flaw

  • Blog
    digitpatrox1 day ago
    13

    Oracle warns of Agile PLM file disclosure flaw exploited in attacks

    Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. Oracle Agile PLM is a software platform that enables businesses to manage product data, processes, and collaboration across global teams. Yesterday, Oracle urged Agile PLM customers to install the latest version to fix the…

    Read More »
  • Blog
    digitpatrox1 day ago
    13

    CISA tags Progress Kemp LoadMaster flaw as exploited in attacks

    The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. The flaw, discovered by Rhino Security Labs and tracked as CVE-2024-1212, was addressed via an update released on February 21, 2024. However, this is the first report of it being under…

    Read More »
  • Blog
    digitpatrox4 days ago
    16

    Security plugin flaw in millions of WordPress sites gives admin access

    A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin ‘Really Simple Security’ (formerly ‘Really Simple SSL’), including both free and Pro versions. Really Simple Security is a security plugin for the WordPress platform, offering SSL configuration, login protection, a two-factor authentication layer, and real-time vulnerability detection. Its free version alone is used in over four million websites. Wordfence,…

    Read More »
  • Blog
    digitpatrox1 week ago
    22

    Microsoft Exchange adds warning to emails abusing spoofing flaw

    Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. The security flaw (CVE-2024-49040) impacts Exchange Server 2016 and 2019, and was discovered by Solidlab security researcher Vsevolod Kokorin, who reported it to Microsoft earlier this year. “The problem is that SMTP servers parse…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    90

    D-Link won’t fix critical flaw affecting 60,000 older NAS devices

    More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. The flaw, tracked as CVE-2024-10914, has a critical 9.2 severity score and is present in the ‘cgi_user_add’ command where the name parameter is insufficiently sanitized. An unauthenticated attacker could exploit it to inject arbitrary shell commands by sending…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    24

    Warning issued after SharePoint flaw puts entire corporate networks at risk

    Security researchers have issued an alert over threat actors exploiting a recently disclosed vulnerability in Microsoft Sharepoint, warning the weakness could allow attackers to compromise the entire network. Researchers from Rapid7’s incident response team have published findings from an investigation where hackers compromised a Microsoft Exchange service account by exploiting a vulnerability in a public-facing application. The attacker was able…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    42

    Fortinet warns of new critical FortiManager flaw used in zero-day attacks

    Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. The company privately warned FortiManager customers about the flaw starting October 13th in advanced notification emails seen by BleepingComputer that contained steps to mitigate the flaw until a security update was…

    Read More »
  • Blog
    digitpatroxOctober 22, 2024
    29

    VMware fixes bad patch for critical vCenter Server RCE flaw

    VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. The flaw is rated critical (CVSS v3.1 score: 9.8) and stems from a heap overflow weakness in vCenter’s DCE/RPC protocol implementation, impacting the vCenter Server and any products incorporating it, such…

    Read More »
  • Blog
    digitpatroxOctober 22, 2024
    37

    Hackers exploit Roundcube webmail flaw to steal email, credentials

    Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. An attack was discovered by Russian cybersecurity company Positive Technologies in September, but the researchers determined that the threat actor activity had started in June. Roundcube Webmail is an…

    Read More »
  • Blog
    digitpatroxOctober 14, 2024
    33

    Jetpack fixes critical information disclosure flaw existing since 2016

    WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. Jetpack is a popular WordPress plugin by Automattic that provides tools to enhance website functionality, security, and performance. According to the vendor, the plugin is installed on 27 million websites. The issue was…

    Read More »
Load More
Back to top button
close