servers vulnerable to RCE attacks | Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582. | Vulnerebility | |
6.1.24 | Ivanti warns critical EPM bug lets hackers hijack enrolled devices | Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server. | Vulnerebility | |
5.1.24 | Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager Solution | Ivanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, could | Vulnerebility | The Hacker News |