critical
-
Blog
SAP fixes critical vulnerabilities in NetWeaver application servers
SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. As part of the January Security Patch Day, the vendor also released updates for other products to patch 12 additional issues rated with medium and high severity. “SAP strongly recommends that the customer visits the Support Portal and applies…
Read More » -
Blog
Critical macOS flaw puts your data and cameras at risk — update right now
MacOS has a critical component called the System Integrity Protection, or SIP, which is responsible for protecting the operating system against malware and other threats. It does this by restricting system-level operations – even for users with root privileges – basically preventing unauthorized software from altering specific folders and files in protected areas. Disabling the SIP normally requires a system…
Read More » -
Blog
A critical Ivanti flaw is being exploited in the wild – here’s what you need to know
Ivanti has published details of two buffer overflow CVEs affecting its Connect Secure, Policy Secure, and ZTA Gateways devices, claiming cyber criminals are already taking advantage of them. The first flaw, CVE-2025-0282, is described as a stack-based buffer overflow vulnerability that allows remote, unauthenticated attackers to execute code on the victim’s device. The flaw is yet to receive an NVD…
Read More » -
Blog
Unpatched critical flaws impact Fancy Product Designer WordPress plugin
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. With more than 20,000 sales, the plugin allows customization of product designs (e.g. clothing, mugs, phone cases) on WooCommerce sites by changing colors, transforming text, or modifying the size. While examining the plugin, Patchstack’s Rafie Muhammad discovered…
Read More » -
Blog
CISA warns of critical Oracle, Mitel flaws exploited in attacks
CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. The cybersecurity agency added a critical path traversal vulnerability (CVE-2024-41713) found in the NuPoint Unified Messaging (NPM) component Mitel’s MiCollab unified communications platform to its Known Exploited Vulnerabilities Catalog. This security bug allows…
Read More » -
Blog
US sanctions Chinese tech firm that targets critical infrastructure
The US has imposed sanctions on a Chinese company that it said has been involved in a series of cyber attacks on critical infrastructure organizations in the US and elsewhere. According to the State Department, cyber security firm Integrity Technology Group provides services to Chinese national and municipal state security and public security bureaus, as well as other government contractors.…
Read More » -
Blog
Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. The vulnerabilities were patched in new software versions released between December 23 and 25. However, the holiday period may lead to a slower patching rate and increased risk of exploitation. One of the bugs is tracked as CVE-2024-52046 and impacts MINA…
Read More » -
Blog
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept (PoC) exploit code. In an advisory released on Monday, the company says the flaw (tracked as CVE-2024-53961) is caused by a path traversal weakness that impacts Adobe ColdFusion versions 2023 and 2021 and can enable attackers to read arbitrary files on vulnerable servers. “Adobe is aware that CVE-2024-53961…
Read More » -
Blog
Premium WPLMS WordPress plugins address seven critical flaws
Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical severity vulnerabilities. The bugs could enable a remote, unauthenticated attacker to upload arbitrary files to the server, execute code, escalate privileges to administrator level, and perform SQL injections. The WPLMS theme is a learning management system (LMS) for WordPress, used…
Read More » -
Blog
Sophos discloses critical Firewall remote code execution flaw
Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. The vulnerabilities affect Sophos Firewall version 21.0 GA (21.0.0) and older, with the company already releasing hotfixes that are installed by default and permanent fixes through new firmware updates. The…
Read More »