A remote code execution (RCE) vulnerability, tracked as CVE-2024-27348, is currently under active exploitation in the wild, targeting Apache HugeGraph-Server deployments. This discovery comes from the Shadowserver Foundation, a non-profit cybersecurity organization that has...
A severe security vulnerability has been identified in Setuptools, a widely-used library for packaging, distributing, and installing Python projects. This flaw, designated CVE-2024-6345 with a CVSS score of 8.8, exposes systems to remote code...
A critical vulnerability in PHP, designated CVE-2024-4577, has become a prime target for cybercriminals within a day of its public disclosure in June 2024. The Akamai Security Intelligence Response Team (SIRT) has observed a...
Trend Micro, a global leader in cybersecurity, has issued a warning about a recent wave of attacks targeting misconfigured Jenkins servers. Cybercriminals are exploiting vulnerabilities in the Jenkins Script Console to illicitly install and...
The Qualys Threat Research Unit (TRU) has detailed a severe security flaw, dubbed ‘regreSSHion,’ that leaves millions of Linux systems vulnerable to remote code execution. The vulnerability, identified as CVE-2024-6387, affects OpenSSH’s server (sshd)...
Progress Software Corporation has issued a dire warning to all users of its WhatsUp Gold network monitoring software, revealing a series of severe vulnerabilities that could have devastating consequences if left unaddressed. These vulnerabilities...
A severe remote code execution (RCE) vulnerability has been discovered in PyTorch Lightning, a widely-used framework for accelerating machine learning research and development. The vulnerability, tracked as CVE-2024-5452 (CVSS 9.8), enables attackers to remotely...
A critical vulnerability (CVE-2024-5480) has been discovered in PyTorch’s distributed RPC (Remote Procedure Call) framework, exposing machine learning models and sensitive data to potential remote code execution (RCE) attacks. This flaw, identified by security...
The Apache Software Foundation has issued a critical security patch to address a severe vulnerability in Apache OFBiz, a popular open-source enterprise automation platform. The flaw, tracked as CVE-2024-36104, could allow remote attackers to...
Recently, the Wiz Research team revealed a critical vulnerability in the AI-as-a-Service provider, Replicate. This vulnerability had the potential to expose millions of private AI models and applications. Following a series of investigations into...
Qlik, a prominent player in the data analytics space, has issued a critical security advisory warning users of a high-risk vulnerability (CVE-2024-36077) in their Qlik Sense Enterprise for Windows platform. With a CVSS score...
The Git project, a cornerstone of software development, has recently addressed a series of critical security vulnerabilities that could expose users to remote code execution (CVE-2024-32002, CVE-2024-32004) and unauthorized data manipulation. Critical Flaws Discovered:...
A bombshell awaits the cybersecurity world at the upcoming t2 Infosec Conference. Security researchers Christer, Claes, and Marcus of signedness.org have uncovered a severe flaw (CVE-2024-29937) in Network File System (NFS) implementations used by...
Organizations relying on Fortra FileCatalyst Workflow, a widely-used enterprise file transfer solution, are at severe risk due to a newly disclosed remote code execution (RCE) vulnerability (CVE-2024-25153, CVSS 9.8) and a proof-of-concept (PoC) exploit...
In September 2023, the infamous Russian-linked cyber-espionage group APT29 flexed its muscle again, this time targeting embassies of several nations with a well-crafted attack. The group exploited a critical vulnerability in WinRAR (CVE-2023-38831) to...
Support Securityonline.info site. Thanks!
