Veeam released a security advisory to address six vulnerabilities of varying severities. Successful exploitation of the vulnerabilities may allow remote attackers to execute arbitrary code, leading to possible system compromise. One of the six vulnerabilities tracked as CVE-2024-40711 has a critical severity rating with a CVSS score of 9.8. The vulnerability may allow an attacker … Continue reading “Veeam Patches Multiple Vulnerabilities Impacting Backup and Replication”
South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)
APT-C-60, a South Korea-aligned cyber espionage group, has been exploiting a zero-day vulnerability in the Windows version of WPS Office. Attackers exploited the vulnerability to install the SpyGlace backdoor on East Asian targets. Tracked as CVE-2024-7262, the vulnerability allows an attacker to perform remote code execution. ESET (Electronic Systems Engineering Technology) researchers have discovered and … Continue reading “South Korean Attackers Group Exploits WPS Office Vulnerability (CVE-2024-7262)”
Unauthorized Access Vulnerability in InPost PL and WooCommerce Plugin (CVE-2024-6500)
The InPost for WooCommerce and InPost PL WordPress plugins are tools designed to integrate InPost’s parcel locker delivery services with WooCommerce and WordPress websites. The InPost for WooCommerce plugin allows customers to choose InPost parcel lockers as a delivery option during checkout, streamlining shipping processes.
SonicWall SonicOS Improper Access Control Vulnerability (CVE-2024-40766)
SonicWall firewall is vulnerable to a critical severity flaw, which may allow attackers to gain unauthorized access to the devices. Tracked as CVE-2024-40766, the vulnerability has a CVSS score of 9.3.
WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386)
A critical vulnerability has been discovered in a popular WordPress plugin called WPML, tracked as CVE-2024-6368, with a CVSS score of 9.9. Successful exploitation of the vulnerability may allow an authenticated attacker to execute arbitrary code on the vulnerable server. The vulnerability was first disclosed to WordPress in June 2024 and was fully patched in … Continue reading “WordPress Multilingual Plugin (WPML) CMS Server-Side Template Injection Vulnerability (CVE-2024-6386)”
SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)
SolarWinds released a security advisory to address a critical vulnerability impacting its Web Help Desk (WHD). Tracked as CVE-2024-28987, the vulnerability has a CVSS score of 9.1. Successful exploitation of the vulnerability may allow a remote, unauthenticated user to access internal functionality and modify data. CISA acknowledged the active exploitation of CVE-2024-28987 by adding it … Continue reading “SolarWinds Web Help Desk Hardcoded Credential Vulnerability (CVE-2024-28987)”
Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)
For the ninth time this year, Google Chrome users are urged to update their browsers immediately as a new zero-day vulnerability has been discovered. Google released a security advisory to address the zero-day vulnerability tracked as CVE-2024-7971. CVE-2024-7971 is a type confusion vulnerability in Chrome’s V8 JavaScript engine. Security researchers with the Microsoft Threat Intelligence … Continue reading “Google Patches Ninth Chrome Zero-day Vulnerability of the Year (CVE-2024-7971)”
GitHub Patches Multiple Security Vulnerabilities (CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711)
GitHub released security advisories to address three security vulnerabilities in Enterprise Server (GHES). Tracked as CVE-2024-6800, CVE-2024-6337, & CVE-2024-7711, these vulnerabilities may allow attackers to gain unauthorized access and manipulate repositories. CVE-2024-6800 has been given a critical severity rating with a CVSS score of 9.5.
SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986)
SolarWinds Web Help Desk has been identified as vulnerable to a Java Deserialization Remote Code Execution vulnerability, which was tracked as CVE-2024-28986. The vulnerability has been given a critical severity rating and a CVSS score of 9.8. Successful exploitation of the vulnerability may allow an attacker to execute commands on target systems. The advisory states that … Continue reading “SolarWinds Web Help Desk (WHD) Java Deserialization Vulnerability (CVE-2024-28986)”
Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)
Ivanti released an advisory to address a critical severity vulnerability impacting Ivanti Virtual Traffic Manager. Tracked as CVE-2024-7593, the vulnerability has a CVSS score of 9.8. A remote, unauthenticated attacker may bypass authentication and create administrative users on successful exploitation. The vulnerability originates from an incorrect implementation of an authentication algorithm. Ivanti mentioned in the … Continue reading “Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability (CVE-2024-7593)”