Monday, November 25, 2024

Vulnerability

XSS Vulnerability in Bing.com Let Attackers Send Crafted Malicious Requests

A significant XSS vulnerability was recently uncovered in Microsoft’s Bing.com, potentially allowing attackers to execute malicious JavaScript and send crafted requests to interconnected Microsoft applications like Outlook, OneDrive, and...

7-Zip RCE Vulnerability Let Attackers Execute Remote Code

A critical security vulnerability has been disclosed in the popular file archiving tool 7-Zip, allowing attackers to execute arbitrary code remotely.The flaw, identified...

FortiClient VPN Flaw Enables Undetected Brute-Force Attacks

A design flaw in the logging mechanism of Fortinet's VPN servers has been uncovered, allowing attackers to conduct brute-force attacks without detection.This vulnerability,...

macOS WorkflowKit Race Vulnerability Allows Malicious Apps to Intercept Shortcuts

A race condition vulnerability in Apple's WorkflowKit has been identified, allowing malicious applications to intercept and manipulate shortcuts on macOS systems.This vulnerability, cataloged...

Trend Micro Deep Security Vulnerable to Command Injection Attacks

Trend Micro has released a critical update addressing a remote code execution (RCE) vulnerability (CVE-2024-51503) in its Trend Micro Deep Security 20 Agent.This...

CISA Warns Kemp LoadMaster OS Command Injection Vulnerability Exploited in Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent security advisory warning organizations about an active exploitation of a critical vulnerability in Progress...

Apache Kafka Vulnerability Let Attackers Escalate Privileges

A newly identified vulnerability tracked as CVE-2024-31141, has been discovered in Apache Kafka Clients that could allow attackers to escalate privileges and gain unauthorized filesystem read access....

Zohocorp ManageEngine ADAudit Plus SQL Injection Vulnerability

Zohocorp, the company behind ManageEngine, has released a security update addressing a critical SQL injection vulnerability in its ADAudit Plus software.The flaw, identified...

Citrix Virtual Apps & Desktops Zero-Day Vulnerability Exploited in the Wild

A critical new vulnerability has been discovered in Citrix’s Virtual Apps and Desktops solution, which is widely used to facilitate secure remote access to...

Sonatype Nexus Repository Manager Hit by RCE & XSS Vulnerability

Sonatype, the company behind the popular Nexus Repository Manager, has issued security advisories addressing two critical vulnerabilities affecting Nexus Repository 2.x OSS/Pro versions.These...

GeoVision 0-Day Vulnerability Exploited in the Wild

Cybersecurity researchers have detected the active exploitation of a zero-day vulnerability in GeoVision devices, which the manufacturer no longer supports.The vulnerability, now designated as...