Vulnerabilities

Zyxel has released software updates to fix a serious security issue in certain access point (AP) and security router versions. This flaw could allow the execution of unauthorized commands. The vulnerability known as CVE-2024-7261 (CVSS score: 9.8) involves an operating system (OS) command injection. “The improper neutralization of special elements …

VMware released a security advisory for a major vulnerability in the VMware Fusion product. This vulnerability could be exploited by attackers to run malicious code. CVE-2024-38811 is a vulnerability caused by using an insecure environment variable in the application, with a CVSSv3 score of 8.8, making it important. VMware Fusion …

Indian Computer Emergency Response Team (CERT-IN) issued advisories about multiple vulnerabilities in various Palo Alto Networks applications. Attackers could exploit these vulnerabilities to access systems without permission, steal important information, and potentially run harmful code. Vulnerabilities in Palo Alto Networks: The vulnerabilities include CVE-2024-5915, CVE-2024-5916, and CVE-2024-5914. GlobalProtect App: Privilege …

There is a new way to attack Atlassian Confluence using the vulnerability CVE-2023-22527. The Confluence Data Center and Server products have the vulnerability that has been exploited using the Godzilla backdoor, which is a complex malware that doesn’t use files. Understanding CVE-2023-22527: CVE-2023-22527 is a critical vulnerability with a CVSS …

A Google Cloud Storage bucket linked to Alice’s Table, a Shark Tank contestant offering virtual floral arrangement classes, has leaked personal data of over 83,000 customers. Cybernews and Cyble researchers found a misconfigured cloud bucket while investigating. Researchers found that the Google bucket belonged to Alice’s Table, a company founded …

CISA issued a warning about a security flaw in Apache OFBiz, an ERP system. The vulnerability is being actively exploited and has been added to CISA’s Known Exploited Vulnerabilities catalog as CVE-2024-38856. CVE-2024-38856 is a serious security flaw in Apache OFBiz. It allows attackers to run code on a remote …

Lumen Technologies’ malware hunters have discovered Chinese APT group Volt Typhoon using a new zero-day exploit in Versa Director servers. They used this exploit to steal credentials and gain unauthorized access to the networks of downstream customers. CVE-2024-39717 is a serious vulnerability that CISA added to their must-patch list after …

SonicWall released security updates to fix a critical flaw in its firewalls. If exploited, this flaw could give unauthorized access to malicious actors. The vulnerability is known as CVE-2024-40766 and has a CVSS score of 9.3. It is an access control issue. “An improper access control vulnerability has been identified …

Dell Technologies identified a security vulnerability in Dell Power Manager (DPM), in versions 3.15.0 and older. The vulnerability, named CVE-2024-39576, allows a low-privileged attacker with local access to execute code and gain higher privileges. Vulnerability Details: Lefteris Panos from LRQA Nettitude found the vulnerability in Dell Power Manager. This vulnerability …

CISA warned about two important vulnerabilities in Dahua IP cameras and related products. Though these vulnerabilities were discovered in 2021, CISA has now added them to its catalog “based on evidence of active exploitation.” CISA stated that Dahua IP cameras and related products have authentication bypass vulnerabilities. Attackers can bypass …