SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

SolarWinds has fixed a high-severity vulnerability (CVE-2024-28995) affecting its Serv-U managed file transfer (MFT) server solution, which could be exploited by unauthenticated attackers to access sensitive files on the host machine. About CVE-2024-28… Continue reading SolarWinds fixes severe Serv-U vulnerability (CVE-2024-28995)

Zyxel patches critical flaws in EOL NAS devices

Zyxel has released patches for three critical vulnerabilities (CVE-2024-29972, CVE-2024-29973, and CVE-2024-29974) affecting two network-attached storage (NAS) devices that have recently reached end-of-vulnerability-support. About the vulnerabilities T… Continue reading Zyxel patches critical flaws in EOL NAS devices

PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

Security researchers have published a proof-of-concept (PoC) exploit that chains together two vulnerabilities (CVE-2024-4358, CVE-2024-1800) to achieve unauthenticated remote code execution on Progress Telerik Report Servers. Telerik Report Server is a… Continue reading PoC for Progress Telerik RCE chain released (CVE-2024-4358, CVE-2024-1800)

High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

If you’re self-hosting an Atlassian Confluence Server or Data Center installation, you should upgrade to the latest available version to fix a high-severity RCE flaw (CVE-2024-21683) for which a PoC and technical details are already public. About… Continue reading High-risk Atlassian Confluence RCE fixed, PoC available (CVE-2024-21683)

Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

Attackers have been exploiting CVE-2024-24919, a zero-day vulnerability in Check Point Security Gateways, to pinpoint and extract password hashes for local accounts, which they then used to move laterally in the target organizations’ network. &#8… Continue reading Check Point VPN zero-day exploited since beginning of April (CVE-2024-24919)

NIST says NVD will be back on track by September 2024

The National Institute of Standards and Technology (NIST) has awarded a contract for an unnamed company/organization to help them process incoming Common Vulnerabilities and Exposures (CVEs) for inclusion in the National Vulnerability Database (NVD), t… Continue reading NIST says NVD will be back on track by September 2024

PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

Horizon3.ai researches have released proof-of-concept (PoC) exploits for CVE-2024-23108 and CVE-2023-34992, vulnerabilities that allow remote, unauthenticated command execution as root on certain Fortinet FortiSIEM appliances. CVE confusion FortiSIEM h… Continue reading PoC exploits for critical FortiSIEM command execution flaws released (CVE-2024-23108, CVE-2023-34992)

Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

For the eighth time this year, Google has released an emergency update for its Chrome browser that fixes a zero-day vulnerability (CVE-2024-5274) with an in-the-wild exploit. About CVE-2024-5274 As per usual, Google keeps technical details of the vulne… Continue reading Google fixes yet another Chrome zero-day exploited in the wild (CVE-2024-5274)

Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)

Google has fixed a Chrome zero-day vulnerability (CVE-2024-4671), an exploit for which exists in the wild. About CVE-2024-4671 CVE-2024-4671 is a use after free vulnerability in the Visuals component that can be exploited by remote attackers to trigger… Continue reading Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671)