Saturday, January 25, 2025

Vulnerability

OpenVPN Easy-rsa Vulnerability Allows Attacker to Bruteforce Private CA key

A significant security vulnerability, designated as CVE-2024-13454, has been discovered in the OpenVPN Easy-RSA tool, specifically affecting versions from 3.0.5 to 3.2.0 that utilize...

Vim Command Line Text Editor Segmentation Vulnerability Patched

Christian Brabandt, a prominent figure in the Vim community, announced the patching of a medium-severity segmentation fault vulnerability identified as CVE-2025-24014.The vulnerability, discovered in versions...

Multiple Azure DevOps Vulnerabilities Let Inject CRLF Queries & Rebind DNS

Researchers uncovered several significant vulnerabilities within Azure DevOps, specifically focusing on potential Server-Side Request Forgery (SSRF) weaknesses.The findings highlight the importance of robust...

Researchers Used ChatGPT to Discover S3 Bucket Takeover Vulnerability in Red Bull

Bug bounty programs have emerged as a critical avenue for researchers to identify vulnerabilities in digital platforms.One such success story involves a recent discovery...

ChatGPT Crawler Vulnerability Abused to Trigger Reflexive DDoS Attacks

Security researchers have uncovered a severe vulnerability in OpenAI's ChatGPT API, allowing attackers to exploit its architecture for launching Reflective Distributed Denial of Service...

PoC Exploit Released for QNAP RCE Vulnerability

A critical remote code execution (RCE) vulnerability, tracked as CVE-2024-53691, has recently come to light, affecting users of QNAP's QTS and QuTS Hero operating...

Multiple HPE Aruba Network Vulnerabilities Allows Remote Arbitrary Code Execution

 Hewlett Packard Enterprise (HPE) has confirmed multiple vulnerabilities in its Aruba Networking products that could allow remote arbitrary code execution.These vulnerabilities, CVE-2025-23051 and CVE-2025-23052,...

Hackers Easily Bypass Active Directory Group Policy to Allow Vulnerable NTLMv1 Auth Protocol

Researchers have discovered a critical flaw in Active Directory’s NTLMv1 mitigation strategy, where misconfigured on-premises applications can bypass Group Policy settings intended to disable...