Vulnerability

2024 CWE Top 25: Critical Software Weaknesses Revealed

• Vulnerability

2024 CWE Top 25: Critical Software Weaknesses Revealed

do son November 20, 2024

The Common Weakness Enumeration (CWE) Top 25 list for 2024 has been released, and it provides a...

Read More Read more about 2024 CWE Top 25: Critical Software Weaknesses Revealed

WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts

• Vulnerability

WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts

do son November 20, 2024

Security researcher Snoolie K has published an in-depth analysis of a significant security flaw in WorkflowKit, which...

Read More Read more about WorkflowKit Race Vulnerability (CVE-2024-27821): Researcher Reveals Exploit that Let Malicious Apps Hijack Shortcuts

Veritas Enterprise Vault Vulnerability Could Allow Remote Code Execution

• Vulnerability

Veritas Enterprise Vault Vulnerability Could Allow Remote Code Execution

do son November 20, 2024

Veritas has released a security advisory regarding a critical remote code execution (RCE) vulnerability affecting multiple versions...

Read More Read more about Veritas Enterprise Vault Vulnerability Could Allow Remote Code Execution

Ruckus Networks Issues Security Advisory for Critical RCE Vulnerability in Access Points

• Vulnerability

Ruckus Networks Issues Security Advisory for Critical RCE Vulnerability in Access Points

do son November 20, 2024

Ruckus APs running specific software versions are vulnerable to unauthenticated remote code execution attacks. Ruckus Networks has...

Read More Read more about Ruckus Networks Issues Security Advisory for Critical RCE Vulnerability in Access Points

Critical Vulnerability in D-Link EOL Routers Allows Remote Code Execution

• Vulnerability

Critical Vulnerability in D-Link EOL Routers Allows Remote Code Execution

do son November 20, 2024

D-Link has issued a security announcement concerning several End-of-Life (EOL) and End-of-Service (EOS) router models, including the...

Read More Read more about Critical Vulnerability in D-Link EOL Routers Allows Remote Code Execution

Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart

• Linux
• Vulnerability

Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart

do son November 20, 2024

Qualys Threat Research Unit uncovers five local privilege escalation flaws, enabling unprivileged users to gain root access....

Read More Read more about Five Critical Privilege Escalation Vulnerabilities Found in Ubuntu’s Default Utility, needrestart

CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed

• Vulnerability

CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed

do son November 20, 2024

A recently discovered vulnerability in the Trend Micro Deep Security 20 Agent could have allowed attackers to...

Read More Read more about CVE-2024-51503: Trend Micro Deep Security Agent RCE Vulnerability Fixed

Analysis & PoC Exploits Released for Palo Alto Zero-Days – CVE-2024-0012 and CVE-2024-9474

• Vulnerability

Analysis & PoC Exploits Released for Palo Alto Zero-Days – CVE-2024-0012 and CVE-2024-9474

do son November 19, 2024

In a recent analysis, security researcher Sonny from watchTowr unveiled the technical intricacies of two zero-day vulnerabilities...

Read More Read more about Analysis & PoC Exploits Released for Palo Alto Zero-Days – CVE-2024-0012 and CVE-2024-9474

CVE-2024-21697: High Severity Flaw in Sourcetree Enables Remote Code Execution

• Vulnerability

CVE-2024-21697: High Severity Flaw in Sourcetree Enables Remote Code Execution

do son November 19, 2024

Atlassian has issued a security advisory warning of a critical remote code execution (RCE) vulnerability in its...

Read More Read more about CVE-2024-21697: High Severity Flaw in Sourcetree Enables Remote Code Execution

Google Chrome Patches High-Severity Flaw CVE-2024-11395 in Latest Stable Release

• Vulnerability

Google Chrome Patches High-Severity Flaw CVE-2024-11395 in Latest Stable Release

do son November 19, 2024

Google has released a new stable version of its Chrome browser for desktop, addressing three security vulnerabilities,...

Read More Read more about Google Chrome Patches High-Severity Flaw CVE-2024-11395 in Latest Stable Release

CVE-2024-21287: Critical Zero-Day Exploited in Oracle Agile PLM

• Vulnerability

CVE-2024-21287: Critical Zero-Day Exploited in Oracle Agile PLM

do son November 19, 2024

Oracle has issued an urgent security alert regarding a critical vulnerability in its Agile Product Lifecycle Management...

Read More Read more about CVE-2024-21287: Critical Zero-Day Exploited in Oracle Agile PLM

CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise

• Vulnerability

CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise

do son November 19, 2024

CVE-2024-47533 exposes Cobbler servers to unauthorized access and control, enabling attackers to manipulate system configurations. A critical...

Read More Read more about CVE-2024-47533 (CVSS 9.8): Cobbler Vulnerability Exposes Linux Servers to Compromise

CVE-2024-42057: Exploited by Helldown Ransomware to Target Linux

• Malware
• Vulnerability

CVE-2024-42057: Exploited by Helldown Ransomware to Target Linux

do son November 19, 2024

Sekoia’s Threat Detection & Research (TDR) team uncovers a Linux variant of the Helldown ransomware, expanding the...

Read More Read more about CVE-2024-42057: Exploited by Helldown Ransomware to Target Linux

Wget Vulnerability (CVE-2024-10524) Opens Door to SSRF Attacks

• Vulnerability

Wget Vulnerability (CVE-2024-10524) Opens Door to SSRF Attacks

do son November 19, 2024

A newly discovered vulnerability in the popular Wget download utility could allow attackers to launch server-side request...

Read More Read more about Wget Vulnerability (CVE-2024-10524) Opens Door to SSRF Attacks

CVE-2024-47208 & CVE-2024-48962: Apache OFBiz Exposed to Remote Code Execution

• Vulnerability

CVE-2024-47208 & CVE-2024-48962: Apache OFBiz Exposed to Remote Code Execution

do son November 19, 2024

The Apache Software Foundation has released important security updates to address two critical vulnerabilities in Apache OFBiz,...

Read More Read more about CVE-2024-47208 & CVE-2024-48962: Apache OFBiz Exposed to Remote Code Execution