Dec. 3, 2024 |
CVE-2024-48651: ProFTPD Vulnerability Grants Root Access to Attackers |
https://securityonline.info/cve-2024-48651-proftpd-vulnerability-grants-root-access-to-attackers/
|
Dec. 3, 2024 |
Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group |
https://securityonline.info/zero-day-exploit-code-released-for-windows-task-scheduler-flaw-cve-2024-49039-actively-exploited-by-romcom-group/
|
Dec. 3, 2024 |
Critical Vulnerabilities in mySCADA myPRO Software Pose Significant Risk to Industrial Control Systems |
https://securityonline.info/critical-vulnerabilities-in-myscada-mypro-software-pose-significant-risk-to-industrial-control-systems/
|
Nov. 30, 2024 |
CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution |
https://securityonline.info/cve-2024-52338-critical-security-flaw-in-apache-arrow-r-package-allows-arbitrary-code-execution/
|
Nov. 29, 2024 |
CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited |
https://securityonline.info/cve-2024-11667-critical-vulnerability-in-zyxel-firewalls-actively-exploited/
|
Nov. 29, 2024 |
Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published |
https://securityonline.info/integer-overflow-vulnerability-in-windows-driver-enables-privilege-escalation-poc-published/
|
Nov. 29, 2024 |
Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC |
https://securityonline.info/zero-day-in-active-directory-certificate-services-researcher-exposes-cve-2024-49019-with-poc/
|
Nov. 29, 2024 |
CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution |
https://securityonline.info/cve-2024-52338-critical-security-flaw-in-apache-arrow-r-package-allows-arbitrary-code-execution/
|
Nov. 21, 2024 |
CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published |
https://securityonline.info/cve-2024-52940-anydesk-vulnerability-exposes-user-ip-addresses-poc-published/
|
Nov. 21, 2024 |
CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution |
https://securityonline.info/cve-2024-10220-kubernetes-vulnerability-allows-arbitrary-command-execution/
|
Nov. 21, 2024 |
Critical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent Warning |
https://securityonline.info/critical-vmware-vcenter-server-flaws-under-active-attack-cisa-issues-urgent-warning/
|
Nov. 4, 2024 |
Okta Patches Vulnerability (CVE-2024-9191) in Verify Desktop MFA for Windows |
https://securityonline.info/okta-patches-vulnerability-cve-2024-9191-in-verify-desktop-mfa-for-windows/
|
Nov. 4, 2024 |
CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras |
https://securityonline.info/cve-2024-8956-cve-2024-8957-two-actively-exploited-vulnerabilities-in-ptz-cameras/
|
Nov. 4, 2024 |
CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published |
https://securityonline.info/cve-2024-46538-unpatched-xss-flaw-in-pfsense-allows-remote-exploits-poc-published/
|
Sept. 10, 2024 |
Siemens Issues Critical Security Advisory for User Management Component (UMC) – CVE-2024-33698 |
https://securityonline.info/siemens-issues-critical-security-advisory-for-user-management-component-umc-cve-2024-33698/
|
Sept. 10, 2024 |
CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products |
https://securityonline.info/cve-2024-6342-critical-command-injection-flaw-in-zyxel-nas-devices-hotfixes-released-for-end-of-support-products/
|
Sept. 10, 2024 |
Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0) |
https://securityonline.info/ivanti-issues-patch-for-critical-vulnerabilities-in-endpoint-manager-including-cve-2024-29847-cvss-10-0/
|
Sept. 9, 2024 |
Critical Kibana Flaws (CVE-2024-37288, CVE-2024-37285) Expose Systems to Arbitrary Code Execution |
https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
|
Sept. 9, 2024 |
MindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections |
https://securityonline.info/mindsdb-fixes-critical-cve-2024-24759-dns-rebinding-attack-bypasses-security-protections/
|
Sept. 9, 2024 |
PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230 |
https://securityonline.info/poc-exploit-releases-for-windows-elevation-of-privilege-vulnerability-cve-2024-26230/
|
Sept. 9, 2024 |
HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required |
https://securityonline.info/haproxy-vulnerability-cve-2024-45506-under-active-exploit-urgent-patching-required/
|
Sept. 9, 2024 |
YubiKey Side-Channel Attack |
https://www.schneier.com/blog/archives/2024/09/yubikey-side-channel-attack.html
|
Aug. 23, 2024 |
Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk |
https://securityonline.info/exploit-for-cve-2024-38054-released-elevation-of-privilege-flaw-in-windows-kernel-streaming-wow-thunk/
|
Aug. 23, 2024 |
Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities |
https://securityonline.info/urgent-edge-security-update-microsoft-patches-zero-day-rce-vulnerabilities/
|
Aug. 14, 2024 |
CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems |
https://securityonline.info/cve-2024-38063-cvss-9-8-0-click-rce-affects-all-windows-systems/
|
Aug. 14, 2024 |
CVE-2024-28986 (CVSS 9.8): SolarWinds Web Help Desk Users Must Patch Now! |
https://securityonline.info/cve-2024-28986-cvss-9-8-solarwinds-web-help-desk-users-must-patch-now/
|
Aug. 14, 2024 |
ArtiPACKED: A New GitHub Actions Vulnerability Exposes Critical Credentials |
https://securityonline.info/artipacked-a-new-github-actions-vulnerability-exposes-critical-credentials/
|
Aug. 8, 2024 |
Critical Progress WhatsUp RCE flaw now under active exploitation |
https://www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/
|
Aug. 7, 2024 |
CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks |
https://securityonline.info/cve-2024-43044-critical-jenkins-vulnerability-exposes-servers-to-rce-attacks/
|
Aug. 3, 2024 |
From Limited file read to full access on Jenkins (CVE-2024-23897) |
https://www.reddit.com/r/netsec/comments/1ehd85y/from_limited_file_read_to_full_access_on_jenkins/
|
Aug. 3, 2024 |
Windows AppLocker Driver LPE Vulnerability - CVE-2024-21338 |
https://www.reddit.com/r/netsec/comments/1ehjatd/windows_applocker_driver_lpe_vulnerability/
|
July 26, 2024 |
Critical ServiceNow RCE flaws actively exploited to steal credentials |
https://www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
|
July 20, 2024 |
CVE-2024-22442 (CVSS 9.8): HPE Patches Critical 3PAR Service Processor Flaw |
https://securityonline.info/cve-2024-22442-cvss-9-8-hpe-patches-critical-3par-service-processor-flaw/
|
July 20, 2024 |
Oracle WebLogic Users Urged to Patch Critical Vulnerability (CVE-2024-21181, CVSS 9.8) |
https://securityonline.info/oracle-weblogic-users-urged-to-patch-critical-vulnerability-cve-2024-21181-cvss-9-8/
|
July 20, 2024 |
Broadcom Urges Immediate Patching for Critical Symantec PAM Vulnerabilities |
https://securityonline.info/broadcom-urges-immediate-patching-for-critical-symantec-pam-vulnerabilities/
|
July 20, 2024 |
Cisco Warns of Unpatched Vulnerability (CVE-2024-20416) in RV340 and RV345 Routers |
https://securityonline.info/cisco-warns-of-unpatched-vulnerability-cve-2024-20416-in-rv340-and-rv345-routers/
|
July 17, 2024 |
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks |
https://www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/
|
July 9, 2024 |
Hackers are Actively Exploiting CVE-2024-5441 Flaw, 150,000 Sites at Risk |
https://securityonline.info/hackers-are-actively-exploiting-cve-2024-5441-flaw-150000-sites-at-risk/
|
July 9, 2024 |
Turla APT Group Unleashes Sophisticated Fileless Backdoor via Compromised Site |
https://securityonline.info/turla-apt-group-unleashes-sophisticated-fileless-backdoor-via-compromised-site/
|
July 9, 2024 |
Critical Security Advisory for Apache CloudStack: CVE-2024-38346 and CVE-2024-39864 |
https://securityonline.info/critical-security-advisory-for-apache-cloudstack-cve-2024-38346-and-cve-2024-39864/
|
July 9, 2024 |
CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows |
https://securityonline.info/cve-2024-36138-high-severity-vulnerability-in-node-js-allows-code-execution-on-windows/
|
July 9, 2024 |
VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover |
https://securityonline.info/vmware-vcenter-server-rce-cve-2024-22274-poc-exposes-systems-to-remote-takeover/
|
July 9, 2024 |
BlastRADIUS Vulnerability (CVE-2024-3596): Flaw in RADIUS Protocol Exposes Networks to Attack |
https://securityonline.info/blastradius-vulnerability-cve-2024-3596-flaw-in-radius-protocol-exposes-networks-to-attack/
|
July 9, 2024 |
CVE-2024-6409: New Remote Code Execution Vulnerability in OpenSSH |
https://securityonline.info/cve-2024-6409-new-remote-code-execution-vulnerability-in-openssh/
|
July 8, 2024 |
Cisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products |
https://securityonline.info/cisco-confirms-critical-openssh-regresshion-cve-2024-6387-flaw-in-multiple-products/
|
July 8, 2024 |
CVE-2024-39349 (CVSS 9.8): Critical Vulnerability in Synology Surveillance Cameras |
https://securityonline.info/cve-2024-39349-cvss-9-8-critical-vulnerability-in-synology-surveillance-cameras/
|
July 3, 2024 |
New Open SSH Vulnerability |
https://www.schneier.com/blog/archives/2024/07/new-open-ssh-vulnerability.html
|
June 30, 2024 |
CVE-2024-36072 (CVSS 10): Unauthenticated RCE Flaw in CoSoSys Endpoint Protector |
https://securityonline.info/cve-2024-36072-unauthenticated-rce-flaw-in-cososys-endpoint-protector/
|
June 30, 2024 |
PoC Released for Unauthenticated RCE Vulnerability in TP-Link VIGI NVR4032H Network Video Recorder |
https://securityonline.info/poc-released-for-unauthenticated-rce-vulnerability-in-tp-link-vigi-nvr4032h-network-video-recorder/
|
June 30, 2024 |
CVE-2024-2973 (CVSS 10): Juniper Session Smart Router Authentication Bypass Vulnerability |
https://securityonline.info/cve-2024-2973-cvss-10-juniper-session-smart-router-authentication-bypass-vulnerability/
|
June 30, 2024 |
Microsoft Issues CVE Numbers for Cloud Service Vulnerabilities |
https://securityonline.info/microsoft-issues-cve-numbers-for-cloud-service-vulnerabilities/
|
June 23, 2024 |
CosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening Millions of Online Stores |
https://securityonline.info/cosmicsting-cve-2024-34102-a-critical-e-commerce-vulnerability-threatening-millions-of-online-stores/
|
June 23, 2024 |
Ghostscript Patches Multiple Vulnerabilities, Potential for Arbitrary Code Execution |
https://securityonline.info/ghostscript-patches-multiple-vulnerabilities-potential-for-arbitrary-code-execution/
|
June 23, 2024 |
ESET Issues Security Patch for Privilege Escalation Flaw in Windows Products |
https://securityonline.info/eset-issues-security-patch-for-privilege-escalation-flaw-in-windows-products/
|
June 21, 2024 |
Phoenix UEFI vulnerability impacts hundreds of Intel PC models |
https://www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
|
June 21, 2024 |
SolarWinds Serv-U path traversal flaw actively exploited in attacks |
https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/
|
June 21, 2024 |
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites |
https://www.bleepingcomputer.com/news/security/cosmicsting-flaw-impacts-75-percent-of-adobe-commerce-magento-sites/
|
June 20, 2024 |
VMware fixes critical vCenter RCE vulnerability, patch now |
https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vcenter-rce-vulnerability-patch-now/
|
June 13, 2024 |
CVE-2024-37051: Critical JetBrains Flaw Exposes GitHub Tokens in IntelliJ IDEs, PoC Published |
https://securityonline.info/cve-2024-37051-exploit-poc-jetbrains-github-tokens/
|
June 13, 2024 |
Urgent Security Alert: SuiteCRM Users Urged to Patch Multiple Critical Vulnerabilities |
https://securityonline.info/urgent-security-alert-suitecrm-users-urged-to-patch-multiple-critical-vulnerabilities/
|
June 13, 2024 |
VLC Media Player Patches Two Vulnerabilities: Users Urged to Update Immediately |
https://securityonline.info/vlc-media-player-patches-two-vulnerabilities-users-urged-to-update-immediately/
|
June 13, 2024 |
CVE-2024-27801: Critical Vulnerability Discovered in Apple Ecosystem, PoC Published |
https://securityonline.info/cve-2024-27801-critical-vulnerability-discovered-in-apple-ecosystem-poc-published/
|
June 13, 2024 |
CVE-2024-26169: Windows Zero-Day Vulnerability Abused by Black Basta Ransomware |
https://securityonline.info/cve-2024-26169-windows-zero-day-vulnerability-abused-by-black-basta-ransomware/
|
June 13, 2024 |
Adobe Patches Critical Flaws in Multiple Products, Urging Users to Update |
https://securityonline.info/adobe-patches-critical-flaws-in-multiple-products-urging-users-to-update/
|
June 13, 2024 |
CVE-2024-32896: Google Patches Actively Exploited Zero-Day Vulnerability in Pixel Devices |
https://securityonline.info/cve-2024-32896-google-patches-actively-exploited-zero-day-vulnerability-in-pixel-devices/
|
June 13, 2024 |
CVE-2024-35213: Critical Vulnerability Discovered in BlackBerry QNX SDP |
https://securityonline.info/cve-2024-35213-critical-vulnerability-discovered-in-blackberry-qnx-sdp/
|
June 11, 2024 |
Veeam Patches Critical Security Flaw in Recovery Orchestrator (CVE-2024-29855) |
https://securityonline.info/veeam-patches-critical-security-flaw-in-recovery-orchestrator-cve-2024-29855/
|
June 3, 2024 |
13,800+ Check Point Gateways Exposed: 0-Day CVE-2024-24919 Flaw Under Attack |
https://securityonline.info/13800-check-point-gateways-exposed-0-day-cve-2024-24919-flaw-under-attack/
|
June 3, 2024 |
CVE-2024-3820 (CVSS 10) in wpDataTables Puts 70,000 WordPress Sites at Risk |
https://securityonline.info/cve-2024-3820-cvss-10-in-wpdatatables-puts-70000-wordpress-sites-at-risk/
|
June 3, 2024 |
Patch Now to Avoid Apache OFBiz Remote Code Execution – CVE-2024-36104 |
https://securityonline.info/patch-now-to-avoid-apache-ofbiz-remote-code-execution-cve-2024-36104/
|
May 15, 2024 |
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers |
https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
|
May 13, 2024 |
[KIS-2024-04] Cacti <= 1.2.26 Remote Code Execution Vulnerability |
https://www.reddit.com/r/netsec/comments/1cqurbm/kis202404_cacti_1226_remote_code_execution/
|
May 9, 2024 |
New BIG-IP Next Central Manager bugs allow device takeover |
https://www.bleepingcomputer.com/news/security/new-big-ip-next-central-manager-bugs-allow-device-takeover/
|
May 2, 2024 |
CVE-2024-32971: Critical Vulnerability in Apollo Router Compromises Data Integrity |
https://securityonline.info/cve-2024-32971-critical-vulnerability-in-apollo-router-compromises-data-integrity/
|
May 2, 2024 |
CVE-2024-32114: High-Severity Vulnerability Exposed in Apache ActiveMQ |
https://securityonline.info/cve-2024-32114-high-severity-vulnerability-exposed-in-apache-activemq/
|
May 2, 2024 |
Cisco IP Phones Exposed: Vulnerabilities Allow Hackers to Disrupt, Spy, and Even Make Calls |
https://securityonline.info/cisco-ip-phones-exposed-vulnerabilities-allow-hackers-to-disrupt-spy-and-even-make-calls/
|
May 2, 2024 |
HPE Aruba Networking Patches Critical Vulnerabilities in Mobility Controllers and Gateways |
https://securityonline.info/hpe-aruba-networking-patches-critical-vulnerabilities-in-mobility-controllers-and-gateways/
|
May 2, 2024 |
CVE-2024-32962 (CVSS 10): Critical Vulnerability in XML-Crypto Affects Millions |
https://securityonline.info/cve-2024-32962-cvss-10-critical-vulnerability-in-xml-crypto-affects-millions/
|
April 30, 2024 |
New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files |
https://securityonline.info/new-r-vulnerability-cve-2024-27322-code-execution-risk-in-data-files/
|
April 30, 2024 |
Ant Media Server Flaw Grants Local Users Root Access (CVE-2024-32656) |
https://securityonline.info/ant-media-server-flaw-grants-local-users-root-access-cve-2024-32656/
|
April 29, 2024 |
CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS |
https://securityonline.info/cve-2024-32766-cvss-10-qnap-vulnerability-hackers-can-hijack-your-nas/
|
April 29, 2024 |
Telegram Patches Flaw in Web Version, Vulnerability Exposed User Accounts to Hackers |
https://securityonline.info/telegram-patches-flaw-in-web-version-vulnerability-exposed-user-accounts-to-hackers/
|
April 29, 2024 |
Researchers Uncover ‘Pathfinder’ Exploit, Putting CPUs at Risk of High-Precision Attacks |
https://securityonline.info/researchers-uncover-pathfinder-exploit-putting-cpus-at-risk-of-high-precision-attacks/
|
April 28, 2024 |
Windows Kernel EoP Vulnerability (CVE-2024-21345) Gets PoC Exploit Code |
https://securityonline.info/windows-kernel-eop-vulnerability-cve-2024-21345-gets-poc-exploit-code/
|
April 28, 2024 |
Mitel Issues Critical Fixes for XSS Vulnerabilities in MiContact Center Business |
https://securityonline.info/mitel-issues-critical-fixes-for-xss-vulnerabilities-in-micontact-center-business/
|
April 26, 2024 |
Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers |
https://securityonline.info/skylab-igx-iiot-gateway-vulnerability-cve-2024-4163-root-access-for-attackers/
|
April 26, 2024 |
PoC Exploit Releases for Critical Progress Flowmon Bug – CVE-2024-2389 (CVSS 10) |
https://securityonline.info/poc-exploit-releases-for-critical-progress-flowmon-bug-cve-2024-2389-cvss-10/
|
April 26, 2024 |
Security Update for Webmin: Addressing Privilege Escalation Vulnerability |
https://securityonline.info/critical-security-update-for-webmin-addressing-privilege-escalation-vulnerability/
|
April 25, 2024 |
Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer) |
https://www.reddit.com/r/netsec/comments/1cctaah/multiple_vulnerabilities_in_open_devin_autonomous/
|
April 25, 2024 |
18 vulnerabilities in Brocade SANnav |
https://www.reddit.com/r/netsec/comments/1cbztz4/18_vulnerabilities_in_brocade_sannav/
|
April 25, 2024 |
Cisco ASA exploit in the wild. |
https://www.reddit.com/r/netsec/comments/1cc62sy/cisco_asa_exploit_in_the_wild/
|
April 24, 2024 |
Grafana backend sql injection affected all version |
https://www.reddit.com/r/netsec/comments/1cbrrg8/grafana_backend_sql_injection_affected_all_version/
|
April 24, 2024 |
CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon |
https://www.reddit.com/r/netsec/comments/1cb7vz5/cve20242389_command_injection_vulnerability_in/
|
April 23, 2024 |
Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published |
https://securityonline.info/oracle-virtualbox-elevation-of-privilege-vulnerability-cve-2024-21111-poc-published/
|
April 23, 2024 |
Linux Systems Targeted: Open-Source Pupy RAT Exploited in Attacks Across Asia |
https://securityonline.info/linux-systems-targeted-open-source-pupy-rat-exploited-in-attacks-across-asia/
|
April 23, 2024 |
CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal |
https://securityonline.info/cve-2024-2796-critical-vulnerability-discovered-in-popular-api-developer-portal/
|
April 23, 2024 |
Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902) |
https://securityonline.info/citrix-uberagent-update-for-privilege-escalation-vulnerability-cve-2024-3902/
|
April 23, 2024 |
Multiple Vulnerabilities Patched in Apache HugeGraph – Update Immediately |
https://securityonline.info/multiple-vulnerabilities-patched-in-apache-hugegraph-update-immediately/
|
April 22, 2024 |
CrushFTP warns users to patch exploited zero-day “immediately” |
https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
|
April 22, 2024 |
Critical Forminator plugin flaw impacts over 300k WordPress sites |
https://www.bleepingcomputer.com/news/security/critical-forminator-plugin-flaw-impacts-over-300k-wordpress-sites/
|
April 18, 2024 |
An Obscure Actions Workflow Vulnerability in Google’s Flank |
https://www.reddit.com/r/netsec/comments/1c6i2pj/an_obscure_actions_workflow_vulnerability_in/
|
April 18, 2024 |
Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers - Shielder |
https://www.reddit.com/r/netsec/comments/1c6z1bn/element_android_cve202426131_cve202426132_never/
|
April 17, 2024 |
PoC Exploit Released for 0-day Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338) |
https://securityonline.info/poc-exploit-released-for-0-day-windows-kernel-elevation-of-privilege-vulnerability-cve-2024-21338/
|
April 17, 2024 |
CVE-2024-32019 in Popular Monitoring Tool Netdata Could Allow Hackers Root Access |
https://securityonline.info/cve-2024-32019-in-popular-monitoring-tool-netdata-could-allow-hackers-root-access/
|
April 17, 2024 |
Ivanti warns of critical flaws in its Avalanche MDM solution |
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/
|
April 17, 2024 |
Cisco discloses root escalation flaw with public exploit code |
https://www.bleepingcomputer.com/news/security/cisco-discloses-root-escalation-flaw-with-public-exploit-code/
|
April 16, 2024 |
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now |
https://www.bleepingcomputer.com/news/security/exploit-released-for-palo-alto-pan-os-bug-used-in-attacks-patch-now/
|
April 16, 2024 |
Ivanti warns of critical flaws in its Avalanche MDM solution |
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/
|
April 16, 2024 |
PuTTY SSH client flaw allows recovery of cryptographic private keys |
https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
|
April 14, 2024 |
CVE-2024-22262: Spring Framework Hit by New Vulnerability, Urgent Update Needed |
https://securityonline.info/cve-2024-22262-spring-framework-hit-by-new-vulnerability-urgent-update-needed/
|
April 14, 2024 |
PoC Released for Zero-Click CVE-2023-35628 Vulnerability in Microsoft Windows |
https://securityonline.info/poc-released-for-zero-click-cve-2023-35628-vulnerability-in-microsoft-windows/
|
April 14, 2024 |
CVE-2024-22734 – Critical Flaw in Trux Software: Hackers Can Take Over Systems |
https://securityonline.info/cve-2024-22734-critical-flaw-in-trux-software-hackers-can-take-over-systems/
|
April 14, 2024 |
CVE-2024-20670 Report - "New Outlook" NTLM Leak and File Execution |
https://www.reddit.com/r/netsec/comments/1c28wyp/cve202420670_report_new_outlook_ntlm_leak_and/
|
April 14, 2024 |
Bitdefender Patches Critical Vulnerabilities in GravityZone and Endpoint Security |
https://securityonline.info/bitdefender-patches-critical-vulnerabilities-in-gravityzone-and-endpoint-security/
|
Feb. 29, 2024 |
Urgent Security Alert: Avada WordPress Theme Vulnerability (CVE-2024-1468) |
https://securityonline.info/urgent-security-alert-avada-wordpress-theme-vulnerability-cve-2024-1468/
|
Feb. 29, 2024 |
Zero-Day Alert (CVE-2024-21338): Lazarus Group Exploits Windows Kernel Vulnerability |
https://securityonline.info/zero-day-alert-cve-2024-21338-lazarus-group-exploits-windows-kernel-vulnerability/
|
Feb. 29, 2024 |
NVIDIA Tackles Severe GPU Display Driver Vulnerabilities – Urgent Update Required |
https://securityonline.info/nvidia-tackles-severe-gpu-display-driver-vulnerabilities-urgent-update-required/
|
Feb. 16, 2024 |
PoC Exploit Released for Microsoft Outlook RCE Flaw – CVE-2024-21413 |
https://securityonline.info/poc-exploit-released-for-microsoft-outlook-rce-flaw-cve-2024-21413/#google_vignette
|
Feb. 11, 2024 |
Exploiting the probmon.sys Minifilter driver in order to create a process killer. |
https://github.com/enkomio/s4killer
|
Feb. 11, 2024 |
Google Chrome Zero-Day PoC Code Released |
https://securityonline.info/google-chrome-zero-day-poc-code-released/#google_vignette
|
Feb. 6, 2024 |
Critical Alert: CVE-2024-23917 Exposes TeamCity to Unauthenticated Attacks |
https://securityonline.info/critical-alert-cve-2024-23917-exposes-teamcity-to-unauthenticated-attacks/#google_vignette
|
Feb. 5, 2024 |
Escaping the Sandbox: CVE-2024-21399 Microsoft Edge RCE Vulnerability |
https://securityonline.info/escaping-the-sandbox-cve-2024-21399-microsoft-edge-rce-vulnerability/
|
Feb. 5, 2024 |
CVE-2024-23208 Exposed: A PoC Tool Unveils iOS Kernel Flaw |
https://securityonline.info/cve-2024-23208-exposed-a-poc-tool-unveils-ios-kernel-flaw/
|
Jan. 24, 2024 |
CVE-2023-6546 (ZDI-24-020) - Linux Kernel GSM Multiplexing Race Condition LPE |
https://github.com/Nassim-Asrir/ZDI-24-020/
|
Dec. 29, 2023 |
POC for Apache ActiveMQ CVE-2023-46604 |
https://github.com/X1r0z/ActiveMQ-RCE
|
Dec. 28, 2023 |
Critical Apache OFBiz Zero-day -AuthBiz |
https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
|
Dec. 23, 2023 |
Full Chain Baseband Exploits, Part 1 |
https://labs.taszk.io/articles/post/full_chain_bb_part1/
|
Dec. 16, 2023 |
The new In-The-Wild Google Chrome Heap buffer overflow in WebP (CVE-2023-4863) is due to an out-of-bounds write vulnerability within the "BuildHuffmanTable" function |
https://chromium.googlesource.com/webm/libwebp.git/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76
|
Dec. 16, 2023 |
Microsoft Office SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability |
https://www.zerodayinitiative.com/advisories/ZDI-23-1785/
|
Dec. 16, 2023 |
Microsoft office buffer overflow |
https://www.redpacketsecurity.com/microsoft-office-buffer-overflow/
|
Dec. 12, 2023 |
Researcher to Release PoC for 0-day Windows CVE-2023-36036 Flaw |
https://securityonline.info/researcher-to-release-poc-0day-cve-2023-36036-vulnerability/#google_vignette
|
Dec. 9, 2023 |
CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS |
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
|
Nov. 21, 2023 |
Log4Shell - different avenues of exploitation |
https://olexvel.substack.com/p/log4shell-different-avenues-of-exploitation
|
Nov. 18, 2023 |
AI Exploits |
https://github.com/protectai/ai-exploits
|
Nov. 16, 2023 |
Padre - Blazing Fast, Advanced Padding Oracle Exploit |
https://www.kitploit.com/2023/11/padre-blazing-fast-advanced-padding.html
|
Nov. 15, 2023 |
Reptar: an Intel Ice Lake CPU vulnerability, by Tavis Ormandy |
https://lock.cmpxchg8b.com/reptar.html
|
Nov. 14, 2023 |
Ubuntu Privilege Escalation bash one-liner using CVE-2023-32629 & CVE-2023-2640 |
https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation
|
Nov. 14, 2023 |
Randstorm: You Can’t Patch a House of Cards (BitcoinJS) |
https://www.unciphered.com/blog/randstorm-you-cant-patch-a-house-of-cards
|
Nov. 11, 2023 |
SpoolSploit - A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. |
https://github.com/BeetleChunks/SpoolSploit
|
Nov. 11, 2023 |
unauth RCE exploit against Cisco IOS XE (CVE-2023-20198 and CVE-2023-20273) |
https://www.rapid7.com/blog/post/2023/11/10/metasploit-weekly-wrap-up-35/
|
Nov. 9, 2023 |
Hacking the Canon imageCLASS MF742Cdw/MF743Cdw (again) |
https://haxx.in/posts/hacking-canon-imageclass/
|
Oct. 26, 2023 |
CitrixBleed Exploit |
https://github.com/assetnote/exploits/blob/main/citrix/CVE-2023-4966/exploit.py
|
Oct. 5, 2023 |
Zero-days for hacking WhatsApp are now worth millions of dollars |
https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/?guccounter=1&guce_referrer=aHR0cHM6Ly90LmNvLw&guce_referrer_sig=AQAAAKdeU5wm3OO2aerJISEVsN0GtLjIZD2h
|
Oct. 3, 2023 |
ShellTorch: Multiple Critical Vulnerabilities in PyTorch Model Server (TorchServe) (CVSS 9.9, CVSS 9.8) Threatens Countless AI Users - Immediate Action Required |
https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654
|
Oct. 3, 2023 |
CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution |
https://pyn3rd.github.io/2023/09/15/CVE-2023-34040-Spring-Kafka-Deserialization-Remote-Code-Execution/
|
Sept. 20, 2023 |
Alert Regarding Vulnerability in Trend Micro Multiple Endpoint Security Products for Enterprises |
https://www.jpcert.or.jp/english/at/2023/at230021.html
|
Sept. 14, 2023 |
CVE-2023-38146: Arbitrary Code Execution via Windows Themes |
https://exploits.forsale/themebleed/
|
Sept. 12, 2023 |
Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) |
https://www.helpnetsecurity.com/2023/09/12/cve-2023-4863/
|
Sept. 11, 2023 |
PoC Exploit for CVE-2023-27524 in Apache Superset Leads to RCE Released |
https://securityonline.info/poc-exploit-for-cve-2023-27524-in-apache-superset-leads-to-rce-released/
|
Sept. 8, 2023 |
BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild |
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
|
Sept. 6, 2023 |
Code Vulnerabilities Leak Emails in Proton Mail |
https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/?utm_source=twitter&utm_medium=social&utm_campaign=protonmail&utm_content=security&utm_term=mofu
|
Sept. 3, 2023 |
Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331 |
https://www.cve.org/CVERecord?id=CVE-2023-4751
|
Sept. 3, 2023 |
CVE-2023-37895: Apache Jackrabbit RMI RCE |
https://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce/
|
Sept. 3, 2023 |
Vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system |
https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege/
|
Sept. 1, 2023 |
Multiple Security Vulnerabilities Found in NVIDIA DGX H100 System |
https://securityonline.info/multiple-security-vulnerabilities-found-in-nvidia-dgx-h100-system/#google_vignette
|
Sept. 1, 2023 |
Researcher releases PoC exploit for critical VMware Aria (CVE-2023-34039) bug |
https://securityonline.info/researcher-releases-poc-exploit-for-critical-vmware-aria-cve-2023-34039-bug/
|
Aug. 31, 2023 |
Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL |
https://advisory.splunk.com/advisories/SVD-2023-0805
|
Aug. 28, 2023 |
Exploit released for Juniper firewall bugs allowing RCE attacks |
https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844
|
Aug. 28, 2023 |
Multiple Vulnerabilities found in Techview LA-5570 Wireless Gateway Home Automation Controller |
https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725
|
Aug. 28, 2023 |
Busybox cpio directory traversal vulnerability (CVE-2023-39810) |
https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
|
Aug. 25, 2023 |
Full exploit chain for Faronics-DeepFreeze-8 |
https://github.com/snowcra5h/Faronics-DeepFreeze-8-Exploit
|
Aug. 21, 2023 |
CVE-2023-3269: Linux kernel privilege escalation vulnerability |
https://github.com/lrh2000/StackRot
|
Aug. 21, 2023 |
CVE-2023-36874: proof-of-concept exploit written in C++ that demonstrates the exploitation of a vulnerability affecting the Windows Error Reporting (WER) |
https://github.com/d0rb/CVE-2023-36874
|
Aug. 19, 2023 |
WinRAR flaw lets hackers run programs when you open RAR archives |
https://www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/
|
Aug. 19, 2023 |
CVE-2023-40477: WinRAR Code Execution Vulnerability |
https://securityonline.info/cve-2023-40477-winrar-code-execution-vulnerability/
|
Aug. 17, 2023 |
Creating an Exploit: SolarWinds Vulnerability CVE-2021-35211 |
https://bishopfox.com/blog/exploit-for-cve-2021-35211
|
Aug. 15, 2023 |
AMD issued the second patch to fix “Division by zero” vulnerability in AMD Zen 1 |
https://securityonline.info/amd-issued-the-second-patch-to-fix-division-by-zero-vulnerability-in-amd-zen-1/
|
Aug. 14, 2023 |
WPS Office Remote Code Execution Exploit On 2023-08-10 |
https://github.com/ba0gu0/wps-rce
|
Aug. 11, 2023 |
Google details 0-click bug in Pixel 6 modem: Advises users to disable 2G |
https://www.scmagazine.com/news/google-details-0-click-bug-in-pixel-6-modem-advises-users-to-disable-2g
|
Aug. 8, 2023 |
Downfall Attacks - Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers |
https://downfall.page/
|
Aug. 7, 2023 |
Western Digital MyCloud Unauthenticated Command Injection Exploit |
https://0day.today/exploit/description/38924
|
Aug. 7, 2023 |
Rudder Server SQL Injection / Remote Code Execution Exploit |
https://0day.today/exploit/description/38923
|
Aug. 7, 2023 |
General Device Manager 2.5.2.2 - Buffer Overflow (SEH) Exploit |
https://0day.today/exploit/description/38921
|
Aug. 7, 2023 |
Checkpoint Gaia Portal R81.10 Remote Command Execution Vulnerability |
https://0day.today/exploit/description/38928
|
Aug. 7, 2023 |
VMWare Aria Operations For Networks Remote Command Execution Exploit |
https://0day.today/exploit/description/38902
|
Aug. 7, 2023 |
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution |
https://0day.today/exploit/description/38891
|
Aug. 4, 2023 |
[remote] ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE) |
https://www.exploit-db.com/exploits/51642?utm_source=dlvr.it&utm_medium=twitter
|
Aug. 3, 2023 |
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability |
https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
|
Aug. 3, 2023 |
SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical exploitation |
https://github.com/BeetleChunks/SpoolSploit
|
Aug. 2, 2023 |
MikroTik remote jailbreak for v6.x.x |
https://github.com/MarginResearch/FOISted
|
Aug. 2, 2023 |
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You |
https://emily.id.au/tailscale
|
Aug. 2, 2023 |
CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You |
https://emily.id.au/tailscale
|
Aug. 2, 2023 |
CVE-2023-35086 POC - ASUS routers format string vulnerability |
https://github.com/tin-z/CVE-2023-35086-POC
|
July 31, 2023 |
CVE-2023-35086 POC - ASUS routers format string vulnerability |
https://github.com/tin-z/CVE-2023-35086-POC
|
July 28, 2023 |
Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) |
https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
|
July 27, 2023 |
CVE-2023-3390: Use After Free on Linux Netfilter nftables MFT_MSG_NEWRULE leads to Local Privilege Escalation |
https://github.com/google/security-research/pull/40
|
July 27, 2023 |
CVE-2023-33802 - SumatraPDF 3.4.6 -32-bit Denial Of Services (DoS) |
https://github.com/CDACesec/CVE-2023-33802
|
July 27, 2023 |
GameOverlay: Easy to exploit local privilege escalation vulnerabilities in Ubuntu Linux affecting 40% of Ubuntu users |
https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
|
July 27, 2023 |
V8 CreateLiteral type confusion when processing ..spread leads to RCE |
https://bugs.chromium.org/p/chromium/issues/detail?id=1260129
|
July 26, 2023 |
CVE-2023-38647: Critical Deserialization Vulnerability in Apache Helix Workflow and REST |
https://seclists.org/oss-sec/2023/q3/73
|
July 26, 2023 |
CVE-2023-38646: Remote Command Execution Vulnerability in Metabase |
https://www.metabase.com/blog/security-advisory
|
July 26, 2023 |
CVE-2023-37895: Apache Jackrabbit RMI access can lead to RCE |
https://lists.apache.org/thread/hy0h3hfqln934oy98frhgfjono6zgqps
|
July 26, 2023 |
Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability |
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1747
|
July 26, 2023 |
Remote Code Execution - Atlassian Products |
https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html
|
July 25, 2023 |
Integer arithmetic bug within the Windows Kernel Ancillary Function Driver (AFD.sys) |
https://versprite.com/vs-labs/afd-sys-primitives-in-the-pocket/
|
July 25, 2023 |
CVE-2023-26045: NodeBB Forum Software Remote Code Execution Flaw |
https://securityonline.info/cve-2023-26045-nodebb-forum-software-remote-code-execution-flaw/
|
July 24, 2023 |
Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution |
https://0day.today/exploit/description/38891
|
July 24, 2023 |
ServiceNow Insecure Access Control To Full Admin Takeover https://x64. sh/posts/ServiceNow-Insecure-access-control-to-admin/ |
https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/
|
July 24, 2023 |
ZenBleed - Use-after-free Bug in AMD Zen2 processors! |
https://lock.cmpxchg8b.com/zenbleed.html
|
July 24, 2023 |
Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit |
https://0day.today/exploit/description/38888
|
July 23, 2023 |
CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent |
https://github.com/snowcra5h/CVE-2023-38408
|
July 21, 2023 |
Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway |
https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/
|
July 21, 2023 |
Atlassian Confluence and Bamboo Remote Code Execution Vulnerabilities |
https://securityonline.info/atlassian-confluence-and-bamboo-remote-code-execution-vulnerabilities/
|
July 21, 2023 |
PoC released for critical CloudPanel CVE-2023-35885 vulnerability |
https://securityonline.info/poc-released-for-critical-cloudpanel-cve-2023-35885-vulnerability/
|
July 20, 2023 |
Google says Apple employee found a zero-day but did not report it |
https://techcrunch.com/2023/07/20/google-says-apple-employee-found-a-zero-day-but-did-not-report-it/
|
July 19, 2023 |
Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 |
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
|
July 19, 2023 |
CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent |
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
|
July 19, 2023 |
CVE-2023-3765: Critical flaw in open source machine learning development MLflow |
https://securityonline.info/cve-2023-3765-critical-flaw-in-open-source-machine-learning-development-mlflow/
|
July 19, 2023 |
CVE-2023-38357 - RWS WorldServer: Session Token Enumeration |
https://www.redteam-pentesting.de/de/advisories/rt-sa-2023-001/-session-token-enumeration-in-rws-worldserver
|
July 18, 2023 |
ProjeQtOr - Project Management System v10.4.1 - Multiple XSS Vulnerabilities |
https://0day.today/exploit/description/38869
|
July 18, 2023 |
Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass |
https://0day.today/exploit/description/38871
|
July 18, 2023 |
WinterCMS < 1.2.3 - Persistent Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38872
|
July 18, 2023 |
Pluck v4.7.18 - Remote Code Execution Exploit |
https://0day.today/exploit/description/38873
|
July 17, 2023 |
Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Exploit |
https://en.0day.today/exploit/description/38855
|
July 17, 2023 |
CISA - Known Exploited Vulnerabilities |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
|
July 17, 2023 |
PoC script for CVE-2023-20110 - Cisco Smart Software Manager On-Prem SQL Injection Vulnerability |
https://github.com/redfr0g/CVE-2023-20110
|
July 17, 2023 |
EchOh-No! - An exploit in @echodotac's #minecraft #anticheat driver - allowing simple arbitrary Kernel and Virtual memory Read and Write, demonstrated with a simple Privilege Escalation PoC. |
https://ioctl.fail/echo-ac-writeup/
|
July 17, 2023 |
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path (MTAgentService) Vulnerability |
https://en.0day.today/exploit/description/38859
|
July 17, 2023 |
MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path (MTSchedulerService) Vulnerability |
https://en.0day.today/exploit/description/38860
|
July 17, 2023 |
AVG Anti Spyware 7.5 - Unquoted Service Path (AVG Anti-Spyware Guard) Vulnerability |
https://en.0day.today/exploit/description/38862
|
July 17, 2023 |
Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit |
https://en.0day.today/exploit/description/38856
|
July 15, 2023 |
CVE-2023-37466: Critical Sandbox Escape Vulnerabilities in VM2 Library |
https://securityonline.info/cve-2023-37466-critical-sandbox-escape-vulnerabilities-in-vm2-library/
|
July 14, 2023 |
Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation |
https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html
|
July 14, 2023 |
Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation |
https://blog.talosintelligence.com/weaknesses-mac-os-vmware-msrpc/
|
July 12, 2023 |
Critical RCE found in popular Ghostscript open-source PDF library |
https://www.bleepingcomputer.com/news/security/critical-rce-found-in-popular-ghostscript-open-source-pdf-library/
|
July 12, 2023 |
Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803 |
https://research.aurainfosec.io/pentest/bee-yond-capacity/
|
July 11, 2023 |
Apple releases emergency update to fix zero-day exploited in attacks |
https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/
|
July 10, 2023 |
A More Complete Exploit for Fortinet CVE-2022-42475 |
https://bishopfox.com/blog/exploit-cve-2022-42475
|
July 7, 2023 |
Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software |
https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html?m=1
|
July 7, 2023 |
Critical TootRoot bug lets attackers hijack Mastodon servers |
https://www.bleepingcomputer.com/news/security/critical-tootroot-bug-lets-attackers-hijack-mastodon-servers/
|
July 7, 2023 |
CVE-2023-3269: Linux kernel privilege escalation vulnerability |
https://github.com/lrh2000/StackRot
|
July 7, 2023 |
Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities |
https://thehackernews.com/2023/07/google-releases-android-patch-update.html?m=1
|
July 7, 2023 |
Rukovoditel 3.4.1 - Multiple Stored XSS Vulnerability |
https://0day.today/exploit/description/38829
|
July 7, 2023 |
Sales of Cashier Goods v1.0 - Cross Site Scripting Exploit |
https://0day.today/exploit/description/38830
|
July 7, 2023 |
FuguHub 8.1 - Remote Code Execution Exploit |
https://0day.today/exploit/description/38831
|
July 7, 2023 |
POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability |
https://0day.today/exploit/description/38832
|
July 7, 2023 |
WebsiteBaker v2.13.3 - Stored XSS Vulnerability |
https://0day.today/exploit/description/38833
|
July 7, 2023 |
WebsiteBaker v2.13.3 - Directory Traversal Vulnerability |
https://0day.today/exploit/description/38834
|
July 7, 2023 |
D-Link DAP-1325 - Broken Access Control Vulnerability |
https://0day.today/exploit/description/38835
|
July 7, 2023 |
SPIP v4.1.10 - Spoofing Admin account Vulnerability |
https://0day.today/exploit/description/38836
|
July 7, 2023 |
Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38837
|
July 7, 2023 |
Super Store Finder PHP Script 3.6 SQL Injection Vulnerability |
https://0day.today/exploit/description/38848
|
July 7, 2023 |
Beauty Salon Management System v1.0 - SQL injection Vulnerability |
https://0day.today/exploit/description/38847
|
July 7, 2023 |
Car Rental Script 1.8 - Stored Cross-site scripting Vulnerability |
https://0day.today/exploit/description/38846
|
July 7, 2023 |
WBCE CMS 1.6.1 - Open Redirect & CSRF Vulnerability |
https://0day.today/exploit/description/38845
|
July 7, 2023 |
Prestashop 8.0.4 - Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38842
|
July 7, 2023 |
Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38843
|
July 7, 2023 |
Vacation Rental 1.8 - Stored Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38841
|
July 7, 2023 |
PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Vulnerability |
https://0day.today/exploit/description/38844
|
July 7, 2023 |
Wordpress WP AutoComplete 1.0.4 - Unauthenticated SQL injection Vulnerability |
https://0day.today/exploit/description/38839
|
July 7, 2023 |
GZ Forum Script 1.8 - Stored Cross-Site Scripting Vulnerability |
https://0day.today/exploit/description/38838
|
July 7, 2023 |
Steam Community turn up the level Exploit |
https://0day.today/exploit/description/38849
|
July 7, 2023 |
TP-Link TL-WR940N V4 - Buffer OverFlow Exploit |
https://0day.today/exploit/description/38840
|
July 6, 2023 |
CVE-2023-36664: Flaw in Ghostscript Could Allow Command Execution |
https://securityonline.info/cve-2023-36664-flaw-in-ghostscript-could-allow-command-execution/
|
July 5, 2023 |
CVE-2023-37212 Memory safety bugs present in Firefox 114 |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37212
|
July 3, 2023 |
WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability |
https://en.0day.today/exploit/description/38828
|
July 3, 2023 |
Windows 11 22h2 - Kernel Privilege Elevation Exploit |
https://en.0day.today/exploit/description/38816
|
July 3, 2023 |
Apache Druid JNDI Injection Remote Code Execution Exploit |
https://en.0day.today/exploit/description/38825
|
July 3, 2023 |
CVE-2023-27997: heap overflow 👉 preauth RCE in FortiGate firewalls |
https://twitter.com/noperator/status/1674959251435925504
|
July 3, 2023 |
PoC released for Windows Common Log File System 0-Day (CVE-2023-28252) |
https://securityonline.info/poc-released-for-windows-common-log-file-system-0-day-cve-2023-28252/
|
July 3, 2023 |
Windows Common Log File System Driver Elevation of Privilege Vulnerability |
https://github.com/fortra/CVE-2023-28252
|
June 29, 2023 |
CVE-2023-33246_RocketMQ_RCE_EXPLOIT |
https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT
|
June 26, 2023 |
CVE-2023-36675 - MediaWiki - BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
|
June 26, 2023 |
CVE-2023-30261 Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request |
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30261
|
June 23, 2023 |
Directory browsing vulnerability in MCL-Net version 4.3.5.8788 webserver |
https://www.exploit-db.com/exploits/51542?utm_source=dlvr.it&utm_medium=twitter
|
June 23, 2023 |
PoC Released for Windows SysInternals Sysmon Privilege Escalation (CVE-2023-29343) Bug |
https://github.com/Wh04m1001/CVE-2023-29343
|
June 23, 2023 |
Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing |
https://www.exploit-db.com/exploits/51538?utm_source=dlvr.it&utm_medium=twitter
|
June 23, 2023 |
POC for CVE-2023-20887 VMWare Aria Operations for Networks (vRealize Network Insight) unauthenticated RCE |
https://github.com/sinsinology/CVE-2023-20887
|
June 22, 2023 |
WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit |
https://en.0day.today/exploit/description/38804
|
June 22, 2023 |
Exploit released for Cisco AnyConnect bug giving SYSTEM privileges |
https://www.bleepingcomputer.com/news/security/exploit-released-for-cisco-anyconnect-bug-giving-system-privileges/
|
June 22, 2023 |
LibreOffice Arbitrary File Write (CVE-2023-1883) |
https://secfault-security.com/blog/libreoffice.html
|
June 21, 2023 |
CVE-2023-20887 Pre-Authenticated Remote Code Execution in VMWare vRealize Network Insight |
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
|
June 21, 2023 |
Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS) |
https://0day.today/exploit/description/38801
|
June 21, 2023 |
CVE-2023-27997 - Heap buffer overflow in FortiGate SSL VPN |
https://bishopfox.com/blog/cve-2023-27997-vulnerability-scanner-fortigate
|
June 20, 2023 |
cve-2023-33476 - ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. |
http://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
|
June 20, 2023 |
TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow Vulnerability |
https://en.0day.today/exploit/description/38797
|
June 19, 2023 |
Powershell Code Arbitary Execution Builder FUD Exploit |
https://en.0day.today/exploit/description/37910
|
June 19, 2023 |
Symmetricom SyncServer Unauthenticated Remote Command Execution Exploit |
https://en.0day.today/exploit/description/38796
|
June 19, 2023 |
Microsoft Outlook Remote Code Execution 0day Exploit |
https://en.0day.today/exploit/description/38261
|
June 15, 2023 |
Sales Tracker Management System v1.0 - Multiple Vulnerabilities |
https://0day.today/exploit/description/38786
|