#VulnerabilityWarning

‘NsaRescueAngel’ Backdoor Account Again Discovered in Zyxel Products

June 5, 2024 by Xynik

June 5, 2024 at 08:00AM Taiwan-based networking device manufacturer Zyxel warned of three critical-severity vulnerabilities in discontinued NAS products, allowing command injection and arbitrary code execution without authentication. Despite reaching the end of vulnerability support, patches were made available for impacted products NAS326 and NAS542. Exploitation could lead to persistent root access, requiring immediate firmware … Read more

Critical WordPress Plugin Flaws Exploited to Inject Malicious Scripts and Backdoors

May 30, 2024 by Xynik

May 30, 2024 at 11:16AM Fastly warns of ongoing exploitation of vulnerabilities in three WordPress plugins, enabling the injection of malicious scripts and backdoors. These flaws permit unauthenticated stored cross-site scripting attacks, creation of new administrator accounts, and stealing of credentials. Impacting over 600,000 installations, the campaign is emanating from IPs linked to AS IP … Read more

Critical Vulnerabilities in Judge0 Lead to Sandbox Escape, Host Takeover

April 30, 2024 by Xynik

April 30, 2024 at 01:33PM Three critical-severity vulnerabilities in the Judge0 open source service enable sandbox escapes and complete host machine takeovers. The flaws impact versions before 1.13.1 and can lead to code execution outside the sandbox, privilege escalation, and full system access. While version 1.13.1 addresses the issues, the potential for exploitation via other … Read more