Hackers start exploiting critical Atlassian Confluence RCE flaw

January 22, 2024 at 08:45AM Security researchers detect exploitation attempts for the critical CVE-2023-22527 vulnerability affecting older Atlassian Confluence servers, potentially exposing them to remote code execution. Atlassian provides fixes for affected versions and reports multiple attempts to exploit the flaw, mainly from Russian IP addresses. Server administrators are advised to update to a secure … Read more

New Critical RCE Vulnerability Discovered in Apache Struts 2 – Patch Now

December 12, 2023 at 01:00AM Apache has issued a critical security advisory for a flaw in Struts 2, a Java web application framework, potentially allowing remote code execution. Tracked as CVE-2023-50164, the flaw affects various versions, with patches available for some. No workarounds exist, and upgrades to versions 2.5.33 and 6.3.0.2 or higher are highly … Read more

Critical RCE flaws found in SolarWinds access audit solution

October 20, 2023 at 11:06AM Researchers discovered three critical remote code execution vulnerabilities in SolarWinds Access Rights Manager (ARM), allowing attackers to run code with SYSTEM privileges. SolarWinds ARM helps organizations manage and audit user access rights. The vendor promptly released a patch in version 2023.2.1 of the system. The vulnerabilities’ severity ratings are all … Read more