Tag: rce
-
CISA warns about actively exploited Apache OFBiz RCE flaw
Tags: apache, attack, cisa, cybersecurity, exploit, flaw, infrastructure, rce, remote-code-execution, vulnerabilityThe U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting A… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-about-actively-exploited-apache-ofbiz-rce-flaw/
-
RCE possible with critical Apache OFBiz zero-day
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/rce-possible-with-critical-apache-ofbiz-zero-day
-
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for in… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/
-
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenar… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/samsung-to-pay-1-000-000-for-rces-on-galaxys-secure-vault/
-
Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthentic… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/05/cve-2024-38856/
-
PatchNow: ServiceNow Critical RCE Bugs Under Active Exploit
First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
-
Progress fixes critical RCE flaw in Telerik Report Server, upgrade ASAP! (CVE-2024-6327)
Progress Software has fixed a critical vulnerability (CVE-2024-6327) in its Telerik Report Server solution and is urging users to upgrade as soon as p… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/26/cve-2024-6327/
-
Attacks exploiting critical ServiceNow RCE bugs underway
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/attacks-exploiting-critical-servicenow-rce-bugs-underway
-
Progress Software fixed critical RCE CVE-2024-6327 in the Telerik Report Server
Progress Software addressed a critical remote code execution vulnerability, tracked as CVE-2024-6327, in the Telerik Report Server. Telerik Report Ser… First seen on securityaffairs.com Jump to article: securityaffairs.com/166168/security/telerik-report-server-cve-2024-6327.html
-
Critical ServiceNow RCE flaws actively exploited to steal credentials
Tags: breach, credentials, data, exploit, flaw, government, rce, remote-code-execution, theft, threatThreat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft a… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
-
Progress warns of critical RCE bug in Telerik Report Server
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compro… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/
-
CISA Warns of Actively Exploited RCE Flaw in GeoServer GeoTools Software
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added a critical security flaw impacting OSGeo GeoServer GeoTools to its Kn… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/cisa-warns-of-actively-exploited-rce.html
-
Hackers are actively exploiting PHP RCE vulnerability (CVE-2024-4577)
A critical vulnerability in PHP, designated CVE-2024-4577, has become a prime target for cybercriminals within a day of its public disclosure in June … First seen on securityonline.info Jump to article: securityonline.info/hackers-are-actively-exploiting-php-rce-vulnerability-cve-2024-4577/
-
RCE flaw and DNS zero-day top list of Patch Tuesday bugs
Tags: authentication, dns, flaw, microsoft, rce, remote-code-execution, update, vulnerability, zero-dayAn RCE vulnerability in a Microsoft messaging feature and a third-party flaw in a DNS authentication protocol are the most pressing issues to address … First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366588458/RCE-flaw-and-DNS-zero-day-top-list-of-Patch-Tuesday-bugs
-
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/
-
Microsoft Outlook Faced Critical Zero-Click RCE Vulnerability
First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/microsoft-outlook-zero-click-rce/
-
PHP bug executes RCEs, cryptominers and DDoS attacks
First seen on scmagazine.com Jump to article: www.scmagazine.com/news/php-bug-executes-rces-cryptominers-and-ddos-attacks
-
Active exploitation of Ghostscript RCE underway
First seen on scmagazine.com Jump to article: www.scmagazine.com/brief/active-exploitation-of-ghostscript-rce-underway
-
New OpenSSH Vulnerability Could Lead to RCE as Root on Linux Systems
OpenSSH maintainers have released security updates to contain a critical security flaw that could result in unauthenticated remote code execution with… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html
-
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code executio… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/prompt-injection-flaw-in-vanna-ai.html
-
RCE bug in widely used Ghostscript library now exploited in attacks
A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in at… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/
-
Vanna AI Prompt Injection Vulnerability Enables RCE
First seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36048/Vanna-AI-Prompt-Injection-Vulnerability-Enables-RCE.html
-
Critical OpenSSH Flaw Enables Full System Compromise
A newly discovered RCE vulnerability, which can lead to full system compromise, has put over 14 million OpenSSH server instances are potentially at ri… First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/openssh-flaw-system-compromise/
-
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
Tags: ai, cybersecurity, flaw, infrastructure, intelligence, open-source, rce, remote-code-execution, tool, update, vulnerabilityCybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platfor… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/critical-rce-vulnerability-discovered.html
-
Threat Actor Claiming of Sandbox Escape RCE in 0-day Google Chrome
Threat Actor has claimed to have discovered a critical zero-day vulnerability in Google Chrome. This exploit, which reportedly enables a sandbox escap… First seen on gbhackers.com Jump to article: gbhackers.com/claiming-sandboxrce-0-day/
-
Patched: RCE Flaw That Affects Critical Manufacturing
Hackers Have Not Yet Exploited the CVSS 10-Rated Flaw, Says PTC. Software maker for critical manufacturing organizations PTC patched a critical flaw t… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/patched-rce-flaw-that-affects-critical-manufacturing-a-25699
-
New regreSSHion OpenSSH RCE bug gives root on Linux servers
First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-regresshion-openssh-rce-bug-gives-root-on-linux-servers/
-
Hackers Claiming of Sandbox Escape RCE in 0-DAY Google Chrome
Tags: browser, chrome, exploit, google, group, hacker, rce, remote-code-execution, vulnerability, zero-dayA group of hackers has claimed to have discovered a critical zero-day vulnerability in Google Chrome. This exploit, which reportedly enables a sandbox… First seen on gbhackers.com Jump to article: gbhackers.com/claiming-sandboxrce-0-day/
-
‘Perfect 10’ Apple Supply Chain Bug, Millions of Apps at Risk of CocoaPods RCE
First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/07/cocoapods-apple-vulns-richixbw/
-
regreSSHion OpenSSH RCE Vulnerability Impacts 700K Linux Systems
The Qualys Threat Research Unit has identified a newly discovered vulnerability in OpenSSH, dubbed >>regreSSHion