Vulnerebility List -  2024  2023  2021  2020  2019  2018

DATE

NAME

Info

CATEG.

WEB

21.12.24Sophos Issues Hotfixes for Critical Firewall Flaws: Update to Prevent ExploitationSophos has released hotfixes to address three security flaws in Sophos Firewall products that could be exploited to achieve remote code execution and allowVulnerebility

The Hacker News

21.12.24Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access ToolsA now-patched critical security flaw impacting Fortinet FortiClient EMS is being exploited by malicious actors as part of a cyber campaign that installed remoteVulnerebility

The Hacker News

21.12.24Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access ExploitsFortinet has issued an advisory for a now-patched critical security flaw impacting Wireless LAN Manager (FortiWLM) that could lead to disclosure of sensitiveVulnerebility

The Hacker News

18.12.24BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS ProductsBeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access (PRA) and Remote Support (RS) products that could potentially lead to theVulnerebility

The Hacker News

1.11.24

LiteSpeed Cache Plugin Vulnerability Poses Significant Risk to WordPress WebsitesA high-severity security flaw has been disclosed in the LiteSpeed Cache plugin for WordPress that could allow an unauthenticatedVulnerebility

The Hacker News

30.10.24

Opera Browser Fixes Big Security Hole That Could Have Exposed Your InformationA now-patched security flaw in the Opera web browser could have enabled a malicious extension to gain unauthorized, full access toVulnerebility

The Hacker News

29.10.24

New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel ProcessorsMore than six years after the Spectre security flaw impacting modern CPU processors came to light, new research has found that theVulnerebility

The Hacker News

27.10.24

Researchers Discover Command Injection Flaw in Wi-Fi Alliance's Test SuiteA security flaw impacting the Wi-Fi Test Suite could enable unauthenticated local attackers to execute arbitrary code withVulnerebility

The Hacker News

27.10.24

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover RisksCybersecurity researchers have disclosed a security flaw impacting Amazon Web Services (AWS) Cloud Development Kit (CDK) thatVulnerebility

The Hacker News

27.10.24

Cisco Issues Urgent Fix for ASA and FTD Software Vulnerability Under Active AttackCisco on Wednesday said it has released updates to address an actively exploited security flaw in its Adaptive Security ApplianceVulnerebility

The Hacker News

27.10.24

Fortinet Warns of Critical Vulnerability in FortiManager Under Active ExploitationFortinet has confirmed details of a critical security flaw impacting FortiManager that has come under active exploitation in the wild.Vulnerebility

The Hacker News

27.10.24

Security Flaw in Styra's OPA Exposes NTLM Hashes to Remote Attackers

Details have emerged about a now-patched security flaw in Styra's Open Policy Agent ( OPA ) that, if successfully exploited, could have

Vulnerebility

The Hacker News

27.10.24

VMware Releases vCenter Server Update to Fix Critical RCE Vulnerability

VMware has released software updates to address an already patched security flaw in vCenter Server that could pave the way for

Vulnerebility

The Hacker News

27.10.24

CISA Adds ScienceLogic SL1 Vulnerability to Exploited Catalog After Active Zero-Day Attack

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting ScienceLogic SL1 to

Vulnerebility

The Hacker News

27.10.24

Researchers Discover Severe Security Flaws in Major E2EE Cloud Storage Providers

Cybersecurity researchers have discovered severe cryptographic issues in various end-to-end encrypted (E2EE) cloud storage platforms that could be exploited to leak sensitive data. "The

Vulnerebility

The Hacker News

26.10.24Microsoft Reveals macOS Vulnerability that Bypasses Privacy Controls in Safari BrowserMicrosoft has disclosed details about a now-patched security flaw in Apple's Transparency, Consent, and Control (TCC) framework inVulnerebilityThe Hacker News
26.10.24Critical Kubernetes Image Builder Vulnerability Exposes Nodes to Root Access RiskA critical security flaw has been disclosed in the Kubernetes Image Builder that, if successfully exploited, could be abused to gain rootVulnerebilityThe Hacker News
26.10.24GitHub Patches Critical Flaw in Enterprise Server Allowing Unauthorized Instance AccessGitHub has released security updates for Enterprise Server (GHES) to address multiple issues, including a critical bug that could allowVulnerebilityThe Hacker News

15.9.24

WordPress Plugin Jetpack Patches Major Vulnerability Affecting 27 Million SitesThe maintainers of the Jetpack WordPress plugin have released a security update to remediate a critical vulnerability that could allowVulnerebilityThe Hacker News

15.9.24

Critical Veeam Vulnerability Exploited to Spread Akira and Fog RansomwareThreat actors are actively attempting to exploit a now-patched security flaw in Veeam Backup & Replication to deploy Akira and FogVulnerebilityThe Hacker News

29.9.24

Progress urges admins to patch critical WhatsUp Gold bugs ASAPProgress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible.Vulnerebility

BleepingComputer

29.9.24

CUPS flaws enable Linux remote code execution, but there’s a catchUnder certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines.VulnerebilityBleepingComputer

28.9.24

Progress Software Releases Patches for 6 Flaws in WhatsUp Gold – Patch NowProgress Software has released another round of updates to address six security flaws in WhatsUp Gold, including two criticalVulnerebilityThe Hacker News

28.9.24

HPE Aruba Networking fixes critical flaws impacting Access PointsHPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices.Vulnerebility

BleepingComputer

27.9.24

Critical Linux CUPS Printing System Flaws Could Allow Remote Command ExecutionA new set of security vulnerabilities has been disclosed in the OpenPrinting Common Unix Printing System ( CUPS ) on LinuxVulnerebilityThe Hacker News

27.9.24

Critical NVIDIA Container Toolkit Vulnerability Could Grant Full Host Access to AttackersA critical security flaw has been disclosed in the NVIDIA Container Toolkit that, if successfully exploited, could allow threat actors toVulnerebilityThe Hacker News

26.9.24

Critical Ivanti vTM auth bypass bug now exploited in attacksCISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks.Vulnerebility

BleepingComputer

25.9.24

Google's Shift to Rust Programming Cuts Android Memory Vulnerabilities by 52%Google has revealed that its transition to memory-safe languages such as Rust as part of its secure-by-design approach has led to theVulnerebilityThe Hacker News

25.9.24

CISA Flags Critical Ivanti vTM Vulnerability Amid Active Exploitation ConcernsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw impacting Ivanti Virtual TrafficVulnerebilityThe Hacker News

21.9.24

GitLab releases fix for critical SAML authentication bypass flawGitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE).Vulnerebility

BleepingComputer

21.9.24

Broadcom fixes critical RCE bug in VMware vCenter ServerBroadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet.VulnerebilityBleepingComputer

20.9.24

D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routersD-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials.Vulnerebility

BleepingComputer

20.9.24

Critical Ivanti Cloud Appliance Vulnerability Exploited in Active CyberattacksIvanti has revealed that a critical security flaw impacting Cloud Service Appliance (CSA) has come under active exploitation in theVulnerebilityThe Hacker News

19.9.24

GitLab Patches Critical SAML Authentication Bypass Flaw in CE and EE EditionsGitLab has released patches to address a critical flaw impacting Community Edition (CE) and Enterprise Edition (EE) that could resultVulnerebilityThe Hacker News

18.9.24

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code ExecutionBroadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way forVulnerebilityThe Hacker News

17.9.24

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE AttacksSolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a criticalVulnerebilityThe Hacker News

16.9.24

Google Fixes GCP Composer Flaw That Could've Led to Remote Code ExecutionA now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieveVulnerebilityThe Hacker News

15.9.24

GitLab warns of critical pipeline execution vulnerabilityGitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. Vulnerebility

BleepingComputer

14.9.24

Ivanti fixes maximum severity RCE bug in Endpoint Management softwareIvanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server.Vulnerebility

BleepingComputer

14.9.24

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance VulnerabilityIvanti has revealed that a newly patched security flaw in its Cloud Service Appliance (CSA) has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190VulnerebilityThe Hacker News

12.9.24

Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job ExecutionGitLab on Wednesday released security updates to address 17 security vulnerabilities, including a critical flaw that allows anVulnerebilityThe Hacker News

11.9.24

Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows FlawsMicrosoft on Tuesday disclosed that three new security flaws impacting the Windows platform have come under activeVulnerebilityThe Hacker News

11.9.24

Ivanti Releases Urgent Security Updates for Endpoint Manager VulnerabilitiesIvanti has released software updates to address multiple security flaws impacting Endpoint Manager (EPM), including 10 criticalVulnerebilityThe Hacker News

10.9.24

Progress LoadMaster vulnerable to 10/10 severity RCE flawProgress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device.Vulnerebility

BleepingComputer

9.9.24

Progress Software Issues Patch for Vulnerability in LoadMaster and MT HypervisorProgress Software has released security updates for a maximum-severity flaw in LoadMaster and Multi-Tenant (MT) hypervisor thatVulnerebilityThe Hacker News

8.9.24

SonicWall SSLVPN access control flaw is now exploited in attacksSonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible.Vulnerebility

BleepingComputer

8.9.24

Apache fixes critical OFBiz remote code execution vulnerabilityApache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers.Vulnerebility

BleepingComputer

8.9.24

Veeam warns of critical RCE flaw in Backup & Replication softwareVeeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.Vulnerebility

BleepingComputer

8.9.24

Zyxel warns of critical OS command injection flaw in routersZyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection.Vulnerebility

BleepingComputer

7.9.24

D-Link says it is not fixing four RCE flaws in DIR-846W routersD-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported.Vulnerebility

BleepingComputer

7.9.24

SonicWall Urges Users to Patch Critical Firewall Flaw Amid Possible ExploitationSonicWall has revealed that a recently patched critical security flaw impacting SonicOS may have come under active exploitation, making it essential that users apply the patches as soon as possible. TheVulnerebilityThe Hacker News

7.9.24

GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious CodeThreat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloadingVulnerebilityThe Hacker News

6.9.24

Critical Security Flaw Found in LiteSpeed Cache Plugin for WordPressCybersecurity researchers have discovered yet another critical security flaw in the LiteSpeed Cache plugin for WordPress that couldVulnerebilityThe Hacker News

6.9.24

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code ExecutionA new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote codeVulnerebilityThe Hacker News

6.9.24

Veeam Releases Security Updates to Fix 18 Flaws, Including 5 Critical IssuesVeeam has shipped security updates to address a total of 18 security flaws impacting its software products, including five criticalVulnerebilityThe Hacker News

5.9.24

Cisco Fixes Two Critical Flaws in Smart Licensing Utility to Prevent Remote AttacksCisco has released security updates for two critical security flaws impacting its Smart Licensing Utility that could allowVulnerebilityThe Hacker News

4.9.24

Zyxel Patches Critical OS Command Injection Flaw in Access Points and RoutersZyxel has released software updates to address a critical security flaw impacting certain access point (AP) and security router versionsVulnerebilityThe Hacker News

31.8.24

Google increases Chrome bug bounty rewards up to $250,000Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000.Vulnerebility

BleepingComputer

31.8.24

Fortra fixes critical FileCatalyst Workflow hardcoded password issueFortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges.Vulnerebility

BleepingComputer

30.8.24

Atlassian Confluence Vulnerability Exploited in Crypto Mining CampaignsThreat actors are actively exploiting a now-patched, critical security flaw impacting the Atlassian Confluence Data Center and ConfluenceVulnerebilityThe Hacker News

29.8.24

Fortra Issues Patch for High-Risk FileCatalyst Workflow Security VulnerabilityFortra has addressed a critical security flaw impacting FileCatalyst Workflow that could be abused by a remote attacker to gainVulnerebilityThe Hacker News

28.8.24

CISA Flags Critical Apache OFBiz Flaw Amid Active Exploitation ReportsThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added a critical security flaw affecting the Apache OFBiz open-source enterprise resource planning (ERP) system to its KnownVulnerebilityThe Hacker News

28.8.24

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code ExecutionA critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to executeVulnerebilityThe Hacker News

27.8.24

SonicWall warns of critical access control flaw in SonicOSSonicWall's SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash.Vulnerebility

BleepingComputer

27.8.24

Microsoft Fixes ASCII Smuggling Flaw That Enabled Data Theft from Microsoft 365 CopilotDetails have emerged about a now-patched vulnerability in Microsoft 365 Copilot that could enable the theft of sensitive user informationVulnerebilityThe Hacker News

27.8.24

Google Warns of CVE-2024-7965 Chrome Security Flaw Under Active ExploitationGoogle has revealed that a security flaw that was patched as part of a software update rolled out last week to its Chrome browser hasVulnerebilityThe Hacker News

27.8.24

SonicWall Issues Critical Patch for Firewall Vulnerability Allowing Unauthorized AccessSonicWall has released security updates to address a critical flaw impacting its firewalls that, if successfully exploited, could grantVulnerebilityThe Hacker News

26.8.24

Researchers Identify Over 20 Supply Chain Vulnerabilities in MLOps PlatformsCybersecurity researchers are warning about the security risks in the machine learning (ML) software supply chain following the discoveryVulnerebilityThe Hacker News

26.8.24

Critical Flaws in Traccar GPS System Expose Users to Remote AttacksTwo security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited byVulnerebilityThe Hacker News

24.8.24

SolarWinds fixes hardcoded credentials flaw in Web Help DeskSolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials.Vulnerebility

BleepingComputer

24.8.24

Google fixes ninth Chrome zero-day tagged as exploited this year​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one tagged as exploited this year.Vulnerebility

BleepingComputer

24.8.24

Litespeed Cache bug exposes millions of WordPress sites to takeover attacksA critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts.Vulnerebility

BleepingComputer

24.8.24

GitHub Enterprise Server vulnerable to critical auth bypass flawA critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine.Vulnerebility

BleepingComputer

23.8.24

Hardcoded Credential Vulnerability Found in SolarWinds Web Help DeskSolarWinds has issued patches to address a new security flaw in its Web Help Desk (WHD) software that could allow remoteVulnerebilityThe Hacker News

23.8.24

New 'ALBeast' Vulnerability Exposes Weakness in AWS Application Load BalancerAs many as 15,000 applications using Amazon Web Services' (AWS) Application Load Balancer (ALB) for authentication are potentiallyVulnerebilityThe Hacker News

22.8.24

Google Fixes High-Severity Chrome Flaw Actively Exploited in the WildGoogle has rolled out security fixes to address a high-severity security flaw in its Chrome browser that it said has come underVulnerebilityThe Hacker News

22.8.24

Critical Flaw in WordPress LiteSpeed Cache Plugin Allows Hackers Admin AccessCybersecurity researchers have disclosed a critical security flaw in the LiteSpeed Cache plugin for WordPress that could permitVulnerebilityThe Hacker News

22.8.24

GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin PrivilegesGitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bugVulnerebilityThe Hacker News

21.8.24

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch nowMicrosoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled.Vulnerebility

BleepingComputer

21.8.24

SolarWinds fixes critical RCE bug affecting all Web Help Desk versionsA critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today.Vulnerebility

BleepingComputer

21.8.24

GiveWP WordPress Plugin Vulnerability Puts 100,000+ Websites at RiskA maximum-severity security flaw has been disclosed in the WordPress GiveWP donation and fundraising plugin that exposesVulnerebilityThe Hacker News

17.8.24

Critical SAP flaw allows remote attackers to bypass authenticationSAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system.Vulnerebility

BleepingComputer

16.8.24

Google Pixel Devices Shipped with Vulnerable App, Leaving Millions at RiskA large percentage of Google's own Pixel devices shipped globally since September 2017 included dormant software that could be usedVulnerebilityThe Hacker News

16.8.24

Cisco warns of critical RCE zero-days in end of life IP phonesCisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones.Vulnerebility

BleepingComputer

15.8.24

SolarWinds Releases Patch for Critical Flaw in Web Help Desk SoftwareSolarWinds has released patches to address a critical security vulnerability in its Web Help Desk software that could be exploited toVulnerebilityThe Hacker News

15.8.24

GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential TakeoverA newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gainVulnerebilityThe Hacker News

15.8.24

Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-DaysMicrosoft on Tuesday shipped fixes to address a total of 90 security flaws , including 10 zero-days, of which six have come under activeVulnerebilityThe Hacker News

15.8.24

Critical Flaw in Ivanti Virtual Traffic Manager Could Allow Rogue Admin AccessIvanti has rolled out security updates for a critical flaw in Virtual Traffic Manager (vTM) that could be exploited to achieve anVulnerebilityThe Hacker News

15.8.24

GhostWrite: New T-Head CPU Bugs Expose Devices to Unrestricted AttacksA team of researchers from the CISPA Helmholtz Center for Information Security in Germany has disclosed an architectural bugVulnerebilityThe Hacker News

13.8.24

Researchers Uncover Vulnerabilities in Solarman and Deye Solar SystemsCybersecurity researchers have identified a number of security shortcomings in photovoltaic system management platformsVulnerebilityThe Hacker News

11.8.24

Critical Progress WhatsUp RCE flaw now under active exploitationThreat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks.Vulnerebility

BleepingComputer

11.8.24

Researchers Uncover 10 Flaws in Google's File Transfer Tool Quick ShareAs many as 10 security flaws have been uncovered in Google's Quick Share data transfer utility for Android and Windows that could beVulnerebilityThe Hacker News

10.8.24

Microsoft Warns of Unpatched Office Vulnerability Leading to Data ExposureMicrosoft has disclosed an unpatched zero-day in Office that, if successfully exploited, could result in unauthorized disclosure ofVulnerebilityThe Hacker News

10.8.24

Experts Uncover Severe AWS Flaws Leading to RCE, Data Theft, and Full-Service TakeoversCybersecurity researchers have discovered multiple critical flaws in Amazon Web Services (AWS) offerings that, if successfully exploited,VulnerebilityThe Hacker News

10.8.24

Microsoft Reveals Four OpenVPN Flaws Leading to Potential RCE and LPEMicrosoft on Thursday disclosed four medium-severity security flaws in the open-source OpenVPN software that could be chained toVulnerebilityThe Hacker News

9.8.24

New Flaws in Sonos Smart Speakers Allow Hackers to Eavesdrop on UsersCybersecurity researchers have uncovered weaknesses in Sonos smart speakers that could be exploited by malicious actors toVulnerebilityThe Hacker News

8.8.24

0.0.0.0 Day: 18-Year-Old Browser Vulnerability Impacts MacOS and Linux DevicesCybersecurity researchers have discovered a new " 0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerabilityVulnerebilityThe Hacker News

8.8.24

Critical Security Flaw in WhatsUp Gold Under Active Attack - Patch NowA critical security flaw impacting Progress Software WhatsUp Gold is seeing active exploitation attempts, making it essential that usersVulnerebilityThe Hacker News

7.8.24

Roundcube Webmail Flaws Allow Hackers to Steal Emails and PasswordsCybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to executeVulnerebilityThe Hacker News

6.8.24

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code ExecutionA new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-sourceVulnerebilityThe Hacker News

5.8.24

Researchers Uncover Flaws in Windows Smart App Control and SmartScreenCybersecurity researchers have uncovered design weaknesses in Microsoft's Windows Smart App Control and SmartScreen that couldVulnerebilityThe Hacker News

3.8.24

DigiCert mass-revoking TLS certificates due to domain validation bugDigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours.Vulnerebility

BleepingComputer

31.7.24

Critical Flaw in Acronis Cyber Infrastructure Exploited in the WildCybersecurity company Acronis is warning that a now-patched critical security flaw impacting its Cyber Infrastructure (ACI) productVulnerebilityThe Hacker News

28.7.24

Google fixes Chrome Password Manager bug that hides credentialsGoogle has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours.Vulnerebility

BleepingComputer

28.7.24

Critical ServiceNow RCE flaws actively exploited to steal credentialsThreat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks.Vulnerebility

BleepingComputer

27.7.24

Progress warns of critical RCE bug in Telerik Report ServerProgress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices.Vulnerebility

BleepingComputer

27.7.24

Docker fixes critical 5-year old authentication bypass flawDocker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances.Vulnerebility

BleepingComputer

27.7.24

CrowdStrike: 'Content Validator' bug let faulty update pass checksCrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024.Vulnerebility

BleepingComputer

26.7.24

Critical Flaw in Telerik Report Server Poses Remote Code Execution RiskProgress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, trackedVulnerebilityThe Hacker News

26.7.24

Researchers Reveal ConfusedFunction Vulnerability in Google Cloud PlatformCybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud FunctionsVulnerebilityThe Hacker News

26.7.24

Critical Docker Engine Flaw Allows Attackers to Bypass Authorization PluginsDocker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorizationVulnerebilityThe Hacker News

20.7.24

SolarWinds fixes 8 critical bugs in access rights audit softwareSolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices.VulnerebilityBleepingComputer

20.7.24

Critical Cisco bug lets hackers add root users on SEG devicesCisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments.Vulnerebility

BleepingComputer

20.7.24

Cisco SSM On-Prem bug lets hackers change any user's passwordCisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators.Vulnerebility

BleepingComputer

19.7.24

SolarWinds Patches 8 Critical Flaws in Access Rights Manager SoftwareSolarWinds has addressed a set of critical security flaws impacting its Access Rights Manager (ARM) software that could be exploited toVulnerebilityThe Hacker News

18.7.24

Cisco Warns of Critical Flaw Affecting On-Prem Smart Software ManagerCisco has released patches to address a maximum-severity security flaw impacting Smart Software Manager On-Prem (Cisco SSM On-Vulnerebility

The Hacker News

18.7.24

CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks​CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks.Vulnerebility

BleepingComputer

17.7.24

Critical Apache HugeGraph Vulnerability Under Attack - Patch ASAPThreat actors are actively exploiting a recently disclosed critical security flaw impacting Apache HugeGraph-Server that could lead toVulnerebilityThe Hacker News

15.7.24

Microsoft fixes bug causing Windows Update automation issuesMicrosoft has resolved a known issue caused by the June 2024 KB5039302 preview update, causing update problems when using Windows Update automation scripts on Windows 11 systems.Vulnerebility

BleepingComputer

15.7.24

Critical Exim bug bypasses security filters on 1.5 million mail serversCensys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters.Vulnerebility

BleepingComputer

14.7.24

Netgear warns users to patch auth bypass, XSS router flawsNetgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models.Vulnerebility

BleepingComputer

14.7.24

GitLab: Critical bug lets attackers run pipelines as other usersGitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user.Vulnerebility

BleepingComputer

12.7.24

Critical Exim Mail Server Vulnerability Exposes Millions to Malicious Attachments

A critical security issue has been disclosed in the Exim mail transfer agent that could enable threat actors to deliver malicious

Vulnerebility

The Hacker News

12.7.24

Palo Alto Networks Patches Critical Flaw in Expedition Migration Tool

Palo Alto Networks has released security updates to address five security flaws impacting its products, including a critical bug that could lead to an authentication bypass. Cataloged as CVE-2024-5910

Vulnerebility

The Hacker News

11.7.24

Hackers target WordPress calendar plugin used by 150,000 sitesHackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely.Vulnerebility

BleepingComputer

11.7.24

RCE bug in widely used Ghostscript library now exploited in attacksA remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks.Vulnerebility

BleepingComputer

11.7.24

GitLab Patches Critical Flaw Allowing Unauthorized Pipeline JobsGitLab has shipped another round of updates to close out security flaws in its software development platform, including a critical bugVulnerebility

The Hacker News

10.7.24

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution RiskSelect versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote codeVulnerebility

The Hacker News

8.7.24

Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git ServiceFour unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service thatVulnerebilityThe Hacker News

2.7.24

New regreSSHion OpenSSH RCE bug gives root on Linux serversA new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems.Vulnerebility

BleepingComputer

2.7.24

Juniper releases out-of-cycle fix for max severity auth bypass flawJuniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products.Vulnerebility

BleepingComputer

2.7.24

Dev rejects CVE severity, makes his GitHub repo read-onlyThe popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects.Vulnerebility

BleepingComputer

2.7.24

Chinese Hackers Exploiting Cisco Switches Zero-Day to Deliver MalwareA China-nexus cyber espionage group named Velvet Ant has been observed exploiting a zero-day flaw in Cisco NX-OS Software used inVulnerebilityThe Hacker News

2.7.24

Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain AttacksA trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects thatVulnerebilityThe Hacker News

1.7.24

New OpenSSH Vulnerability Could Lead to RCE as Root on Linux SystemsOpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with root privileges in glibc-based Linux systems.VulnerebilityThe Hacker News

1.7.24

Juniper Networks Releases Critical Security Update for RoutersJuniper Networks has released out-of-band security updates to address a critical security flaw that could lead to an authenticationVulnerebilityThe Hacker News

29.6.24

GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 OthersGitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to runVulnerebility

The Hacker News

29.6.24

Critical GitLab bug lets attackers run pipelines as any userA critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user.Vulnerebility

BleepingComputer

29.6.24

Hackers target new MOVEit Transfer critical auth bypass bugThreat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday.Vulnerebility

BleepingComputer

28.6.24Researchers Warn of Flaws in Widely Used Industrial Gas Analysis EquipmentMultiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors toVulnerebilityThe Hacker News
28.6.24Prompt Injection Flaw in Vanna AI Exposes Databases to RCE AttacksCybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remoteVulnerebilityThe Hacker News
28.6.24Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow ApplicationA critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamperVulnerebilityThe Hacker News
27.6.24Phoenix UEFI vulnerability impacts hundreds of Intel PC modelsA newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw.Vulnerebility

BleepingComputer

27.6.24CosmicSting flaw impacts 75% of Adobe Commerce, Magento sitesA vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks.Vulnerebility

BleepingComputer

27.6.24VMware fixes critical vCenter RCE vulnerability, patch nowVMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws.Vulnerebility

BleepingComputer

25.6.24Critical RCE Vulnerability Discovered in Ollama AI Infrastructure ToolCybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI)VulnerebilityThe Hacker News
23.6.24SolarWinds Serv-U Vulnerability Under Active Attack - Patch ImmediatelyA recently patched high-severity flaw impacting SolarWinds Serv-U file transfer software is being actively exploited by malicious actorsVulnerebilityThe Hacker News
20.6.24Researchers Uncover UEFI Vulnerability Affecting Multiple Intel CPUsCybersecurity researchers have disclosed details of a now-patched security flaw in Phoenix SecureCore UEFI firmware that affectsVulnerebilityThe Hacker News
19.6.24Mailcow Mail Server Flaws Expose Servers to Remote Code ExecutionTwo security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by maliciousVulnerebilityThe Hacker News
18.6.24VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXiVMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could beVulnerebilityThe Hacker News
17.6.24ASUS Patches Critical Authentication Bypass Flaw in Multiple Router ModelsASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actorsVulnerebilityThe Hacker News
16.6.24ASUS warns of critical remote authentication bypass on 7 routersASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices.Vulnerebility

BleepingComputer

15.6.24Exploit for Veeam Recovery Orchestrator auth bypass available, patch nowA proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.Vulnerebility

BleepingComputer

14.6.24JetBrains warns of IntelliJ IDE bug exposing GitHub access tokensJetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.Vulnerebility

BleepingComputer

14.6.24ZKTeco Biometric System Found Vulnerable to 24 Critical Security FlawsAn analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws thatVulnerebilityThe Hacker News
13.6.24Netgear WNR614 flaws allow device takeover, no fix availableResearchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses.Vulnerebility

BleepingComputer

13.6.24Exploit for critical Veeam auth bypass available, patch nowA proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates.Vulnerebility

BleepingComputer

12.6.24Microsoft Issues Patches for 51 Flaws, Including Critical MSMQ VulnerabilityMicrosoft has released security updates to address 51 flaws as part of its Patch Tuesday updates for June 2024. Of the 51 vulnerabilities,VulnerebilityThe Hacker News
9.6.24PHP fixes critical RCE flaw impacting all versions for WindowsA new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide.Vulnerebility

BleepingComputer

9.6.24Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shellsChinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama.Vulnerebility

BleepingComputer

8.6.24TikTok fixes zero-day bug used to hijack high-profile accountsOver the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature.Vulnerebility

BleepingComputer

8.6.24Zyxel issues emergency RCE patch for end-of-life NAS devicesZyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life.Vulnerebility

BleepingComputer

8.6.24Cox fixed an API auth bypass exposing millions of modems to attacks​Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information.Vulnerebility

BleepingComputer

8.6.24Azure Service Tags tagged as security risk, Microsoft disagrees​Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tags that could allow attackers to access customers' private data.Vulnerebility

BleepingComputer

8.6.24Exploit for critical Progress Telerik auth bypass released, patch nowResearchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers.Vulnerebility

BleepingComputer

5.6.24

Zyxel Releases Patches for Firmware Vulnerabilities in EoL NAS ModelsZyxel has released security updates to address critical flaws impacting two of its network-attached storage (NAS) devices thatVulnerebilityThe Hacker News

5.6.24

Telerik Report Server Flaw Could Let Attackers Create Rogue Admin AccountsProgress Software has rolled out updates to address a critical security flaw impacting the Telerik Report Server that could beVulnerebilityThe Hacker News

3.6.24

Researcher Uncovers Flaws in Cox Modems, Potentially Impacting MillionsNow-patched authorization bypass issues impacting Cox modems could have been abused as a starting point to gain unauthorizedVulnerebilityThe Hacker News

31.5.24

Check Point releases emergency fix for VPN zero-day exploited in attacksCheck Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks.Vulnerebility

BleepingComputer

30.5.24

Researchers Uncover Active Exploitation of WordPress Plugin VulnerabilitiesCybersecurity researchers have warned that multiple high-severity security vulnerabilities in WordPress plugins are being activelyVulnerebilityThe Hacker News

29.5.24

Check Point Warns of Zero-Day Attacks on its VPN Gateway ProductsCheck Point is warning of a zero-day vulnerability in its Network Security gateway products that threat actors have exploited in the wild. Tracked as CVE-2024-24919 , the issue impacts CloudGuardVulnerebilityThe Hacker News

29.5.24

TP-Link fixes critical RCE bug in popular C5400X gaming routerThe TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device.Vulnerebility

BleepingComputer

28.5.24

TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks

A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote codeVulnerebilityThe Hacker News

26.5.24

Google fixes eighth actively exploited Chrome zero-day this yearGoogle has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild.Vulnerebility

BleepingComputer

25.5.24

A journey into forgotten Null Session and MS-RPC interfacesIt has been almost 24 years since the null session vulnerability was discovered. Back then, it was possible to access SMB named pipes using empty credentials and collect domain information. VulnerebilitySecurelist

25.5.24

Veeam warns of critical Backup Enterprise Manager auth bypass bugVeeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM).Vulnerebility

BleepingComputer

25.5.24

GitHub warns of SAML auth bypass flaw in Enterprise ServerGitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4985, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication.VulnerebilityBleepingComputer

23.5.24

Google rolls out Chrome fix for empty pages when switching tabsGoogle is rolling out a server-side fix for a known issue affecting the Chrome browser that causes webpage content to temporarily disappear when users change between open tabs.Vulnerebility

BleepingComputer

23.5.24

Critical Fluent Bit flaw impacts all major cloud providersA critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants.Vulnerebility

BleepingComputer

23.5.24

Ivanti Patches Critical Remote Code Execution Flaws in Endpoint ManagerIvanti on Tuesday rolled out fixes to address multiple critical security flaws in Endpoint Manager (EPM) that could be exploitedVulnerebilityThe Hacker News

22.5.24

QNAP Patches New Flaws in QTS and QuTS hero Impacting NAS AppliancesTaiwanese company QNAP has rolled out fixes for a set of medium-severity flaws impacting QTS and QuTS hero, some ofVulnerebilityThe Hacker News

22.5.24

Critical Veeam Backup Enterprise Manager Flaw Allows Authentication BypassUsers of Veeam Backup Enterprise Manager are being urged to update to the latest version following the discovery of a criticalVulnerebilityThe Hacker News

22.5.24

Critical GitHub Enterprise Server Flaw Allows Authentication BypassGitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attackerVulnerebilityThe Hacker News

22.5.24

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by FirefoxA critical security flaw has been disclosed in the llama_cpp_python Python package that could be exploited byVulnerebilityThe Hacker News

21.5.24

"Linguistic Lumberjack" Vulnerability Discovered in Popular Logging Utility Fluent BitCybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that couldVulnerebilityThe Hacker News

17.5.24

CISA Warns of Actively Exploited D-Link Router Vulnerabilities - Patch NowThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added two security flaws impacting D-Link routers toVulnerebilityThe Hacker News

17.5.24

Researchers Uncover 11 Security Flaws in GE HealthCare Ultrasound MachinesSecurity researchers have disclosed almost a dozen security flaws impacting the GE HealthCare Vivid Ultrasound product family thatVulnerebilityThe Hacker News

15.5.24

Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-DaysMicrosoft has addressed a total of 61 new security flaws in its software as part of its Patch Tuesday updates for May 2024,VulnerebilityThe Hacker News

15.5.24

VMware Patches Severe Security Flaws in Workstation and Fusion ProductsMultiple security flaws have been disclosed in VMware Workstation and Fusion products that could be exploited by threatVulnerebilityThe Hacker News

15.5.24

New Chrome Zero-Day Vulnerability CVE-2024-4761 Under Active ExploitationGoogle on Monday shipped emergency fixes to address a new zero-day flaw in the Chrome web browser that has come underVulnerebilityThe Hacker News

15.5.24

Critical Flaws in Cacti Framework Could Let Attackers Execute Malicious CodeThe maintainers of the Cacti open-source network monitoring and fault management framework have addressed a dozen securityVulnerebilityThe Hacker News

14.5.24

Severe Vulnerabilities in Cinterion Cellular Modems Pose Risks to Various IndustriesCybersecurity researchers have disclosed multiple security flaws in Cinterion cellular modems that could be potentially exploited byVulnerebilityThe Hacker News

12.5.24

Google fixes fifth Chrome zero-day exploited in attacks this yearGoogle has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year.Vulnerebility

BleepingComputer

11.5.24

Citrix warns admins to manually mitigate PuTTY SSH client bugCitrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key.Vulnerebility

BleepingComputer

11.5.24

New BIG-IP Next Central Manager bugs allow device takeoverF5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets.Vulnerebility

BleepingComputer

10.5.24

Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the

Vulnerebility

The Hacker News

9.5.24Over 50,000 Tinyproxy servers vulnerable to critical RCE flawNearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw.Vulnerebility

BleepingComputer

9.5.24Critical F5 Central Manager Vulnerabilities Allow Enable Full Device TakeoverTwo security vulnerabilities have been discovered in F5 Next Central Manager that could be exploited by a threat actor to seizeVulnerebilityThe Hacker News
6.5.24Google rolls back reCaptcha update to fix Firefox issuesGoogle has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows.Vulnerebility

BleepingComputer

6.5.24HPE Aruba Networking fixes four critical RCE flaws in ArubaOSHPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system.Vulnerebility

BleepingComputer

6.5.24Critical Tinyproxy Flaw Opens Over 50,000 Hosts to Remote Code ExecutionMore than 50% of the 90,310 hosts have been found exposing a Tinyproxy service on the internet that's vulnerable to a criticalVulnerebilityThe Hacker News
5.5.24R language flaw allows code execution via RDS/RDX filesA new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files.Vulnerebility

BleepingComputer

5.5.24Google now pays up to $450,000 for RCE bugs in some Android appsGoogle has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports.VulnerebilityBleepingComputer
4.5.24Microsoft fixes bug behind incorrect BitLocker encryption errorsMicrosoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments.VulnerebilityBleepingComputer
3.5.24Four Critical Vulnerabilities Expose HPE Aruba Devices to RCE AttacksHPE Aruba Networking (formerly Aruba Networks) has released security updates to address critical flaws impacting ArubaOS thatVulnerebilityThe Hacker News
30.4.24New R Programming Vulnerability Exposes Projects to Supply Chain AttacksA security vulnerability has been discovered in the R programming language that could be exploited by a threat actor to create aVulnerebilityThe Hacker News
30.4.24Sandbox Escape Vulnerabilities in Judge0 Expose Systems to Complete TakeoverMultiple critical security flaws have been disclosed in the Judge0 open-source online code execution system that could be exploitedVulnerebilityThe Hacker News
30.4.24Ukraine Targeted in Cyberattack Exploiting 7-Year-Old Microsoft Office FlawCybersecurity researchers have discovered a targeted operation against Ukraine that has been found leveraging a nearly seven-VulnerebilityThe Hacker News
26.4.24Severe Flaws Disclosed in Brocade SANnav SAN Management SoftwareSeveral security vulnerabilities disclosed in Brocade SANnav storage area network (SAN) management application could be exploited to compromise susceptible appliances. The 18 flaws VulnerebilityThe Hacker News
26.4.24Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under AttackPalo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that hasVulnerebilityThe Hacker News
25.4.24Major Security Flaws Expose Keystrokes of Over 1 Billion Chinese Keyboard App UsersSecurity vulnerabilities uncovered in cloud-based pinyin keyboard apps could be exploited to reveal users' keystrokes to nefariousVulnerebilityThe Hacker News
22.4.24Critical Forminator plugin flaw impacts over 300k WordPress sitesThe Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server.Vulnerebility

BleepingComputer

20.4.24MITRE says state hackers breached its network via Ivanti zero-daysThe MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days.Vulnerebility

BleepingComputer

20.4.24Palo Alto Networks Discloses More Details on Critical PAN-OS Flaw Under AttackPalo Alto Networks has shared more details of a critical security flaw impacting PAN-OS that has come under active exploitation inVulnerebilityThe Hacker News
17.4.24Exploit released for Palo Alto PAN-OS bug used in attacks, patch nowExploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software.Vulnerebility

BleepingComputer

17.4.24PuTTY SSH client flaw allows recovery of cryptographic private keysA vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation.Vulnerebility

BleepingComputer

17.4.24Hackers Exploit Fortinet Flaw, Deploy ScreenConnect, Metasploit in New CampaignCybersecurity researchers have discovered a new campaign that's exploiting a recently disclosed security flaw in Fortinet FortiClientVulnerebilityThe Hacker News
16.4.24Palo Alto Networks fixes zero-day exploited to backdoor firewallsPalo Alto Networks has started releasing hotfixes for a zero-day vulnerability that has been actively exploited since March 26th to backdoor PAN-OS firewalls.Vulnerebility

BleepingComputer

16.4.24Widely-Used PuTTY SSH Client Found Vulnerable to Key Recovery AttackThe maintainers of the PuTTY Secure Shell (SSH) and Telnet client are alerting users of a critical vulnerability impacting versions fromVulnerebilityThe Hacker News
16.4.24Intel and Lenovo BMCs Contain Unpatched Lighttpd Server FlawA security flaw impacting the Lighttpd web server used in baseboard management controllers ( BMCs ) has remainedVulnerebilityThe Hacker News
15.4.24Palo Alto Networks Releases Urgent Fixes for Exploited PAN-OS VulnerabilityPalo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has comeVulnerebilityThe Hacker News
14.4.24Telegram fixes Windows app zero-day used to launch Python scriptsTelegram fixed a zero-day vulnerability in its Windows desktop application that could be used to bypass security warnings and automatically launch Python scripts.Vulnerebility

BleepingComputer

14.4.24Intel and Lenovo servers impacted by 6-year-old BMC flawAn almost 6-year-old vulnerability in the Lighttpd web server used in Baseboard Management Controllers has been overlooked by many device vendors, including Intel and Lenovo.Vulnerebility

BleepingComputer

12.4.24Zero-Day Alert: Critical Palo Alto Networks PAN-OS Flaw Under Active AttackPalo Alto Networks is warning that a critical flaw impacting its PAN-OS software used in its GlobalProtect gateways is being exploitedVulnerebilityThe Hacker News
11.4.24Critical Rust flaw enables Windows command injection attacksThreat actors can exploit a security vulnerability in the Rust standard library to target Windows systems in command injection attacks.Vulnerebility

BleepingComputer

11.4.24New SharePoint flaws help hackers evade detection when stealing filesResearchers have discovered two techniques that could enable attackers to bypass audit logs or generate less severe entries when downloading files from SharePoint.Vulnerebility

BleepingComputer

11.4.24Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks​Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw.Vulnerebility

BleepingComputer

11.4.24Fortinet Rolls Out Critical Security Patches for FortiClientLinux VulnerabilityFortinet has released patches to address a critical security flaw impacting FortiClientLinux that could be exploited to achieveVulnerebilityThe Hacker News
9.4.24Researchers Discover LG Smart TV Vulnerabilities Allowing Root AccessMultiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypassVulnerebilityThe Hacker News
9.4.24Critical Flaws Leave 92,000 D-Link NAS Devices Vulnerable to Malware AttacksThreat actors are actively scanning and exploiting a pair of security flaws that are said to affect as many as 92,000 internet-exposed D-VulnerebilityThe Hacker News
7.4.24New Ivanti RCE flaw may impact 16,000 exposed VPN gatewaysApproximately 16,500 Ivanti Connect Secure and Poly Secure gateways exposed on the internet are likely vulnerable to a remote code execution (RCE) flaw the vendor addressed earlier this week.Vulnerebility

BleepingComputer

7.4.24Microsoft fixes Outlook security alerts bug caused by December updatesMicrosoft has fixed an issue that triggers erroneous Outlook security alerts when opening .ICS calendar files after installing the December 2023 Outlook Desktop security updatesVulnerebility

BleepingComputer

6.4.24Critical flaw in LayerSlider WordPress plugin impacts 1 million sitesA premium WordPress plugin named LayerSlider, used in over one million sites, is vulnerable to unauthenticated SQL injection, requiring admins to prioritize applying security updates for the plugin.Vulnerebility

BleepingComputer

6.4.24Ivanti fixes VPN gateway vulnerability allowing RCE, DoS attacksIT security software company Ivanti has released patches to fix multiple security vulnerabilities impacting its Connect Secure and Policy Secure gateways.Vulnerebility

BleepingComputer

6.4.24Google fixes one more Chrome zero-day exploited at Pwn2OwnGoogle has fixed another zero-day vulnerability in the Chrome browser, which was exploited by security researchers during the Pwn2Own hacking contest last month.Vulnerebility

BleepingComputer

6.4.24Google fixes two Pixel zero-day flaws exploited by forensics firmsGoogle has fixed two Google Pixel zero-days exploited by forensic firms to unlock phones without a PIN and gain access to the data stored within them.Vulnerebility

BleepingComputer

5.4.24Researchers Identify Multiple China Hacker Groups Exploiting Ivanti Security FlawsMultiple China-nexus threat actors have been linked to the zero-day exploitation of three security flaws impacting Ivanti appliancesVulnerebilityThe Hacker News
4.4.24Microsoft warns Gmail blocks some Outlook email as spam, shares fixMicrosoft has confirmed that some Outlook.com users are experiencing issues with emails being blocked and marked as spam when trying to email Gmail accounts.Vulnerebility

BleepingComputer

4.4.24Ivanti Rushes Patches for 4 New Flaws in Connect Secure and Policy SecureIvanti has released security updates to address four security flaws impacting Connect Secure and Policy Secure Gateways that couldVulnerebilityThe Hacker News
3.4.24Critical Security Flaw Found in Popular LayerSlider WordPress PluginA critical security flaw impacting the LayerSlider plugin for WordPress could be abused to extract sensitive information fromVulnerebilityThe Hacker News
31.3.24Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwordsA vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command.Vulnerebility

BleepingComputer

31.3.24Google fixes Chrome zero-days exploited at Pwn2Own 2024Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.Vulnerebility

BleepingComputer

30.3.24Germany warns of 17K vulnerable Microsoft Exchange servers exposed onlineThe German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities.VulnerebilityBleepingComputer
28.3.24CISA Warns: Hackers Actively Attacking Microsoft SharePoint VulnerabilityThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a security flaw impacting Microsoft Sharepoint ServerVulnerebilityThe Hacker News
28.3.24Microsoft Edge Bug Could Have Allowed Attackers to Silently Install Malicious ExtensionsA now-patched security flaw in the Microsoft Edge web browser could have been abused to install arbitrary extensions on users'VulnerebilityThe Hacker News
26.3.24New "GoFetch" Vulnerability in Apple M-Series Chips Leaks Secret Encryption KeysA new security shortcoming discovered in Apple M-series chips could be exploited to extract secret keys used during cryptographicVulnerebilityThe Hacker News
23.3.24US Defense Dept received 50,000 vulnerability reports since 2016The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016.Vulnerebility

BleepingComputer

22.3.24AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session HijackingCybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services (AWS) Managed Workflows forVulnerebilityThe Hacker News
21.3.24Apex Legends players worried about RCE flaw after ALGS hacksElectronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament.Vulnerebility

BleepingComputer

21.3.24Ivanti Releases Urgent Fix for Critical Sentry RCE VulnerabilityIvanti has disclosed details of a critical remote code execution flaw impacting Standalone Sentry, urging customers to apply the fixes immediately to stay protected against potential cyber threats. Tracked as VulnerebilityThe Hacker News
21.3.24Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo BugAtlassian has released patches for more than two dozen security flaws , including a critical bug impacting Bamboo Data Center and Server that couldVulnerebilityThe Hacker News
18.3.24Fortra Patches Critical RCE Vulnerability in FileCatalyst Transfer ToolFortra has released details of a now-patched critical security flaw impacting its FileCatalyst file transfer solution that could allow unauthenticatedVulnerebilityThe Hacker News
18.3.24WordPress Admins Urged to Remove miniOrange Plugins Due to Critical FlawWordPress users of miniOrange's Malware Scanner and Web Application Firewall plugins are being urged to delete them from their websites followingVulnerebilityThe Hacker News
16.3.24GhostRace – New Data Leak Vulnerability Affects Modern CPUsA group of researchers has discovered a new data leakage attack impacting modern CPU architectures supporting speculative execution. Dubbed VulnerebilityThe Hacker News
14.3.24Researchers Detail Kubernetes Vulnerability That Enables Windows Node TakeoverDetails have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote codeVulnerebilityThe Hacker News
14.3.24Fortinet warns of critical RCE bug in endpoint management softwareFortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.Vulnerebility

BleepingComputer

14.3.24DarkGate Malware Exploits Recently Patched Microsoft Flaw in Zero-Day AttackA DarkGate malware campaign observed in mid-January 2024 leveraged a recently patched security flaw in Microsoft Windows as a zero-day usingVulnerebilityThe Hacker News
14.3.24Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS SoftwareFortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affectedVulnerebilityThe Hacker News
10.3.24Critical Fortinet flaw may impact 150,000 exposed devicesScans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.Vulnerebility

BleepingComputer

10.3.24QNAP warns of critical auth bypass flaw in its NAS devicesQNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices.Vulnerebility

BleepingComputer

10.3.24AnyCubic fixes exploited 3D printer zero day flaw with new firmwareAnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide.Vulnerebility

BleepingComputer

10.3.24Critical TeamCity flaw now widely exploited to create admin accountsHackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday.Vulnerebility

BleepingComputer

9.3.24VMware fixes critical sandbox escape flaws in ESXi, Workstation, and FusionVMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system.Vulnerebility

BleepingComputer

8.3.24Cisco Issues Patch for High-Severity VPN Hijacking Bug in Secure ClientCisco has released patches to address a high-severity security flaw impacting its Secure Client software that could be exploited by a threat actorVulnerebilityThe Hacker News
6.3.24ScreenConnect flaws exploited to drop new ToddlerShark malwareThe North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddlerShark.Vulnerebility

BleepingComputer

6.3.24VMware Issues Security Patches for ESXi, Workstation, and Fusion FlawsVMware has released patches to address four security flaws impacting ESXi, Workstation, and Fusion, including two critical flaws that could lead to codeVulnerebilityThe Hacker News
3.3.24Citrix, Sophos software impacted by 2024 leap year bugsCitrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products.Vulnerebility

BleepingComputer

28.2.24WordPress LiteSpeed Plugin Vulnerability Puts 5 Million Sites at RiskA security vulnerability has been disclosed in the LiteSpeed Cache plugin for WordPress that could enable unauthenticated users to escalate theirVulnerebilityThe Hacker News
27.2.24WordPress Plugin Alert - Critical SQLi Vulnerability Threatens 200K+ WebsitesA critical security flaw has been disclosed in a popular WordPress plugin called Ultimate Member that has more than 200,000 active installations.VulnerebilityThe Hacker News
24.2.24Joomla fixes XSS flaws that could expose sites to RCE attacksFive vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.Vulnerebility

BleepingComputer

24.2.24VMware urges admins to remove deprecated, vulnerable auth plug-inVMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.Vulnerebility

BleepingComputer

23.2.24ConnectWise urges ScreenConnect admins to patch critical RCE flawConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks.Vulnerebility

BleepingComputer

22.2.24New Wi-Fi Vulnerabilities Expose Android and Linux Devices to HackersCybersecurity researchers have identified two authentication bypass flaws in open-source Wi-Fi software found in Android, Linux, and ChromeOS devicesVulnerebilityThe Hacker News
21.2.24VMware Alert: Uninstall EAP Now - Critical Flaw Puts Active Directory at RiskVMware is urging users to uninstall the deprecated Enhanced Authentication Plugin (EAP) following the discovery of a critical security flaw. Tracked as VulnerebilityThe Hacker News
20.2.24Critical Flaws Found in ConnectWise ScreenConnect Software - Patch NowConnectWise has released software updates to address two security flaws in its ScreenConnect remote desktop and access software, including aVulnerebilityThe Hacker News
20.2.24WordPress Bricks Theme Under Active Attack: Critical Flaw Impacts 25,000+ SitesA critical security flaw in the Bricks theme for WordPress is being actively exploited by threat actors to run arbitrary PHP code on susceptibleVulnerebilityThe Hacker News
18.2.24Three critical application security flaws scanners can’t detectIn this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security.Vulnerebility

BleepingComputer

18.2.24Zoom patches critical privilege elevation flaw in Windows appsThe Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.Vulnerebility

BleepingComputer

17.2.24ExpressVPN bug has been leaking some DNS requests for yearsExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers.Vulnerebility

BleepingComputer

16.2.24Ivanti Pulse Secure Found Using 11-Year-Old Linux Version and Outdated LibrariesA reverse engineering of the firmware running on Ivanti Pulse Secure appliances has revealed numerous weaknesses, once again underscoringVulnerebilityThe Hacker News
15.2.24Critical Exchange Server Flaw (CVE-2024-21410) Under Active ExploitationMicrosoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, aVulnerebilityThe Hacker News
15.2.24Ivanti Vulnerability Exploited to Install 'DSLog' Backdoor on 670+ IT InfrastructuresThreat actors are leveraging a recently disclosed security flaw impacting Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy aVulnerebilityThe Hacker News
9.2.24Ivanti: Patch new Connect Secure auth bypass bug immediatelyToday, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.Vulnerebility

BleepingComputer

9.2.24Fortinet warns of new FortiSIEM RCE bugs in confusing disclosureFortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.Vulnerebility

BleepingComputer

9.2.24Critical Cisco bug exposes Expressway gateways to CSRF attacksCisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.Vulnerebility

BleepingComputer

9.2.24Critical Cisco bug exposes Expressway gateways to CSRF attacksCisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.Vulnerebility

BleepingComputer

9.2.24Critical flaw in Shim bootloader impacts major Linux distrosA critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms.Vulnerebility

BleepingComputer

9.2.24Warning: New Ivanti Auth Bypass Flaw Affects Connect Secure and ZTA GatewaysIvanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allowVulnerebilityThe Hacker News
7.2.24Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in errorIt turns out that critical Fortinet FortiSIEM vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 are not new and have been published this year in error.Vulnerebility

BleepingComputer

7.2.24JetBrains warns of new TeamCity auth bypass vulnerabilityJetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges.Vulnerebility

BleepingComputer

7.2.24Newest Ivanti SSRF zero-day now under mass exploitationAn Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.Vulnerebility

BleepingComputer

7.2.24Leaky Vessels flaws allow hackers to escape Docker, runc containersFour vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.VulnerebilityBleepingComputer
7.2.24Critical Bootloader Vulnerability in Shim Impacts Nearly All Linux DistrosThe maintainers of shim have released version 15.8 to address six security flaws, including a critical bug that could pave the way for remote codeVulnerebilityThe Hacker News
7.2.24Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch NowJetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD)VulnerebilityThe Hacker News
6.2.24High Severity Flaws Found in Azure HDInsight Spark, Kafka, and Hadoop ServicesThree new security vulnerabilities have been discovered in Azure HDInsight's Apache Hadoop , Kafka , and Spark services that could be exploited toVulnerebilityThe Hacker News
4.2.24Mastodon vulnerability allows attackers to take over accountsMastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.Vulnerebility

BleepingComputer

4.2.24Microsoft fixes connection issue affecting Outlook email appsMicrosoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts.Vulnerebility

BleepingComputer

4.2.24Google shares fix for Pixel phones hit by bad system updateGoogle has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update.Vulnerebility

BleepingComputer

4.2.24New Windows Event Log zero-day flaw gets unofficial patchesFree unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain.Vulnerebility

BleepingComputer

3.2.24

Ivanti warns of new Connect Secure zero-day exploited in attacksToday, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.Vulnerebility

BleepingComputer

3.2.24

New Linux glibc flaw lets attackers get root on major distrosUnprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).Vulnerebility

BleepingComputer

3.2.24

Mastodon Vulnerability Allows Hackers to Hijack Any Decentralized AccountThe decentralized social network Mastodon has disclosed a critical security flaw that enables malicious actors to impersonate and take over any account.VulnerebilityThe Hacker News

2.2.24

45k Jenkins servers exposed to RCE attacks using public exploitsResearchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2024-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.VulnerebilityBleepingComputer
1.2.24Cisco warns of critical RCE flaw in communications softwareCisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.Vulnerebility

BleepingComputer

1.2.24

Over 5,300 GitLab servers exposed to zero-click account takeover attacksOver 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.Vulnerebility

BleepingComputer

1.2.24

New Glibc Flaw Grants Attackers Root Access on Major Linux DistrosMalicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (akaVulnerebilityThe Hacker News

31.1.24

Fortra warns of new critical GoAnywhere MFT auth bypass, patch nowFortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.Vulnerebility

BleepingComputer

31.1.24

Ivanti: VPN appliances vulnerable if pushing configs after mitigationIvanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.Vulnerebility

BleepingComputer

31.1.24

URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File OverwriteGitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited toVulnerebilityThe Hacker News

30.1.24

Juniper Networks Releases Urgent Junos OS Updates for High-Severity FlawsJuniper Networks has released out-of-band updates to address high-severity flaws in SRX Series and EX Series that could be exploited by a threat actor toVulnerebilityThe Hacker News

30.1.24

Researchers Uncover How Outlook Vulnerability Could Leak Your NTLM PasswordsA now-patched security flaw in Microsoft Outlook could be exploited by threat actors to access NT LAN Manager (NTLM) v2 hashed passwords whenVulnerebilityThe Hacker News

26.1.24

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms SystemsCisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that couldVulnerebilityThe Hacker News

26.1.24

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks - Patch ASAP!The maintainers of the open-source continuous integration/continuous delivery and deployment (CI/CD) automation software Jenkins have resolvedVulnerebilityThe Hacker News

23.1.24

~40,000 Attacks in 3 Days: Critical Confluence RCE Under Active ExploitationMalicious actors have begun to actively exploit a recently disclosed critical security flaw impacting Atlassian Confluence Data Center and ConfluenceVulnerebilityThe Hacker News

21.1.24

Chinese hackers exploit VMware bug as zero-day for two yearsA Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.Vulnerebility

BleepingComputer

20.1.24

AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacksA new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.Vulnerebility

BleepingComputer

20.1.24

GitHub rotates keys to mitigate impact of credential-exposing flawGitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables.Vulnerebility

BleepingComputer

19.1.24

Citrix warns of new Netscaler zero-days exploited in attacksCitrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.Vulnerebility

BleepingComputer

19.1.24

Google fixes first actively exploited Chrome zero-day of 2024Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year.Vulnerebility

BleepingComputer

19.1.24

PixieFail flaws impact PXE network boot in enterprise systemsA set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers.Vulnerebility

BleepingComputer

19.1.24

Atlassian warns of critical RCE flaw in older Confluence versionsAtlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.Vulnerebility

BleepingComputer

19.1.24

Ivanti Connect Secure zero-days now under mass exploitationTwo zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation.Vulnerebility

BleepingComputer

19.1.24

Microsoft working on a fix for Windows 10 0x80070643 errorsMicrosoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability.Vulnerebility

BleepingComputer

19.1.24

Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacksSecurity researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.Vulnerebility

BleepingComputer

19.1.24

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning AttacksContinuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework couldVulnerebilityThe Hacker News

19.1.24

PixieFail UEFI Flaws Expose Millions of Computers to RCE, DoS, and Data TheftMultiple security vulnerabilities have been disclosed in the TCP/IP network protocol stack of an open-source reference implementation of the UnifiedVulnerebilityThe Hacker News

18.1.24

GitHub Rotates Keys After High-Severity Vulnerability Exposes CredentialsGitHub has revealed that it has rotated some keys in response to a security vulnerability that could be potentially exploited to gain access to credentialsVulnerebilityThe Hacker News

17.1.24

Citrix, VMware, and Atlassian Hit with Critical Flaws — Patch ASAP!Citrix is warning of two zero-day security vulnerabilities in NetScaler ADC (formerly Citrix ADC) and NetScaler Gateway (formerly Citrix Gateway) that areVulnerebilityThe Hacker News

16.1.24

Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or WindowsCybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be..VulnerebilityThe Hacker News

15.1.24

High-Severity Flaws Uncovered in Bosch Thermostats and Smart NutrunnersMultiple security vulnerabilities have been disclosed in Bosch BCC100 thermostats and Rexroth NXA015S-36V-B smart nutrunners that, ifVulnerebilityThe Hacker News

13.1.24

Critical RCE Vulnerability Uncovered in Juniper SRX Firewalls and EX SwitchesJuniper Networks has released updates to fix a critical remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches. The issue,VulnerebilityThe Hacker News

13.1.24

GitLab warns of critical zero-click account hijacking vulnerabilityGitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.Vulnerebility

BleepingComputer

12.1.24

Juniper warns of critical RCE bug in its firewalls and switchesJuniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.Vulnerebility

BleepingComputer

12.1.24

Ivanti Connect Secure zero-days exploited to deploy custom malwareHackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes.Vulnerebility

BleepingComputer

12.1.24

Over 150k WordPress sites at takeover risk via vulnerable pluginTwo vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.Vulnerebility

BleepingComputer

12.1.24

Microsoft shares script to update Windows 10 WinRE with BitLocker fixesMicrosoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.Vulnerebility

BleepingComputer

11.1.24

Cisco says critical Unity Connection bug lets attackers get rootCisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.Vulnerebility

BleepingComputer

11.1.24

Chinese Hackers Exploit Zero-Day Flaws in Ivanti Connect Secure and Policy SecureA pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors toVulnerebilityThe Hacker News

11.1.24

Cisco Fixes High-Risk Vulnerability Impacting Unity Connection SoftwareCisco has released software updates to address a critical security flaw impacting Unity Connection that could permit an adversary to execute arbitraryVulnerebilityThe Hacker News

9.1.24

Alert: New Vulnerabilities Discovered in QNAP and Kyocera Device ManagerA security flaw has been disclosed in Kyocera's Device Manager product that could be exploited by bad actors to carry out malicious activities on affectedVulnerebilityThe Hacker News

6.1.24

Hackers target Apache RocketMQ servers vulnerable to RCE attacksSecurity researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.Vulnerebility

BleepingComputer

6.1.24

Ivanti warns critical EPM bug lets hackers hijack enrolled devicesIvanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.Vulnerebility

BleepingComputer

5.1.24

Alert: Ivanti Releases Patch for Critical Vulnerability in Endpoint Manager SolutionIvanti has released security updates to address a critical flaw impacting its Endpoint Manager (EPM) solution that, if successfully exploited, couldVulnerebilityThe Hacker News