September 5, 2024 at 05:35PM Apache has addressed a critical security vulnerability in its OFBiz software, allowing attackers to execute arbitrary code on Linux and Windows servers. The flaw, tracked as CVE-2024-45195, was discovered by Rapid7. This is a remote code execution issue caused by a forced browsing weakness. Users are urged to upgrade to … Read more
February 7, 2024 at 07:57PM Fortinet warns of two unpatched patch bypasses, tracked as CVE-2024-23108 and CVE-2024-23109, for the critical remote code execution vulnerability in FortiSIEM. Originally considered duplicates, Fortinet now confirms they are valid variants of the original flaw, CVE-2023-34992. Upcoming FortiSIEM versions will address these vulnerabilities, so immediate upgrading is strongly recommended. Based … Read more
January 19, 2024 at 03:00PM A critical vulnerability, CVE-2023-35082, in Ivanti Endpoint Manager Mobile (EPMM) with a CVSS score of 9.8 has been added to CISA’s Known Exploited Vulnerabilities Catalog. It allows an authentication bypass and patch bypass for another high-risk vulnerability, CVE-2023-35078. Rapid7 reports a potential threat actor exploitation, with all versions of Invanti … Read more
December 19, 2023 at 04:05PM Researchers disclosed two security vulnerabilities in Microsoft Outlook, which, when combined, allow attackers to execute arbitrary code on systems without any user interaction. The vulnerabilities can be triggered using a sound file. Akamai identified the flaws and Microsoft has issued patches, but additional vulnerabilities in the patches have also been … Read more
October 26, 2023 at 04:48AM Users of Mirth Connect, an open-source data integration platform, are urged to update to version 4.4.1 due to the discovery of an unauthenticated remote code execution vulnerability (CVE-2023-43208). Horizon3.ai warns that attackers may exploit this vulnerability to gain access to sensitive healthcare data. The flaw affects various versions of Mirth … Read more