Microsoft late Thursday raised the alarm after discovering Chinese cyber-espionage operators chaining two zero-day exploits to achieve remote code execution on affected Microsoft Exchange servers. Microsoft said the two under-attack vulnerabilities exist in Microsoft...
Recently, Discourse released patches for 4 vulnerabilities in its product, that could be exploited by remote attackers to take control of an affected system. Discourse is a free and open-source Internet forum software. Features...
A security researcher from Google, Andy Nguyen released CVE-2022-2566 PoC exploit code for high FFmpeg heap out-of-bounds memory write vulnerability affecting FFMPEG since version 5.1. FFmpeg is the leading multimedia framework, able to decode, encode,...
Tomcat released the latest security bulletin on September 28, which contains an information disclosure vulnerability. Tracked as CVE-2021-43980, the severity is high. The security researcher Adam Thomas, Richard Hernandez, and Ryan Schmitt has been credited...
The Drupal security team has released a “critical” advisory to call attention to the severe vulnerability in a third-party library and warned that hackers could exploit the bugs to read access to private files,...
Microsoft Endpoint Configuration Manager is an on-premises management solution to manage desktops, servers, and laptops that are on your network or are internet-based. You can cloud-enable it to integrate with Intune, Azure Active Directory...
WhatsApp recently addressed two security vulnerabilities in its messaging app for Android and iOS that could have been exploited to execute malicious code remotely on the device. Rated as critical severity (CVSS score: 9.8),...
The maintainers of the Redis have pushed software updates to fix a high-impact security vulnerability. Tracked as CVE-2022-35951, the security flaw has a CVSS score of 7.0 and is described as a heap overflow...
On September 23, British-based cybersecurity vendor Sophos published a security advisory about CVE-2022-3236, a code injection vulnerability that affects the User Portal and Webadmin of Sophos Firewall and could be exploited to execute arbitrary...
Recently, Apache InLong fixed a deserialization vulnerability. This bug is caused by a flaw when MySQL JDBC connection URL parameters are deserialized by Apache InLong, an attacker could exploit this vulnerability to deserialize and...
