CVE-2023-38545, A High Severity cURL and libcurl CVE, to be published on October 11th
New Information From Rezilion Research A high-severity cURL vulnerability (CVE-2023-38545) is expected to be published in tandem with the 8.4.0 releases of the package on October 11th. While not much is known about the nature of the vulnerability, according to Daniel Stenberg, Curl’s creator and core maintainer, the vulnerability is ... Read More
Report: The Risk of Generative AI and Large Language Models
Generative AI has reshaped the digital content landscape, with Large Language Models (LLMs) like GPT pushing the boundaries of what machines can create. However, as this technology rapidly enters the market, are we giving enough attention to its security aspects and generative AI risk? In the following research, we delve ... Read More
Fortinet Discreetly Patches CVE-2023-27997, a Known Exploited Vulnerability
According to Fortinet, 110 vulnerabilities affecting Fortinet software were announced since the beginning of 2023. On June 8th, security fixes were released in FortiOS firmware versions 6.0.17, 6.2.15, 6.4.13, 7.0.12, and 7.2.5. Interestingly, no specific reference to a CVE patch was provided, raising questions about the nature and extent of ... Read More
CVE-2023-34362 – MOVEit Transfer Zero-Day SQL Injection Vulnerability Actively Exploited in the Wild
Progress Software has recently (May 31st, 2023) released a security advisory regarding a critical zero-day vulnerability affecting ALL VERSIONS of the company’s MOVEit product which is being actively exploited in the wild in order to exfiltrate data from targeted environments. The vulnerability has been already added to the CISA KEV ... Read More
Control Web Panel Vulnerability, CVE-2022-44877, Actively Exploited in the Wild
This post offers details on the Control Web Panel Vulnerability, CVE-2022-44877, which is actively being exploited in the wild. If you are using Control Web Panel in any version below 0.9.8.1147, make sure to patch as soon as possible. While CVE-2022-44877, a critical vulnerability affecting Control Web Panel (a popular ... Read More
Everything you need to know about the SPNEGO NEGOEX CVE-2022-37958
CVE-2022-37958 is a vulnerability in the SPNEGO NEGOEX security mechanism in Windows released by Microsoft on the 13th of September 2022 with a CVSS score of 7.5. However, on December 13th a few interesting events around the vulnerability occurred: Microsoft released the following revision update: Updated the severity, impact, and ... Read More
Log4Shell Anniversary: One Year Later, What Has Changed?
The Log4Shell anniversary is here. It has been a year since the initial discovery and publication of Log4Shell (CVE-2021-44228), which was without a doubt one of the most meaningful vulnerabilities in recent years. Rezilion researchers examined what has changed during the course of this year in terms of the Log4Shell ... Read More
Is Your Vulnerability Scanner Giving You Reliable Results?
In a software-driven world, the number of newly discovered software vulnerabilities is constantly on the rise globally. Organizations rely on vulnerability scanners and Software Composition Analysis (SCA) tools to detect vulnerabilities in their software. But new research from Rezilion finds that relying on vulnerability scanners does not guarantee reliable results ... Read More
