Collaborate Disseminate
I was reading about 0.0.0.0 local server API access from Browser vulnerability – see 0.0.0.0 Day: Exploiting Localhost APIs From the Browser. Its relatively new and I haven’t updated my browser either. When I try to access http://0.0.0.0:&… Continue reading Reproducing 0.0.0.0 Day
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw (CVE-2024-28987) in the company’s IT help desk solution has been pushed out… Continue reading Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents. The issue, reported via the GitHub Bug Bounty progr… Continue reading Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
A new Chrome zero-day vulnerability (CVE-2024-7971) exploited by attackers in the wild has been fixed by Google. About CVE-2024-7971 CVE-2024-7971 is a high-severity vulnerability caused by a type confusion weakness in V8, the open-source JavaScript an… Continue reading New Chrome zero-day actively exploited, patch quickly! (CVE-2024-7971)
SolarWinds has fixed a critical vulnerability (CVE-2024-28986) in its Web Help Desk (WHD) solution that may allow attackers to run commands on the host machine. “While it was reported as an unauthenticated vulnerability, SolarWinds has been unabl… Continue reading Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986)
Patch Tuesday brought updates for 90 security vulnerabilities, including patching severe remote code execution vulnerabilities and closing some doors in Chromium. Continue reading Microsoft Patched 6 Actively Exploited Zero-Day Flaws
August 2024 Patch Tuesday is here, and Microsoft has delivered fixes for 90 vulnerabilities, six of which have been exploited in the wild as zero-days, and four are publicly known. The zero-days under attack CVE-2024-38178 is a Scripting Engine Memory … Continue reading Microsoft fixes 6 zero-days under active attack
Two vulnerabilities (CVE-2024-42219, CVE-2024-42218) affecting the macOS version of the popular 1Password password manager could allow malware to steal secrets stored in the software’s vaults and obtain the account unlock key, AgileBits has confi… Continue reading Critical 1Password flaws may allow hackers to snatch your passwords (CVE-2024-42219, CVE-2024-42218)
Two cross-site scripting vulnerabilities (CVE-2024-42009, CVE-2024-42008) affecting Roundcube could be exploited by attackers to steal users’ emails and contacts, email password, and send emails from their account. About the vulnerabilities Round… Continue reading Roundcube flaws allow easy email account compromise (CVE-2024-42009, CVE-2024-42008)
CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is a… Continue reading Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)