InfoSecBulletin Cybersecurity for mankind
CVE-2024-20953 is a vulnerability in Oracle Agile PLM, a product lifecycle management tool. With a CVSS score of 8.8, it allows low-privileged attackers with HTTP network access to exploit systems running version 9.3.6. This could result in complete system takeover, risking sensitive supply chain data and business operations.
The vulnerability in Oracle Agile PLM is a major concern for organizations due to its easy exploitation and potential for widespread impact.
OpenAI Offering $100K Bounties for Critical Vulns
Splunk Alert User RCE and Data Leak Vulns
CIRT alert Situational Awareness for Eid Holidays
Cyberattack on Malaysian airports: PM rejected $10 million ransom
Micropatches released for Windows zero-day leaking NTLM hashes
VMware Patches Authentication Bypass Flaw in Windows Tool
IngressNightmare
Over 40% of cloud environments are vulnerable to RCE
(CVE-2025-29927)
Urgently Patch Your Next.js for Authorization Bypass
Oracle refutes breach after hacker claims 6 million data theft
Russian zero-day seller to offer up to $4 million for Telegram exploits
CISA has added certain vulnerabilities to the KEV catalog, signifying a serious ongoing threat, even though details about the attacks are unclear. They have instructed Federal Civilian Executive Branch agencies to patch their systems by March 17, 2025. However, all organizations using the affected software are urged to prioritize patching right away.
CISA has identified another critical vulnerability, CVE-2017-3066, affecting older versions of Adobe ColdFusion. This flaw has a CVSS score of 9.8 and arises from a Java deserialization issue in the Apache BlazeDS library. Exploiting this vulnerability allows attackers to execute arbitrary code, gaining full access to affected systems. A publicly available proof-of-concept exploit increases the risk of widespread attacks.
ColdFusion 2016 Update 3 and earlier, ColdFusion 11 Update 11 and earlier, and ColdFusion 10 Update 22 and earlier are especially vulnerable.
