InfoSecBulletin Cybersecurity for mankind
CVE-2024-20953 is a vulnerability in Oracle Agile PLM, a product lifecycle management tool. With a CVSS score of 8.8, it allows low-privileged attackers with HTTP network access to exploit systems running version 9.3.6. This could result in complete system takeover, risking sensitive supply chain data and business operations.
The vulnerability in Oracle Agile PLM is a major concern for organizations due to its easy exploitation and potential for widespread impact.
CVE-2024-20953
CISA Flags Oracle Agile PLM Actively Exploited Security Flaw
Stablecoin Bank Hacked – Hackers Stolen $49.5M
CVE-2025-20029
PoC Exploit Released for F5 BIG-IP Command Injection Vuln
By 1 April 2025
Australia Bans Kaspersky on its govt systems and devices
CISA Flags Craft CMS Code Injection Flaw Amid Active Attacks
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA has added certain vulnerabilities to the KEV catalog, signifying a serious ongoing threat, even though details about the attacks are unclear. They have instructed Federal Civilian Executive Branch agencies to patch their systems by March 17, 2025. However, all organizations using the affected software are urged to prioritize patching right away.
CISA has identified another critical vulnerability, CVE-2017-3066, affecting older versions of Adobe ColdFusion. This flaw has a CVSS score of 9.8 and arises from a Java deserialization issue in the Apache BlazeDS library. Exploiting this vulnerability allows attackers to execute arbitrary code, gaining full access to affected systems. A publicly available proof-of-concept exploit increases the risk of widespread attacks.
ColdFusion 2016 Update 3 and earlier, ColdFusion 11 Update 11 and earlier, and ColdFusion 10 Update 22 and earlier are especially vulnerable.
