GitLab Addressed Authentication Bypass Vulnerability in Community Edition (CE) and Enterprise Edition (EE) (CVE-2024-45409)

GitLab released an update to address a vulnerability in the Community Edition (CE) and Enterprise Edition (EE). Tracked as CVE-2024-45409, the vulnerability has a critical severity rating with a CVSS score of 10. The vulnerability originates from the Ruby SAML library used in multiple GitLab CE/EE versions. The omniauth-saml versions before 2.2.0 and ruby-saml versions before … Continue reading “GitLab Addressed Authentication Bypass Vulnerability in Community Edition (CE) and Enterprise Edition (EE) (CVE-2024-45409)”

Ivanti Patches Multiple Vulnerabilities Impacting Endpoint Manager (EPM)

Ivanti released security updates to 16 security vulnerabilities of varying severities. Ten of these vulnerabilities are given a critical severity rating, while two are rated high and four are rated medium. Successful exploitation of the vulnerabilities could lead to unauthorized access to the EPM core server.

GitLab Patches Multiple Vulnerabilities impacting Community Edition (CE) and Enterprise Edition (EE)

GitLab released a security advisory to address 18 vulnerabilities in GitLab Community Edition (CE) and Enterprise Edition (EE). One of these vulnerabilities tracked as CVE-2024-6678, is given a critical severity rating with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an attacker to trigger a pipeline as an arbitrary user.

Microsoft Patch Tuesday, September 2024 Security Update Review

Microsoft’s September Patch Tuesday updates are out, addressing a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications. Microsoft Patch’s Tuesday, September 2024 edition addressed 79 vulnerabilities, including six critical and 71 important severity vulnerabilities. In this month’s updates, Microsoft has addressed four zero-day vulnerabilities known to be exploited … Continue reading “Microsoft Patch Tuesday, September 2024 Security Update Review”

Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469)

Cisco warned its customers about a security flaw impacting the Cisco Identity Services Engine (ISE), which has a publicly available exploit code. Tracked as CVE-2024-20469, the vulnerability may allow an attacker to perform command injection attacks on the underlying operating system and elevate privileges to root. Rafal Lykowski and Alexandre Labbé of A1 Digital International … Continue reading “Cisco Patches Identity Services Engine (ISE) Vulnerability with Public Exploit Code (CVE-2024-20469)”

Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication

Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise. One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker … Continue reading “Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication”

South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)

APT-C-60, a South Korea-aligned cyber espionage group, has been exploiting a zero-day vulnerability in the Windows version of WPS Office. Attackers exploited the vulnerability to install the SpyGlace backdoor on East Asian targets. Tracked as CVE-2024-7262, the vulnerability allows an attacker to perform remote code execution. ESET (Electronic Systems Engineering Technology) researchers have discovered and … Continue reading “South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)”

Unauthorized Access Vulnerability in InPost PL and WooCommerce Plugin (CVE-2024-6500)

The InPost for WooCommerce and InPost PL WordPress plugins are tools designed to integrate InPost’s parcel locker delivery services with WooCommerce and WordPress websites. The InPost for WooCommerce plugin allows customers to choose InPost parcel lockers as a delivery option during checkout, streamlining shipping processes.

WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386)

A critical vulnerability has been discovered in a popular WordPress plugin called WPML, tracked as CVE-2024-6368, with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an authenticated attacker to execute arbitrary code on the vulnerable server. The vulnerability was first disclosed to WordPress in June 2024 and was fully patched in … Continue reading “WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386)”