vulnerability

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools

AI, AI/ML, Artificial Intelligence, vulnerability /

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools 2024-06-14 at 10:01 By Ionut Arghire Protect AI warns of a dozen critical vulnerabilities in open source AI/ML tools reported via its bug bounty program. The post Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools appeared first on SecurityWeek. This article is an […]

React to this headline:

Loading spinner

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools Read More »

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

CVE, Devcore, Don't miss, exploit, Hot stuff, Imperva, News, PHP, Ransomware, vulnerability, WatchTowr, Windows /

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) 2024-06-13 at 15:01 By Zeljka Zorz An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one

React to this headline:

Loading spinner

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) Read More »

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities 2024-06-12 at 13:31 By Ionut Arghire Google and Mozilla have released patches for 21 and 15 vulnerabilities in Chrome and Firefox, respectively. The post Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities Read More »

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

Android, CVE, DevOps, Don't miss, Hot stuff, Java, JetBrains, Kotlin, News, software development, vulnerability /

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) 2024-06-11 at 15:46 By Zeljka Zorz JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. About CVE-2024-37051 JetBrains offers IDEs for various programming languages. CVE-2024-37051 is a vulnerability in the

React to this headline:

Loading spinner

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) Read More »

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft

AI, Artificial Intelligence, Vulnerabilities, vulnerability /

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft 2024-06-10 at 17:31 By Ionut Arghire A critical vulnerability in the PyTorch distributed RPC framework could be exploited for remote code execution. The post Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft Read More »

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

CVE, Don't miss, enterprise, file-sharing, Hot stuff, News, SolarWinds, vulnerability /

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) 2024-06-07 at 20:01 By Zeljka Zorz SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28995 Serv-U MFT Server is a widely used enterprise solution that

React to this headline:

Loading spinner

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) Read More »

Zyxel patches critical flaws in EOL NAS devices

CVE, Don't miss, Hot stuff, NAS, News, Outpost24, patch, PoC, vulnerability, Zyxel /

Zyxel patches critical flaws in EOL NAS devices 2024-06-06 at 14:46 By Zeljka Zorz Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities The three vulnerabilities are: A command injection vulnerability in the CGI program that could allow

React to this headline:

Loading spinner

Zyxel patches critical flaws in EOL NAS devices Read More »

Vulnerability in Cisco Webex cloud service exposed government authorities, companies

Cisco, cloud security, Don't miss, enterprise, Europe, Germany, Government, Hot stuff, News, research, video conferencing, vulnerability, Webex /

Vulnerability in Cisco Webex cloud service exposed government authorities, companies 2024-06-05 at 22:33 By Zeljka Zorz The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex

React to this headline:

Loading spinner

Vulnerability in Cisco Webex cloud service exposed government authorities, companies Read More »

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Censys, CVE, Don't miss, enterprise, Hot stuff, News, PoC, Progress, vulnerability /

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) 2024-06-04 at 17:46 By Zeljka Zorz Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and

React to this headline:

Loading spinner

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) Read More »

Details of Atlassian Confluence RCE Vulnerability Disclosed

Atlassian, Vulnerabilities, vulnerability /

Details of Atlassian Confluence RCE Vulnerability Disclosed 2024-06-04 at 17:16 By Ionut Arghire SonicWall has shared technical details on a recently addressed high-severity remote code execution flaw in Confluence. The post Details of Atlassian Confluence RCE Vulnerability Disclosed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Details of Atlassian Confluence RCE Vulnerability Disclosed Read More »

Progress Patches Critical Vulnerability in Telerik Report Server

Vulnerabilities, vulnerability /

Progress Patches Critical Vulnerability in Telerik Report Server 2024-06-04 at 15:46 By Ionut Arghire A critical vulnerability in the Progress Telerik Report Server could allow unauthenticated attackers to access restricted functionality. The post Progress Patches Critical Vulnerability in Telerik Report Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Progress Patches Critical Vulnerability in Telerik Report Server Read More »

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking

Cox, Featured, modem, Network Security, vulnerability /

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking 2024-06-04 at 13:25 By Eduard Kovacs Cox recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems. The post Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking Read More »

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

Atlassian Confluence, CVE, Don't miss, Hot stuff, News, PoC, SonicWall, vulnerability /

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) 2024-06-03 at 12:16 By Zeljka Zorz If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About CVE-2024-21683 Confluence Server and

React to this headline:

Loading spinner

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) Read More »

Check Point VPN Attacks Involve Zero-Day Exploited Since April

Check Point, exploited, Featured, Malware & Threats, VPN, vulnerability, Zero-Day /

Check Point VPN Attacks Involve Zero-Day Exploited Since April 2024-05-30 at 12:46 By Eduard Kovacs The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords. The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Check Point VPN Attacks Involve Zero-Day Exploited Since April Read More »

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution

Vulnerabilities, vulnerability /

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution 2024-05-29 at 18:01 By Ionut Arghire Vulnerabilities in the real-time IoT operating system Eclipse ThreadX before version 6.4 could lead to denial-of-service and code execution. The post Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

CVE, Don't miss, enterprise, exploit, Fortinet, Horizon3.ai, Hot stuff, News, PoC, vulnerability /

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

Loading spinner

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Google Patches Fourth Chrome Zero-Day in Two Weeks

Chrome, CVE-2024-5274, Featured, Vulnerabilities, vulnerability, Zero-Day /

Google Patches Fourth Chrome Zero-Day in Two Weeks 2024-05-24 at 12:16 By Ionut Arghire Exploited in the wild, Chrome vulnerability CVE-2024-5274 is a high-severity flaw described as a type confusion in the V8 JavaScript and WebAssembly engine. The post Google Patches Fourth Chrome Zero-Day in Two Weeks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Google Patches Fourth Chrome Zero-Day in Two Weeks Read More »

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

0-day, Chrome, CVE, Don't miss, Hot stuff, News, security update, Vivaldi, vulnerability /

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) 2024-05-24 at 10:46 By Zeljka Zorz For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vulnerability

React to this headline:

Loading spinner

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274) Read More »

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)

Don't miss, enterprise, GitHub, Hot stuff, News, software development, vulnerability /

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) 2024-05-23 at 13:16 By Zeljka Zorz A critical, 10-out-of-10 vulnerability (CVE-2024-4985) allowing unrestricted access to vulnerable GitHub Enterprise Server (GHES) instances has been fixed by Microsoft-owned GitHub. Fortunately, there is a catch that may narrow down the pool of potential victims: instances are vulnerable to

React to this headline:

Loading spinner

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985) Read More »

Critical Authentication Bypass Resolved in GitHub Enterprise Server

GitHub, Vulnerabilities, vulnerability /

Critical Authentication Bypass Resolved in GitHub Enterprise Server 2024-05-22 at 16:01 By Ionut Arghire Critical vulnerability in GitHub Enterprise Server allows unauthenticated attackers to obtain administrative privileges. The post Critical Authentication Bypass Resolved in GitHub Enterprise Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

Critical Authentication Bypass Resolved in GitHub Enterprise Server Read More »

Scroll to Top