CVE-2023-41080: Apache Tomcat Open Redirect Vulnerability
Web servers are at the heart of our online experiences. They serve web pages, host web applications, and handle millions of requests daily. Just like any other complex system, they...
Web servers are at the heart of our online experiences. They serve web pages, host web applications, and handle millions of requests daily. Just like any other complex system, they...
A critical security vulnerability has been discovered in the Zimbra Collaboration Suite that could allow an unauthenticated attacker to gain access to a Zimbra account. The vulnerability, tracked as CVE-2023-41106,...
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. The vulnerabilities, in RARLAB WinRAR and Ignite Realtime Openfire,...
A critical security vulnerability has been discovered in Python’s SSLSocket module. This vulnerability, CVE-2023-40217, allows an attacker to bypass the TLS handshake and inject malicious data into a secure connection....
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added two critical vulnerabilities impacting Veeam Backup & Replication and Ivanti Sentry software to its Known Exploited Vulnerabilities (KEV) Catalog. CISA...
A critical security vulnerability has been identified in FileMage Gateway, a cloud-based file transfer solution. The vulnerability, which has been assigned the CVE identifier CVE-2023-39026, allows unauthenticated attackers to retrieve...
A local privilege escalation vulnerability, labeled CVE-2023-32184, has been discovered in openSUSE Welcome, a small Qt program that is autostarted the first time a user performs a graphical login. The...
A cross-site scripting (XSS) vulnerability has been found in the Advanced Custom Fields (ACF) and Advanced Custom Fields Pro WordPress plugins. The vulnerability, tracked as CVE-2023-40068, affects versions 6.1.0 to...
The Cybersecurity & Infrastructure Security Agency (CISA), a key player in ensuring America’s cyber front remains secure, has drawn attention to a severe security vulnerability affecting Adobe ColdFusion versions 2021...
Ivanti, a US-based IT software company, has warned customers that a critical vulnerability in its Sentry API is being exploited in the wild. The vulnerability, tracked as CVE-2023-38035, allows unauthenticated...
Apache Ivy is a popular dependency manager used by many software projects. However, a vulnerability -CVE-2022-46751- in Ivy prior to version 2.5.2 could allow an attacker to inject malicious code...
Proof-of-concept (PoC) exploit code will be released for a zero-day vulnerability (CVE-2023-36874) allowing privilege escalation in Microsoft Windows. The vulnerability (CVSS score of 7.8) affects the Windows Error Reporting Service...
Recently, Hudson Rock conducted a comprehensive analysis of a series of data breaches across various hacker forums, subsequently publishing an illuminating report on their findings. The investigation revealed that a...
WinRAR is a popular file archiver program that is used by millions of people around the world. It can create and view archives in RAR or ZIP file formats, and...
ClamAV is a free and open-source antivirus software used to scan for viruses, trojans, and other malware. However, two vulnerabilities have been found in ClamAV that could allow an attacker...