September 20, 2024 at 01:33AM Ivanti disclosed active exploitation of a critical security flaw in Cloud Service Appliance (CSA), with remote unauthenticated attacker access. The vulnerability, CVE-2024-8963, carries a CVSS score of 9.4 and can be combined with CVE-2024-8190 for arbitrary command execution. CSA 4.6 Patch 519 and CSA 5.0 address the issue. CISA has … Read more
August 6, 2024 at 12:36AM A critical pre-authentication remote code execution vulnerability (CVE-2024-38856) has been discovered in Apache OFBiz ERP system, with a CVSS score of 9.8. It allows unauthenticated access to critical endpoints, potentially leading to remote code execution. This follows a patch bypass for a previous vulnerability (CVE-2024-36104) and comes amid active exploitation … Read more
May 3, 2024 at 09:10AM CISA and the FBI issued a Secure by Design Alert about path traversal software vulnerabilities targeting critical infrastructure. These flaws enable unauthorized access to application files and directories, allowing threat actors to compromise systems. Urging organizations to eliminate these defects, the agencies emphasize a secure software development lifecycle and suggest … Read more
May 2, 2024 at 03:44PM CISA and the FBI warn software companies about path traversal vulnerabilities in recent alert due to security risks like file manipulation, data access, and system takedown. They urge implementing preventive measures, and they recall previous exploits in essential sectors. Similarly, the agencies previously addressed SQL injection vulnerabilities and emphasized the … Read more