Craft CMS is vulnerable to a security vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Tracked as CVE-2023-41892, the vulnerability has been given a critical severity with a CVSS score of 9.8. Craft is a flexible, user-friendly CMS that helps create custom digital experiences on the web and beyond. The … Continue reading “Craft CMS Remote Code Execution Vulnerability (CVE-2023-41892)”
Tag: Remote Code Execution Vulnerability
CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)
Apache RocketMQ servers have a vulnerability that attackers were exploiting. CVE-2023-33246 is a critical severity vulnerability that may allow an attacker to perform remote code execution on successful exploitation. Security researchers at Juniper Threat Labs have recently reported the exploitation of the vulnerability by DreamBus botnet malware. CISA has acknowledged its active exploitation by adding … Continue reading “CISA Added Apache RocketMQ Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-33246)”
CISA Added Citrix ShareFile StorageZones Controller Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-24489)
A critical severity vulnerability in the customer-managed ShareFile storage zones controller is exploited in the wild. CVE-2023-24489 has been given a CVSS score of 9.1. Successful exploitation of the vulnerability may allow an unauthenticated attacker to compromise the customer-managed ShareFile storage zones controller remotely. The vulnerability arises due to improper resource control that may lead … Continue reading “CISA Added Citrix ShareFile StorageZones Controller Vulnerability to its Known Exploited Vulnerabilities Catalog (CVE-2023-24489)”
Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)
Atlassian Confluence Server & Data Center and Bamboo Data Center are affected by high-severity vulnerabilities: CVE-2023-22505, CVE-2023-22506, and CVE-2023-22508. The vulnerabilities may allow attackers to perform remote code execution on successful exploitation. Anonymous researchers have discovered and reported these vulnerabilities to Atlassian via their Bug Bounty and Penetration Testing programs. In February 2023, Atlassian addressed … Continue reading “Atlassian Patches Remote Code Execution Vulnerabilities in Confluence and Bamboo (CVE-2023-22505, CVE-2023-22506, & CVE-2023-22508)”
Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)
A new critical severity vulnerability (CVE-2023-3519) in the NetScaler ADC and NetScaler Gateway is being exploited in the wild. CVE-2023-3519 may allow an unauthenticated attacker to perform remote code execution on the target system. The advisory addressed two more vulnerabilities: CVE-2023-3466 CVE-2023-3467 Wouter Rijkbost and Jorren Geurts of Resillion have discovered the vulnerabilities addressed in … Continue reading “Citrix Application Delivery Controller (ADC) and Citrix Gateway Multiple Vulnerabilities (CVE-2023-3519, CVE-2023-3466, and CVE-2023-3467)”
VMware Patched Multiple Critical Vulnerabilities in Aria Operations for Networks (CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889)
VMware has released a security advisory to address multiple critical vulnerabilities affecting Aria Operations for Networks (formerly vRealize Network Insight). CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889 have been given Critical and Important Severity ratings with CVSS scores of 9.8, 9.1, and 8.8, respectively. Successful exploitation of these vulnerabilities may allow an attacker to perform command injection and/or … Continue reading “VMware Patched Multiple Critical Vulnerabilities in Aria Operations for Networks (CVE-2023-20887, CVE-2023-20888, and CVE-2023-20889)”
Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)
Apache has released a patch to address a session validation vulnerability in Superset. CVE-2023-27524 has been rated as high, with a CVSS score of 8.9. On successful exploitation, the vulnerability may allow an attacker to authenticate and access unauthorized resources and execute arbitrary code on the target system. On January 8, 2024, CISA added the … Continue reading “Apache Patches Session Validation Vulnerability in Superset (CVE-2023-27524)”
PaperCut NG Remote Code Execution Vulnerability Exploited in the Wild (CVE-2023-27350)
PaperCut, a print manager software, has a remote code execution vulnerability that is being actively exploited. CVE-2023-27350 has been rated as critical with a CVSS Base Score of 9.8. Successful exploitation of the vulnerability allows unauthenticated attackers to perform remote code execution to compromise the vulnerable PaperCut application server. The vendor mentioned in the advisory … Continue reading “PaperCut NG Remote Code Execution Vulnerability Exploited in the Wild (CVE-2023-27350)”
Vm2 Patches Critical Remote Code Execution Vulnerabilities in JavaScript Sandbox Library (CVE-2023-30547 and CVE-2023-29199)
Two critical vulnerabilities affecting its JavaScript Sandbox Library are addressed by vm2. Both the vulnerabilities CVE-2023-29199 and CVE-2023-30547 are given a CVSS score of 9.8. Successful exploitation of these vulnerabilities may allow an attacker to perform remote code execution. Seung Hyun Lee) of KAIST Hacking Lab has discovered the vulnerabilities and released proof-of-concept (PoC) (CVE-2023-29199 … Continue reading “Vm2 Patches Critical Remote Code Execution Vulnerabilities in JavaScript Sandbox Library (CVE-2023-30547 and CVE-2023-29199)”
vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)
vm2 has released a patch for a critical severity vulnerability (CVE-2023-29017) with a CVSS score of 9.8. Korea Advanced Institute of Science and Technology (KAIST) WSP Lab has discovered the vulnerability. The vulnerability originates from improper input handling of host objects. A proof-of-concept exploit has been made public on GitHub, explaining the severity and … Continue reading “vm2 JavaScript Sandbox Library Remote Code Execution Vulnerability (CVE-2023-29017)”
