November 27, 2024 at 04:04PM A critical authentication bypass flaw (CVE-2024-11680) in ProjectSend allows attackers to exploit vulnerable versions to upload webshells and gain remote access. Despite a fix released on May 16, 2023, 99% of users remain vulnerable. Active exploitation has surged since September 2024, necessitating urgent updates to version r1750. ### Meeting Takeaways … Read more
November 27, 2024 at 11:30AM A critical security flaw (CVE-2024-11680) in the ProjectSend application, linked to improper authorization, has been actively exploited since September 2024. Despite a patch released in August 2024, only 1% of servers are updated. Users are urged to apply the latest patches to mitigate risks. CVSS score: 9.8. ### Meeting Takeaways … Read more
November 27, 2024 at 06:23AM VulnCheck warns that threat actors are exploiting a severe vulnerability (CVE-2024-11680) in unpatched ProjectSend servers, allowing remote unauthorized access. Despite a patch released in May 2023, most servers remain unupdated, with 55% still vulnerable, leading to widespread exploitation and potential webshell installations. ### Meeting Takeaways: 1. **Vulnerability Overview**: – The … Read more