flaws

  • Blog
    digitpatrox2 weeks ago
    69

    Unpatched critical flaws impact Fancy Product Designer WordPress plugin

    Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. With more than 20,000 sales, the plugin allows customization of product designs (e.g. clothing, mugs, phone cases) on WooCommerce sites by changing colors, transforming text, or modifying the size. While examining the plugin, Patchstack’s Rafie Muhammad discovered…

    Read More »
  • Blog
    digitpatrox2 weeks ago
    35

    CISA warns of critical Oracle, Mitel flaws exploited in attacks

    CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. The cybersecurity agency added a critical path traversal vulnerability (CVE-2024-41713) found in the NuPoint Unified Messaging (NPM) component Mitel’s MiCollab unified communications platform to its Known Exploited Vulnerabilities Catalog. This security bug allows…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    39

    Apache warns of critical flaws in MINA, HugeGraph, Traffic Control

    The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. The vulnerabilities were patched in new software versions released between December 23 and 25. However, the holiday period may lead to a slower patching rate and increased risk of exploitation. One of the bugs is tracked as CVE-2024-52046 and impacts MINA…

    Read More »
  • Blog
    digitpatrox4 weeks ago
    32

    Premium WPLMS WordPress plugins address seven critical flaws

    Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical severity vulnerabilities. The bugs could enable a remote, unauthenticated attacker to upload arbitrary files to the server, execute code, escalate privileges to administrator level, and perform SQL injections. The WPLMS theme is a learning management system (LMS) for WordPress, used…

    Read More »
  • Blog
    digitpatroxDecember 17, 2024
    53

    Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

    Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. These results come from an analysis conducted by cybersecurity firm Bishop Fox, which was motivated by a series of important vulnerabilities disclosed this year impacting SonicWall devices. Vulnerabilities affecting SonicWall SSL VPN devices were recently…

    Read More »
  • Blog
    digitpatroxDecember 4, 2024
    52

    Japan warns of IO-Data zero-day router flaws exploited in attacks

    Japan’s CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. The vendor has acknowledged the flaws in a security bulletin published on its website. However, the fixes are expected to land on December 18, 2024, so users will be exposed to risks until…

    Read More »
  • Blog
    digitpatroxNovember 26, 2024
    65

    QNAP addresses critical flaws across NAS, router software

    QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible. Starting with QNAP Notes Station 3, a note-taking and collaboration application used in the firm’s NAS systems, the following two vulnerabilities impact it: CVE-2024-38643 – Missing authentication for critical functions could allow remote attackers to…

    Read More »
  • Blog
    digitpatroxNovember 9, 2024
    155

    HPE warns of critical RCE flaws in Aruba Networking access points

    Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. The two security issues could allow a remote attacker to perform unauthenticated command injection by sending specially crafted packets to Aruba’s Access Point management protocol (PAPI) over UDP port 8211. The critical flaws are tracked as CVE-2024-42509 and CVE-2024-47460, and have…

    Read More »
  • Blog
    digitpatroxNovember 6, 2024
    82

    Germany drafts law to protect researchers who find security flaws

    The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors. When security research is conducted within the specified boundaries, those responsible will be excluded from criminal liability and the risk of prosecution. “Those who want to close IT security gaps deserve recognition—not a…

    Read More »
  • Blog
    digitpatroxOctober 31, 2024
    72

    Apple Found One of Chrome’s ‘Critical’ Security Flaws

    On Tuesday, Google released a new update for Chrome, upgrading it to version 130.0.6723.91/.92 for Windows and Mac, and 130.0.6723.91 for Linux. When you install the update and refresh your browser, you won’t be greeted with a new UI or a handful of new features or changes. Instead, you’ll be running a browser that patches two security vulnerabilities found in older…

    Read More »
Load More
Back to top button
close