CVE

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Censys, CVE, Don't miss, enterprise, Hot stuff, News, PoC, Progress, vulnerability /

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) 2024-06-04 at 17:46 By Zeljka Zorz Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and […]

React to this headline:

Loading spinner

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) Read More »

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

Atlassian Confluence, CVE, Don't miss, Hot stuff, News, PoC, SonicWall, vulnerability /

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) 2024-06-03 at 12:16 By Zeljka Zorz If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About CVE-2024-21683 Confluence Server and

React to this headline:

Loading spinner

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) Read More »

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

0-day, Check Point, CISA, CVE, Don't miss, enterprise, Hot stuff, News, Rapid7, WatchTowr /

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) 2024-05-31 at 14:32 By Zeljka Zorz Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. “The vulnerability is particularly critical

React to this headline:

Loading spinner

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919) Read More »

NIST Getting Outside Help for National Vulnerability Database

CVE, Government, NIST, NVD, Vulnerabilities /

NIST Getting Outside Help for National Vulnerability Database 2024-05-30 at 18:17 By Eduard Kovacs NIST is receiving support to get the NVD and CVE processing back on track within the next few months. The post NIST Getting Outside Help for National Vulnerability Database appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

NIST Getting Outside Help for National Vulnerability Database Read More »

NIST says NVD will be back on track by September 2024

CVE, Don't miss, Hot stuff, News, NIST, vulnerability assessment, vulnerability management /

NIST says NVD will be back on track by September 2024 2024-05-30 at 14:01 By Zeljka Zorz The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD), the agency has announced

React to this headline:

Loading spinner

NIST says NVD will be back on track by September 2024 Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

CVE, Don't miss, enterprise, exploit, Fortinet, Horizon3.ai, Hot stuff, News, PoC, vulnerability /

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

Loading spinner

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

0-day, Chrome, CVE, Don't miss, Hot stuff, News, security update, Vivaldi, vulnerability /

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) 2024-05-24 at 10:46 By Zeljka Zorz For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vulnerability

React to this headline:

Loading spinner

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) Read More »

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

0-day, Chrome, CVE, Don't miss, exploit, Google, Hot stuff, News /

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) 2024-05-10 at 12:16 By Zeljka Zorz Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger an exploitable heap

React to this headline:

Loading spinner

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) Read More »

F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026)

CVE, Don't miss, Eclypsium, F5 Networks, Hot stuff, networking, News, traffic monitoring /

F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026) 2024-05-09 at 17:01 By Zeljka Zorz Eclypsium researchers have published details and PoC exploits for two remotely exploitable injection vulnerabilities (CVE-2024-21793, CVE-2024-26026) affecting F5’s BIG-IP Next Central Manager. About the vulnerabilities BIG-IP Next is “a completely new incarnation” of F5’s BIG-IP devices/modules, which

React to this headline:

Loading spinner

F5 fixes BIG-IP Next Central Manager flaws with public PoCs (CVE-2024-21793, CVE-2024-26026) Read More »

CISA starts CVE “vulnrichment” program

CISA, CVE, Don't miss, Hot stuff, News, vulnerability assessment, vulnerability management /

CISA starts CVE “vulnrichment” program 2024-05-09 at 13:16 By Zeljka Zorz The US Cybersecurity and Infrastructure Agency (CISA) has announced the creation of “Vulnrichment,” a new project that aims to fill the CVE enrichment gap created by NIST National Vulnerability Database’s recent slowdown. NVD is failing Since 1999, NVD analysts have been adding CVE-numbered vulnerabilities

React to this headline:

Loading spinner

CISA starts CVE “vulnrichment” program Read More »

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661)

consumer, CVE, Don't miss, enterprise, Hot stuff, Leviathan Security Group, News, Privacy, VPN /

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) 2024-05-08 at 16:31 By Zeljka Zorz Researchers have brought to light a new attack method – dubbed TunnelVision and uniquely identified as CVE-2024-3661 – that can be used to intercept and snoop on VPN users’ traffic by attackers who are on the same

React to this headline:

Loading spinner

Attackers may be using TunnelVision to snoop on users’ VPN traffic (CVE-2024-3661) Read More »

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212)

backup, CVE, Don't miss, Hot stuff, MSP, News, security update, Veeam Software /

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) 2024-05-08 at 12:16 By Zeljka Zorz Veeam has patched a high-severity vulnerability (CVE-2024-29212) in Veeam Service Provider Console (VSPC) and is urging customers to implement the patch. About CVE-2024-29212 Veeam Service Provider Console is a cloud platform used by managed services providers (MSPs) and enterprises to

React to this headline:

Loading spinner

Veeam fixes RCE flaw in backup management platform (CVE-2024-29212) Read More »

Why cloud vulnerabilities need CVEs

Cloud, CVE, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, News, Nucleus Security, opinion, patching, vulnerability management /

Why cloud vulnerabilities need CVEs 2024-05-01 at 08:01 By Help Net Security When considering vulnerability management’s purpose in a modern world, it’s imperative to recognize the huge transition to new technologies and how you manage risk within these different paradigms and environments (e.g., the cloud). Patch network security isn’t applicable in the same way for

React to this headline:

Loading spinner

Why cloud vulnerabilities need CVEs Read More »

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028)

0-day, APT, CVE, cyber espionage, Don't miss, exploit, Hot stuff, Microsoft, News, Windows /

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) 2024-04-23 at 17:01 By Zeljka Zorz For nearly four years and perhaps even longer, Forest Blizzard (aka Fancy Bear, aka APT28) has been using a custom tool that exploits a specific vulnerability in Windows Print Spooler service (CVE-2022-38028). Dubbed GooseEgg, the tool is a

React to this headline:

Loading spinner

Russian hackers’ custom tool exploits old Windows Print Spooler flaw (CVE-2022-38028) Read More »

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040)

Censys, CrowdStrike, CrushFTP, CVE, Don't miss, enterprise, exploit, FTP, Hot stuff, News /

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) 2024-04-23 at 13:01 By Zeljka Zorz A vulnerability (CVE-2024-4040) in enterprise file transfer solution CrushFTP is being exploited by attackers in a targeted fashion, according to Crowdstrike. The vulnerability allows attackers to escape their virtual file system and download system files (i.e., configuration files), but only if

React to this headline:

Loading spinner

CrushFTP zero-day exploited by attackers, upgrade immediately! (CVE-2024-4040) Read More »

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204)

CVE, Don't miss, Hot stuff, Ivanti, News, remote management, Tenable, vulnerability /

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) 2024-04-18 at 15:02 By Zeljka Zorz The newest version of Ivanti Avalanche – the company’s enterprise mobile device management (MDM) solution – carries fixes for 27 vulnerabilities, two of which (CVE-2024-29204, CVE-2024-24996) are critical and may allow a remote unauthenticated attacker to execute arbitrary

React to this headline:

Loading spinner

Ivanti patches critical Avalanche flaw exploitable via a simple message (CVE-2024-29204) Read More »

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)

CISA, CVE, Don't miss, Hot stuff, Microsoft, News, Patch Tuesday, security update, SonicWall, Tenable, Trend Micro, vulnerability, vulnerability management /

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) 2024-04-09 at 22:35 By Zeljka Zorz On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Microsoft hasn’t marked as exploited, but Peter Girnus, senior threat researcher with Trend Micro’s Zero Day Initiative (ZDI), has found being

React to this headline:

Loading spinner

Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988) Read More »

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth

CVE, Featured, MITRE, NVD, Vulnerabilities /

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth 2024-04-03 at 17:17 By Kevin Townsend MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of all vulnerabilities. What went wrong, and what can be done? The post CVE

React to this headline:

Loading spinner

CVE and NVD – A Weak and Fractured Source of Vulnerability Truth Read More »

NVD: NIST is working on longer-term solutions

CVE, Don't miss, Hot stuff, News, NIST, vulnerability management /

NVD: NIST is working on longer-term solutions 2024-04-03 at 13:17 By Zeljka Zorz The recent conspicuous faltering of the National Vulnerability Database (NVD) is “based on a variety of factors, including an increase in software and, therefore, vulnerabilities, as well as a change in interagency support,” says the U.S. National Institute of Standards and Technology

React to this headline:

Loading spinner

NVD: NIST is working on longer-term solutions Read More »

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094)

backdoor, CISA, CVE, Debian, Don't miss, Fedora, Hot stuff, Linux, News, open source, Red Hat, SUSE, vulnerability /

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) 2024-03-29 at 20:31 By Zeljka Zorz A vulnerability (CVE-2024-3094) in XZ Utils, the XZ format compression utilities included in most Linux distributions, may “enable a malicious actor to break sshd authentication and gain unauthorized access to the entire system remotely,” Red Hat warns.

React to this headline:

Loading spinner

Beware! Backdoor found in XZ utilities used by many Linux distros (CVE-2024-3094) Read More »

Scroll to Top