Remote Code Execution
ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708)
Uncover critical security flaws in ConnectWise ScreenConnect (CVE-2024-1709 & CVE-2024-1708) posing remote code execution risks. Actively exploited in the wild. The post ScreenConnect Authentication Bypass (CVE-2024-1709 & CVE-2024-1708) appeared first on Indusface ...
Critical PixieFail Vulnerabilities Lead to RCE and DoS Attacks
A set of critical security vulnerabilities has been found in the TCP/IP network protocol stack of an open-source reference implementation of the Unified Extensible Firmware Interface (UEFI) specification. Named PixieFail by Quarkslab, ...
GitHub Vulnerability: Key Rotation Amid High-Severity Threat
In recent developments, GitHub, a Microsoft-owned subsidiary, has taken proactive measures to address a security vulnerability potentially exposing credentials within production containers. In this article, we’ll analyze the GitHub vulnerability incident, shedding ...
Protect AI Report Surfaces MLflow Security Vulnerabilities
Protect AI identified RCE vulnerabilities in the MLflow life cycle management tool that can be used to compromise AI models ...
What is XML-RPC? Benefits, Security Risks, and Detection Techniques
vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks The post What is XML-RPC? Benefits, Security Risks, ...
Securing Networks: Addressing pfSense Vulnerabilities
In recent findings by Sonar, critical security vulnerabilities have emerged within the widely-used open-source Netgate pfSense firewall solution, potentially exposing susceptible appliances to unauthorized command execution. These pfSense vulnerabilities, comprising two reflected ...
Apache ActiveMQ Vulnerability: The Threat That Cannot Be Ignored
Apache ActiveMQ vulnerability, known as CVE-2023-46604, is a remote code execution (RCE) flaw rated at a critical 10.0 on the CVSS v3 scale ...
Code Execution Update: Improve WordPress Security
In the ever-evolving landscape of digital security, WordPress has recently released a critical code execution update, version 6.4.2, addressing a potential threat that could jeopardize the integrity of vulnerable sites. This update, ...
CACTUS Qlik Ransomware: Vulnerabilities Exploited
A cyberattack campaign dubbed the CACTUS Qlik Ransomware has become prominent in ransomware attacks on BI systems. Researchers have warned of threat actors exploiting three Qlik security vulnerabilities to target different organizations ...
SonicWall WXA – Authentication Bypass and Remote Code Execution Vulnerability
Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we ...