Apache Pinot, a real-time analytics open-source platform for lightning-fast insights, effortless scaling, and cost-effective data-driven decisions, has recently disclosed a serious security vulnerability (CVE-2024-39676). This flaw could allow unauthorized actors to access sensitive system...
Researchers have discovered a new critical vulnerability in the Domain Name System (DNS), which enables a specialized attack termed “TuDoor.” This attack can be used to poison DNS caches, initiate denial-of-service (DoS) conditions, and...
Cybersecurity researchers have uncovered a privilege escalation vulnerability in the Cloud Functions service on the Google Cloud Platform. This vulnerability, dubbed ConfusedFunction, could allow an attacker to gain unauthorized access to other services and...
Experts at Truffle Security have discovered that data from deleted forks, repositories, and even private repositories on GitHub may remain accessible indefinitely. This issue is not only known to the company but is also...
A critical vulnerability (CVE-2024-40767) has been discovered in OpenStack Nova, the open-source cloud computing platform’s core component for managing virtual servers. This flaw could allow unauthorized users to access sensitive data on cloud servers,...
A critical security vulnerability, CVE-2021-38578, has been discovered in a wide range of HPE ProLiant, Alletra, Synergy, Apollo, and Edgeline servers. This vulnerability, rated with a severity score of 9.8, could allow remote attackers...
Researchers from Palo Alto Networks have recently detailed two significant security vulnerabilities in LangChain, a widely used open-source generative AI framework boasting nearly 90,000 stars on GitHub. These vulnerabilities, identified as CVE-2023-46229 and CVE-2023-44467,...
A stealthy cyber campaign is leveraging a critical flaw in Microsoft Windows SmartScreen, the built-in security feature designed to protect users from malicious downloads. This vulnerability, tracked as CVE-2024-21412, has been weaponized by multiple...
A critical vulnerability, CVE-2023-45249 (CVSS 9.8), has been discovered in Acronis Cyber Infrastructure (ACI), a popular software-defined infrastructure solution used by numerous organizations for cyber protection. The vulnerability, stemming from the use of default...
In a recent security advisory, a critical vulnerability has been identified in Spring Cloud Data Flow, a popular microservices-based streaming and batch data processing platform used in Cloud Foundry and Kubernetes environments. This vulnerability,...
Resecurity has uncovered a widespread campaign exploiting critical vulnerabilities in ServiceNow, a popular platform for digital workflows. The flaws, identified as CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, allowed unauthenticated attackers to execute code remotely and steal...
Researcher Yehuda Smirnov has uncovered a critical vulnerability in Microsoft’s Windows Hello for Business (WHfB) authentication system. His discovery calls into question the reliability of biometric security, once considered invincible. WHfB, introduced by Microsoft...
Progress Software’s widely used Telerik Reporting tools are facing serious security vulnerabilities that could lead to full system compromise, the company warned today. Two flaws, one rated “critical,” allow attackers to remotely execute code...
JetBrains TeamCity, a widely used continuous integration and continuous delivery (CI/CD) platform, has been found to contain a high-severity security vulnerability (CVE-2024-41827). This flaw allows deleted or expired access tokens to continue functioning, potentially...
GitLab, the widely-used code collaboration platform, released a security update today that addresses a half-dozen vulnerabilities across multiple versions of its software. While none of the flaws are classified as “critical,” one high-severity cross-site...
Support Securityonline.info site. Thanks!
