August 28, 2024 at 12:51PM Fortra has patched a critical security flaw in FileCatalyst Workflow (CVE-2024-6633) that could give remote attackers admin access via HSQL database. Tenable discovered flaws, one allowing SQL injection (CVE-2024-6632). Responsible disclosure led to patch release in version 5.1.7, fixing both vulnerabilities. Follow us on Twitter and LinkedIn for more exclusive … Read more
January 30, 2024 at 11:36AM GitLab released fixes for a critical security flaw (CVE-2024-0402) in its Community and Enterprise Editions, allowing unauthorized writing of files. Patches have been backported, and additional medium-severity flaws were resolved. Users are urged to upgrade to the latest version promptly. This follows recent fixes to address critical vulnerabilities in the … Read more
January 17, 2024 at 09:57AM PAX Technology’s PoS terminals have high-severity vulnerabilities that could allow threat actors to execute arbitrary code. The STM Cyber R&D team discovered six flaws, including privilege escalation and local code execution, impacting various PAX devices. The vulnerabilities were responsibly disclosed to PAX, and patches were released in November 2023. Key … Read more
December 11, 2023 at 05:48PM A critical security flaw in the WordPress Backup Migration plugin (CVE-2023-6553) allows unauthenticated attackers to remotely execute PHP code, compromising vulnerable websites. The bug, rated 9.8/10 in severity, was quickly patched after being reported to BackupBliss. However, many websites remain vulnerable, and WordPress admins are urged to take immediate action … Read more