vulnerability
Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering web pages on Windows – “was …
Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary …
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers …
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
September 2024 Patch Tuesday is here and Microsoft has delivered 79 fixes, including those for a handful of zero-days (CVE-2024-38217, CVE-2024-38226, CVE-2024-38014, …
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2024-40766 – a recently fixed improper access control vulnerability affecting …
Zyxel fixes critical command injection flaw in EOL NAS devices (CVE-2024-6342)
Users of Zyxel network-attached storage (NAS) devices are urged to implement hotfixes addressing a critical and easily exploited command injection vulnerability …
Veeam Backup & Replication RCE flaw may soon be leveraged by ransomware gangs (CVE-2024-40711)
CVE-2024-40711, a critical vulnerability affecting Veeam Backup & Replication (VBR), could soon be exploited by attackers to steal enterprise data. Discovered and …
Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195)
For the fourth time in the last five months, Apache OFBiz users have been advised to upgrade their installations to fix a critical flaw (CVE-2024-45195) that could lead to …
Critical flaw in Zyxel’s secure routers allows OS command execution via cookie (CVE-2024-7261)
Zyxel has patched a myriad of vulnerabilities in its various networking devices, including a critical one (CVE-2024-7261) that may allow unauthenticated attackers to execute …
Critical Fortra FileCatalyst Workflow vulnerability patched (CVE-2024-6633)
Organizations using Fortra’s FileCatalyst Workflow are urged to upgrade their instances, so that attackers can’t access an internal HSQL database by exploiting …
SonicWall patches critical flaw affecting its firewalls (CVE-2024-40766)
SonicWall has patched a critical vulnerability (CVE-2024-40766) in its next-gen firewalls that could allow remote attackers unauthorized access to resources and, in specific …
Another critical SolarWinds Web Help Desk bug fixed (CVE-2024-28987)
A week after SolarWinds released a fix for a critical code-injection-to-RCE vulnerability (CVE-2024-28986) in Web Help Desk (WHD), another patch for another critical flaw …