SonicWall firewall is vulnerable to a critical severity flaw, which may allow attackers to gain unauthorized access to the devices. Tracked as CVE-2024-40766, the vulnerability has a CVSS score of 9.3.
WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386)
A critical vulnerability has been discovered in a popular WordPress plugin called WPML, tracked as CVE-2024-6368, with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an authenticated attacker to execute arbitrary code on the vulnerable server. The vulnerability was first disclosed to WordPress in June 2024 and was fully patched in … Continue reading “WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386)”
SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)
SolarWinds released a security advisory to address a critical vulnerability impacting its Web Help Desk (WHD). Tracked as CVE-2024-28987, the vulnerability has a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote, unauthenticated user to access internal functionality and modify data.
Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)
For the ninth time this year, Google Chrome users are urged to update their browsers immediately as a new zero-day vulnerability has been discovered. Google released a security advisory to address the zero-day vulnerability tracked as CVE-2024-7971. CVE-2024-7971 is a type confusion vulnerability in Chrome’s V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence … Continue reading “Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)”
GitHub Patches Multiple Security Vulnerabilities (CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711)
GitHub released security advisories to address three security vulnerabilities in Enterprise Server (GHES). Tracked as CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711, these vulnerabilities may allow attackers to gain unauthorized access and manipulate repositories. CVE-2024-6800 has been given a critical severity rating with a CVSS score of 9.5.
SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986)
SolarWinds Web Help Desk has been identified as vulnerable to a Java Deserialization Remote Code Execution vulnerability, which was tracked as CVE-2024-28986. The vulnerability has been given a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to execute commands on target systems. The advisory states that … Continue reading “SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986)”
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)
Ivanti released an advisory to address a critical severity vulnerability impacting Ivanti Virtual Traffic Manager. Tracked as CVE-2024-7593, the vulnerability has a CVSS score of 9.8. A remote, unauthenticated attacker may bypass authentication and create administrative users on successful exploitation. The vulnerability originates from an incorrect implementation of an authentication algorithm. Ivanti mentioned in the … Continue reading “Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)”
Microsoft Patch Tuesday, August 2024 Security Update Review
Microsoft’s August Patch Tuesday updates are out, and they address a range of vulnerabilities across multiple products. Let’s dive into the key updates and their implications. Microsoft Patch’s Tuesday, August 2024 edition addressed 102 vulnerabilities, including nine critical and 77 important severity vulnerabilities. In this month’s updates, Microsoft has addressed six actively exploited vulnerabilities, along … Continue reading “Microsoft Patch Tuesday, August 2024 Security Update Review”
Elasticsearch Kibana Arbitrary Code Execution Vulnerability (CVE-2024-37287)
Kibana, a data visualization tool, released a patch to address a critical severity flaw that may allow an attacker to perform arbitrary code execution on target systems. Tracked as CVE-2024-37287, the vulnerability has a CVSS score of 9.9.
Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)
Apache OFBiz is vulnerable to a pre-authentication flaw that can lead to remote code execution. Tracked as CVE-2024-38856, the vulnerability has a critical severity rating with a CVSS score of 9.8. SonicWall has discovered and reported the vulnerability to Apache. Successful exploitation of the vulnerability may allow an attacker to execute arbitrary code remotely, leading … Continue reading “Apache OFBiz Remote Code Execution Vulnerability (CVE-2024-38856)”