vulnerability
NSFOCUS Research Labs Acknowledged by MSRC for Reporting Azure Database Service RCE Vulnerability
Overview NSFOCUS received acknowledgments from the Microsoft Security Response Center (MSRC) for reporting Azure Database Service RCE Vulnerability. Azure Database for PostgreSQL – Flexible Server is a relational database service based on the ...
Imperva Customers are Protected Against New SQL Injection Vulnerability in WordPress Plugin
A critical security flaw, identified as CVE-2024-1071, was discovered in the Ultimate Member plugin for WordPress, affecting over 200,000 active installations. This vulnerability has a high severity CVSS score of 9.8 and ...
The curious case of ‘csrf-magic’: A case study in supply chain poisoning
Back in the day, Ivanti disclosed CVE-2021-44529, a critical "code injection" vulnerability in its EPM Cloud Services Appliance (CSA) product ...
ConnectWise ScreenConnect Vulnerability: Urgent Update
ConnectWise announce ScreenConnect vulnerability, with admins urged to update on-prem servers to 23.9.8, immediately : ScreenConnect 23.9.8 Update Here : Earlier this week, critical vulnerabilities were disclosed by ConnectWise in their widely ...
Imperva successfully defends against CVE-2024-25600 in WordPress Bricks Builder
A critical vulnerability in the Bricks Builder site builder for WordPress, identified as CVE-2024-25600, is currently under active exploitation, and poses a significant threat to over 25,000 sites. This flaw, with a ...
ConnectWise Says ScreenConnect Flaw Being Actively Exploited
Hackers are actively exploiting critical security flaws in ConnectWise’s remote desktop access tool just days after the software maker alerted customers of the vulnerabilities. ConnectWise learned of the bugs – tracked as ...
VMware Urges Immediate EAP Uninstall: CVE-2024-22245
VMware is making an urgent call for admins to uninstall the now-defunct authentication plugin, EAP: CVE-2024-22245/ CVE-2024-22250 The Enhanced Authentication Plugin (EAP), once a staple for seamless vSphere management interface logins via ...
Attackers Quick to Weaponize CVE-2023-22527 for Malware Delivery
On January 16, 2024, Atlassian disclosed a critical vulnerability affecting Confluence Data Center and Confluence Server, tracked as CVE-2023-22527. The vulnerability is an unauthenticated OGNL injection bug, allowing unauthenticated attackers to execute ...
XSS Marks the Spot: Digging Up Vulnerabilities in ChatGPT
With its widespread use among businesses and individual users, ChatGPT is a prime target for attackers looking to access sensitive information. In this blog post, I’ll walk you through my discovery of ...
Critical Vulnerability in Microsoft Office Suite: CVE-2024-21413
Microsoft has reported a critical vulnerability in Office Suite, dubbed CVE-2024-21413, requiring immediate patching In a recent revelation, Microsoft has highlighted a critical vulnerability in its Office suite, identified as CVE-2024-21413, which ...
