vulnerability

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)

cloud computing, CVE, Don't miss, enterprise, Hot stuff, News, virtualization, VMWare, vulnerability /

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) 2024-06-18 at 12:16 By Zeljka Zorz VMware by Broadcom has fixed two critical vulnerabilities (CVE-2024-37079, CVE-2024-37080) affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation. “A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially […]

React to this headline:

Loading spinner

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080) Read More »

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability

exploit, vulnerability /

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability 2024-06-14 at 18:31 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of a Critical PHP Vulnerability Read More »

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability 

exploit, vulnerability /

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  2024-06-14 at 18:16 By Neetha Overview  On May 7, 2024, Devcore Principal Security Researcher Orange Tsai discovered and reported a critical Remote Code Execution (RCE) vulnerability, CVE-2024-4577, to the PHP official team. This vulnerability stems from errors in character encoding conversions, particularly affecting the “Best Fit” feature on

React to this headline:

Loading spinner

CVE-2024-4577: Ongoing Exploitation of Critical PHP Vulnerability  Read More »

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE

ICS, ICS/OT, Rockwell Automation, Vulnerabilities, vulnerability /

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE 2024-06-14 at 13:46 By Eduard Kovacs Rockwell Automation has patched three high-severity vulnerabilities in its FactoryTalk View SE HMI software. The post Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

Loading spinner

Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE Read More »

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools

AI, AI/ML, Artificial Intelligence, vulnerability /

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools 2024-06-14 at 10:01 By Ionut Arghire Protect AI warns of a dozen critical vulnerabilities in open source AI/ML tools reported via its bug bounty program. The post Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Easily Exploitable Critical Vulnerabilities Found in Open Source AI/ML Tools Read More »

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577)

CVE, Devcore, Don't miss, exploit, Hot stuff, Imperva, News, PHP, Ransomware, vulnerability, WatchTowr, Windows /

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) 2024-06-13 at 15:01 By Zeljka Zorz An OS command injection vulnerability in Windows-based PHP (CVE-2024-4577) in CGI mode is being exploited by the TellYouThePass ransomware gang. Imperva says the attacks started on June 8, two days after the PHP development team pushed out fixes, and one

React to this headline:

Loading spinner

PHP command injection flaw exploited to deliver ransomware (CVE-2024-4577) Read More »

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities

Chrome, Firefox, Vulnerabilities, vulnerability /

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities 2024-06-12 at 13:31 By Ionut Arghire Google and Mozilla have released patches for 21 and 15 vulnerabilities in Chrome and Firefox, respectively. The post Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Chrome 126, Firefox 127 Patch High-Severity Vulnerabilities Read More »

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)

Android, CVE, DevOps, Don't miss, Hot stuff, Java, JetBrains, Kotlin, News, software development, vulnerability /

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) 2024-06-11 at 15:46 By Zeljka Zorz JetBrains has fixed a critical vulnerability (CVE-2024-37051) that could expose users of its integrated development environments (IDEs) to GitHub access token compromise. About CVE-2024-37051 JetBrains offers IDEs for various programming languages. CVE-2024-37051 is a vulnerability in the

React to this headline:

Loading spinner

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) Read More »

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft

AI, Artificial Intelligence, Vulnerabilities, vulnerability /

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft 2024-06-10 at 17:31 By Ionut Arghire A critical vulnerability in the PyTorch distributed RPC framework could be exploited for remote code execution. The post Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Critical PyTorch Vulnerability Can Lead to Sensitive AI Data Theft Read More »

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

CVE, Don't miss, enterprise, file-sharing, Hot stuff, News, SolarWinds, vulnerability /

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) 2024-06-07 at 20:01 By Zeljka Zorz SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28995 Serv-U MFT Server is a widely used enterprise solution that

React to this headline:

Loading spinner

SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995) Read More »

Zyxel patches critical flaws in EOL NAS devices

CVE, Don't miss, Hot stuff, NAS, News, Outpost24, patch, PoC, vulnerability, Zyxel /

Zyxel patches critical flaws in EOL NAS devices 2024-06-06 at 14:46 By Zeljka Zorz Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities The three vulnerabilities are: A command injection vulnerability in the CGI program that could allow

React to this headline:

Loading spinner

Zyxel patches critical flaws in EOL NAS devices Read More »

Vulnerability in Cisco Webex cloud service exposed government authorities, companies

Cisco, cloud security, Don't miss, enterprise, Europe, Germany, Government, Hot stuff, News, research, video conferencing, vulnerability, Webex /

Vulnerability in Cisco Webex cloud service exposed government authorities, companies 2024-06-05 at 22:33 By Zeljka Zorz The vulnerability that allowed a German journalist to discover links to video conference meetings held by Bundeswehr (the German armed forces) and the Social Democratic Party of Germany (SPD) via their self-hosted Cisco Webex instances similarly affected the Webex

React to this headline:

Loading spinner

Vulnerability in Cisco Webex cloud service exposed government authorities, companies Read More »

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Censys, CVE, Don't miss, enterprise, Hot stuff, News, PoC, Progress, vulnerability /

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) 2024-06-04 at 17:46 By Zeljka Zorz Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a centralized enterprise platform for report creation, management, storage and

React to this headline:

Loading spinner

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800) Read More »

Details of Atlassian Confluence RCE Vulnerability Disclosed

Atlassian, Vulnerabilities, vulnerability /

Details of Atlassian Confluence RCE Vulnerability Disclosed 2024-06-04 at 17:16 By Ionut Arghire SonicWall has shared technical details on a recently addressed high-severity remote code execution flaw in Confluence. The post Details of Atlassian Confluence RCE Vulnerability Disclosed appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React

React to this headline:

Loading spinner

Details of Atlassian Confluence RCE Vulnerability Disclosed Read More »

Progress Patches Critical Vulnerability in Telerik Report Server

Vulnerabilities, vulnerability /

Progress Patches Critical Vulnerability in Telerik Report Server 2024-06-04 at 15:46 By Ionut Arghire A critical vulnerability in the Progress Telerik Report Server could allow unauthenticated attackers to access restricted functionality. The post Progress Patches Critical Vulnerability in Telerik Report Server appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Progress Patches Critical Vulnerability in Telerik Report Server Read More »

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking

Cox, Featured, modem, Network Security, vulnerability /

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking 2024-06-04 at 13:25 By Eduard Kovacs Cox recently patched a series of vulnerabilities that could have allowed hackers to remotely take control of millions of modems. The post Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking appeared first on SecurityWeek. This article is an excerpt

React to this headline:

Loading spinner

Vulnerabilities Exposed Millions of Cox Modems to Remote Hacking Read More »

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

Atlassian Confluence, CVE, Don't miss, Hot stuff, News, PoC, SonicWall, vulnerability /

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) 2024-06-03 at 12:16 By Zeljka Zorz If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About CVE-2024-21683 Confluence Server and

React to this headline:

Loading spinner

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683) Read More »

Check Point VPN Attacks Involve Zero-Day Exploited Since April

Check Point, exploited, Featured, Malware & Threats, VPN, vulnerability, Zero-Day /

Check Point VPN Attacks Involve Zero-Day Exploited Since April 2024-05-30 at 12:46 By Eduard Kovacs The recently disclosed Check Point VPN attacks involve the zero-day vulnerability CVE-2024-24919, which allows hackers to obtain passwords. The post Check Point VPN Attacks Involve Zero-Day Exploited Since April appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Check Point VPN Attacks Involve Zero-Day Exploited Since April Read More »

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution

Vulnerabilities, vulnerability /

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution 2024-05-29 at 18:01 By Ionut Arghire Vulnerabilities in the real-time IoT operating system Eclipse ThreadX before version 6.4 could lead to denial-of-service and code execution. The post Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

Vulnerabilities in Eclipse ThreadX Could Lead to Code Execution Read More »

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

CVE, Don't miss, enterprise, exploit, Fortinet, Horizon3.ai, Hot stuff, News, PoC, vulnerability /

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) 2024-05-29 at 13:01 By Zeljka Zorz Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM helps customers build an inventory of their organization’s assets, it

React to this headline:

Loading spinner

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992) Read More »

Scroll to Top