vulnerability

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking

Cox, Featured, modem, Network Security, vulnerability /

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking 2024-06-04 at 13:25 By Eduard Kovacs Cox recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems. The post Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking appeared first on SecurityWeek. This article is an excerpt […]

React to this headline:

Loading spinner

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking Read More »

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

Atlassian Confluence, CVE, Don't miss, Hot stuff, News, PoC, SonicWall, vulnerability /

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) 2024-06-03 at 12:16 By Zeljka Zorz If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About CVE-2024-21683 Confluence Server and

React to this headline:

Loading spinner

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) Read More »

Check Point VPN Attacks Involve Zero-Day Exploited Since April

Check Point, exploited, Featured, Malware & Threats, VPN, vulnerability, Zero-Day /

Check Point VPN Attacks Involve Zero-Day Exploited Since April 2024-05-30 at 12:46 By Eduard Kovacs The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords. The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Check Point VPN Attacks Involve Zero-Day Exploited Since April Read More »

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution

Vulnerabilities, vulnerability /

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution 2024-05-29 at 18:01 By Ionut Arghire Vulnerabilities in the real-time IoT operating system Eclipse ThreadX before version 6.4 could lead to denial-of-service and code execution. The post Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

CVE, Don't miss, enterprise, exploit, Fortinet, Horizon3.ai, Hot stuff, News, PoC, vulnerability /

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

Loading spinner

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Google Patches Fourth Chrome Zero-Day in Two Weeks

Chrome, CVE-2024-5274, Featured, Vulnerabilities, vulnerability, Zero-Day /

Google Patches Fourth Chrome Zero-Day in Two Weeks 2024-05-24 at 12:16 By Ionut Arghire Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine. The post Google Patches Fourth Chrome Zero-Day in Two Weeks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Google Patches Fourth Chrome Zero-Day in Two Weeks Read More »

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

0-day, Chrome, CVE, Don't miss, Hot stuff, News, security update, Vivaldi, vulnerability /

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) 2024-05-24 at 10:46 By Zeljka Zorz For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vulnerability

React to this headline:

Loading spinner

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) Read More »

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

Don't miss, enterprise, GitHub, Hot stuff, News, software development, vulnerability /

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) 2024-05-23 at 13:16 By Zeljka Zorz A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to

React to this headline:

Loading spinner

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) Read More »

Critical Authentication Bypass Resolved in GitHub Enterprise Server

GitHub, Vulnerabilities, vulnerability /

Critical Authentication Bypass Resolved in GitHub Enterprise Server 2024-05-22 at 16:01 By Ionut Arghire Critical vulnerability in GitHub Enterprise Server allows unauthenticated attackers to obtain administrative privileges. The post Critical Authentication Bypass Resolved in GitHub Enterprise Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Critical Authentication Bypass Resolved in GitHub Enterprise Server Read More »

Critical Veeam Vulnerability Leads to Authentication Bypass

Veeam, Vulnerabilities, vulnerability /

Critical Veeam Vulnerability Leads to Authentication Bypass 2024-05-22 at 16:01 By Ionut Arghire Veeam Backup Enterprise Manager update resolves multiple vulnerabilities, including a critical authentication bypass. The post Critical Veeam Vulnerability Leads to Authentication Bypass appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to this headline:

React to this headline:

Loading spinner

Critical Veeam Vulnerability Leads to Authentication Bypass Read More »

Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager

Ivanti, Vulnerabilities, vulnerability /

Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager 2024-05-22 at 14:46 By Ionut Arghire Ivanti has released product updates to resolve multiple vulnerabilities, including critical code execution flaws in Endpoint Manager. The post Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager Read More »

Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution

Honeywell, ICS, ICS/OT, vulnerability /

Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution 2024-05-22 at 14:46 By Eduard Kovacs Claroty shows how Honeywell ControlEdge Virtual UOC vulnerability can be exploited for unauthenticated remote code execution. The post Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution Read More »

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849)

backup, Don't miss, enterprise, Hot stuff, News, Veeam Software, vulnerability /

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) 2024-05-22 at 11:46 By Zeljka Zorz Veeam has patched four vulnerabilities in Backup Enterprise Manager (VBEM), one of which (CVE-2024-29849) may allow attackers to bypass authentication and log in to its web interface as any user. With no user interaction required for remote exploitation and

React to this headline:

Loading spinner

Veeam fixes auth bypass flaw in Backup Enterprise Manager (CVE-2024-29849) Read More »

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

Don't miss, Hot stuff, NAS, News, PoC, QNAP, security update, vulnerability, WatchTowr /

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) 2024-05-21 at 17:31 By Zeljka Zorz Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack overflow vulnerability (CVE-2024-27130) that may be leveraged for remote code execution. The vulnerabilities and the CVE-2024-27130

React to this headline:

Loading spinner

15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130) Read More »

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

AWS, Cisco, cloud computing, Don't miss, Google Cloud, Hot stuff, Intel, logging, News, open source, Sumo Logic, Tenable, Trend Micro, VMWare, vulnerability /

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) 2024-05-21 at 14:31 By Zeljka Zorz Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution. About

React to this headline:

Loading spinner

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) Read More »

Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies

cloud security, Vulnerabilities, vulnerability /

Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies 2024-05-20 at 18:46 By Eduard Kovacs Linguistic Lumberjack (CVE-2024-4323) is a critical vulnerability in the Fluent Bit logging utility that can allow DoS, information disclosure and possibly RCE. The post Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies appeared first

React to this headline:

Loading spinner

Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies Read More »

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

Don't miss, endpoint management, enterprise, Hot stuff, Ivanti, News, PoC, Redline Cyber Security, vulnerability /

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) 2024-05-20 at 14:02 By Zeljka Zorz Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the vulnerability’s reporter. About CVE-2024-22026 Ivanti Endpoint Manager Mobile (formerly MobileIron Core) is used by enterprises to

React to this headline:

Loading spinner

PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026) Read More »

Critical Flaw in AI Python Package Can Lead to System and Data Compromise

AI, Application Security, Artificial Intelligence, vulnerability /

Critical Flaw in AI Python Package Can Lead to System and Data Compromise 2024-05-17 at 17:01 By Eduard Kovacs A critical vulnerability tracked as CVE-2024-34359 and dubbed Llama Drama can allow hackers to target AI product developers. The post Critical Flaw in AI Python Package Can Lead to System and Data Compromise appeared first on

React to this headline:

Loading spinner

Critical Flaw in AI Python Package Can Lead to System and Data Compromise Read More »

CISA Warns of Exploited Vulnerabilities in EOL D-Link Products

CISA KEV, D-Link, router, Vulnerabilities, vulnerability /

CISA Warns of Exploited Vulnerabilities in EOL D-Link Products 2024-05-17 at 17:01 By Ionut Arghire CISA has added two vulnerabilities in discontinued D-Link products to its KEV catalog, including a decade-old flaw. The post CISA Warns of Exploited Vulnerabilities in EOL D-Link Products appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS

React to this headline:

Loading spinner

CISA Warns of Exploited Vulnerabilities in EOL D-Link Products Read More »

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)

DevOps, Don't miss, Git, GitHub, Hot stuff, News, open source, security update, vulnerability /

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) 2024-05-16 at 14:16 By Zeljka Zorz New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation. About Git Git is a widely-popular distributed version

React to this headline:

Loading spinner

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) Read More »

Scroll to Top