Tag: cve
-
Microsoft patches actively exploited security feature bypass vulnerability (CVE-2024-29988)
On this April 2024 Patch Tuesday, Microsoft has fixed a record 147 CVE-numbered vulnerabilities, including CVE-2024-29988, a vulnerability that Micros… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/04/09/april-2024-patch-tuesday-cve-2024-29988/
-
Exploitation Attempts Target Unpatched Flaw Affecting Many D-Link NAS Devices
Unpatched D-Link NAS device vulnerability CVE-2024-3273, potentially affecting many devices, is being exploited in the wild. The post d D-Link NAS dev… First seen on securityweek.com Jump to article: www.securityweek.com/exploitation-attempts-target-unpatched-flaw-affecting-many-d-link-nas-devices/
-
D-Link RCE Vulnerability That Affects 92,000 Devices Exploited in Wild
Cybercriminals have actively exploited a critical vulnerability in D-Link Network Attached Storage (NAS) devices globally. Identified as CVE-2024-3273… First seen on gbhackers.com Jump to article: gbhackers.com/d-link-rce-vulnerability-exploited-in-wild/
-
Magento flaw exploited to deploy persistent backdoor hidden in XML
Threat actors are exploiting critical Magento vulnerability CVE-2024-20720 to install a persistent backdoor on e-stores. Sansec researchers observed t… First seen on securityaffairs.com Jump to article: securityaffairs.com/161534/hacking/magento-vulnerability-actively-exploited.html
-
CVE-2024-3094: RCE Vulnerability Discovered in XZ Utils
CVE-2024-3094 is a critical Remote Code Execution (RCE) vulnerability found in the popular open-source XZ Utils library. This vulnerability affects XZ… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/cve-2024-3094-rce-vulnerability-discovered-in-xz-utils/
-
WallEscape-Schwachstelle CVE-2024-28085 in Linux-Tools
Kleiner Nachtrag von letzter Woche. Es gibt eine neue Schwachstelle, CVE-2024-28085 (WallEscape), die sich auf den wall-Befehl in util-linux auswirkt…. First seen on borncity.com Jump to article: www.borncity.com/blog/2024/03/31/wallescape-schwachstelle-cve-2024-28085-in-linux-tools/
-
Multiple Cisco Small Business Routers Vulnerable to XSS Attacks
Cisco has alerted its customers about a critical vulnerability affecting several Small Business RV Series Routers models. This vulnerability, CVE-2024… First seen on gbhackers.com Jump to article: gbhackers.com/vulnerable-to-xss-attacks/
-
Critical Progress Flowmon Vulnerability Let Attackers Inject Malicious Code
A new critical vulnerability has been discovered in Progress Flowmon, assigned with CVE-2024-2389. Progress Flowmon is a Cloud Application Performance… First seen on gbhackers.com Jump to article: gbhackers.com/progress-flowmon-vulnerability/
-
Update for KernelCare Live Patches for CVE-2024-1086 in AlmaLinux 8 9
The KernelCare team is working on deploying a live patch for CVE-2024-1086 for AlmaLinux 8 and AlmaLinux 9 users. As of April 3, the patches for CVE-2… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/update-for-kernelcare-live-patches-for-cve-2024-1086-in-almalinux-8-9/
-
CVE and NVD A Weak and Fractured Source of Vulnerability Truth
MITRE is unable to compile a list of all new vulnerabilities, and NIST is unable to subsequently, and consequently, provide an enriched database of al… First seen on securityweek.com Jump to article: www.securityweek.com/cve-and-nvd-a-weak-and-fractured-source-of-vulnerability-truth/
-
Microsoft Edge Bug CVE-2024-21388 erlaubte beliebiger Erweiterungen zu installieren
Eine inzwischen gepatchte Sicherheitslücke im Microsoft Edge Webbrowser hätte dazu missbraucht werden können, beliebige Erweiterungen auf den Systemen… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/03/28/microsoft-edge-bug-cve-2024-21388-erlaubte-bsartige-erweiterungen-zu-installieren/
-
Yet another reason why the xz backdoor is a sneaky b@$tard
(We are talking about the xz/libzma backdoor identified with CVE-2024-3094) Background If you just woke up from hibernation The post talking about the… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/yet-another-reason-why-the-xz-backdoor-is-a-sneaky-btard/
-
CISA Warns Of Active Exploitation Of Flaws In Fortinet, Ivanti, Nice Linear
A recent security alert warns of three critical vulnerabilities actively exploited in the wild, of which the first is CVE-2023-48788, an SQL injection… First seen on gbhackers.com Jump to article: gbhackers.com/cisa-warns-of-active-exploitation/
-
CVE-2023-40000: LiteSpeed Plugin Flaw Exposes Millions of WordPress Sites
A concerning security vulnerability within a widely-used WordPress plugin, LiteSpeed Cache, has been detected. Tracked as CVE-2023-40000, this vulnera… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-40000-litespeed-plugin-wordpress/
-
CVE-2024-1071: Ultimate Member Plugin Flaw Exposes WordPress Sites
The revelation of a critical security loophole within the widely deployed WordPress plugin, Ultimate Member, has sent shockwaves through the online co… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-1071-ultimate-member-plugin-wordpress/
-
CVE-2024-23204: Vulnerability in Apple’s Shortcuts App
Details have emerged about a high-severity security flaw in Apple’s Shortcuts app. This vulnerability, tracked as CVE-2024-23204, has the potential to… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-23204-apple-shortcuts-app/
-
Recent Fortinet FortiClient EMS Vulnerability Exploited in Attacks
CVE-2023-48788, a critical SQL injection vulnerability in Fortinet’s FortiClient EMS product, is being exploited in the wild. The post -48788, a criti… First seen on securityweek.com Jump to article: www.securityweek.com/recent-fortinet-forticlient-ems-vulnerability-exploited-in-attacks/
-
CVE-2023-52160: Wi-Fi Flaws Expose Android and Linux Devices
Two authentication bypass vulnerabilities were uncovered in open-source Wi-Fi software utilized across Android, Linux, and ChromeOS devices. These vul… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2023-52160-wi-fi-flaws/
-
Threat actors actively exploit JetBrains TeamCity flaws to deliver malware
Multiple threat actors are exploiting the recently disclosed JetBrains TeamCity flaw CVE-2024-27198 in attacks in the wild. Trend Micro researchers ar… First seen on securityaffairs.com Jump to article: securityaffairs.com/160823/breaking-news/jetbrains-teamcity-flaws-actively-exploited.html
-
Microsoft Patches Xbox Vulnerability Following Public Disclosure
Microsoft patches Xbox Gaming Services vulnerability CVE-2024-28916 after initially saying it was not a security issue. The post t patches Xbox Gaming… First seen on securityweek.com Jump to article: www.securityweek.com/microsoft-patches-xbox-vulnerability-following-public-disclosure/
-
CVE-2023-48788: Fortinet FortiClientEMS SQL Injection Deep Dive
Introduction In a recent PSIRT, Fortinet acknowledged CVE-2023-48788 a SQL injection in FortiClient EMS that can lead to remote code execution. Forti… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
-
Aiohttp Vulnerability in Attacker Crosshairs
A recently patched Aiohttp vulnerability tracked as CVE-2024-23334 is being targeted by threat actors, including by a ransomware group. The post ly pa… First seen on securityweek.com Jump to article: www.securityweek.com/aiohttp-vulnerability-in-attacker-crosshairs/
-
Hackers exploit Aiohttp bug to find vulnerable networks
The ransomware actor ‘ShadowSyndicate’ was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aioh… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/
-
Kubernetes Vulnerability Let Attackers Take Full System Control
A new vulnerability, CVE-2023-5528, has been discovered with Kubernetes. This vulnerability is associated with a command injection vulnerability that … First seen on gbhackers.com Jump to article: gbhackers.com/kubernetes-vulnerability-full-system-control/
-
NIST National Vulnerability Database Disruption Sees CVE Enrichment on Hold
Vulnerability data has stopped being added to the most widely used software vulnerability database for over a month, putting organizations at risk an… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/nist-vulnerability-database/
-
Sicherheitsforscher genervt: Lücken-Datenbank NVD seit Wochen unvollständig
Die von der US-Regierung betriebene Datenbank reichert im CVE-System gemeldete Sicherheitslücken mit wichtigen Metadaten an. Das blieb seit Februar au… First seen on heise.de Jump to article: www.heise.de/news/Sicherheitsforscher-genervt-Luecken-Datenbank-NVD-seit-Wochen-unvollstaendig-9656574.html
-
Hackers Exploit Windows SmartScreen Vulnerability to Install DarkGate Malware
The operators of DarkGate successfully leveraged a patched Windows Defender SmartScreen vulnerability, identified as CVE-2024-21412, as a zero-day att… First seen on gbhackers.com Jump to article: gbhackers.com/hackers-exploit-windows-smartscreen/
-
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)
Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/03/14/cve-2024-0799-cve-2024-0800/
-
Single RCE Bug Features Among 60 CVEs in March Patch Tuesday
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rce-bug-60-cves-patch-tuesday/
-
Magnet-Goblin Hackers Attack Public Services Using 1-Day Exploits
A new threat actor, Magnet Goblin, emerged by rapidly exploiting recently disclosed vulnerabilities (CVE-2023-46805 & CVE-2023-21887) in Ivanti Co… First seen on gbhackers.com Jump to article: gbhackers.com/magnet-goblin/