-
SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall urges admins to patch exploitable SSLVPN bug immediately SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual ex … Read more Published Date: Jan 08, 2025 (2 hours, 27 minutes ago) Vulnerabilities has been mentioned in this…
-
Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens
Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. KerioControl is a … Read more Published Date: Jan 08, 2025 (2 hours, 48 minutes ago) Vulnerabilities has been mentioned in this article.…
-
CVE-2025-0282 (CVSS 9.0): Ivanti Confirms Active Exploitation of Critical Flaw
CVE-2025-0282 (CVSS 9.0): Ivanti Confirms Active Exploitation of Critical Flaw Ivanti has issued a security advisory addressing two vulnerabilities in its Connect Secure, Policy Secure, and Neurons for ZTA Gateways. The vulnerabilities—CVE-2025-0282 and CVE-2025-0283—pose signif … Read more Published Date: Jan 08, 2025 (3 hours, 3 minutes ago) Vulnerabilities has been mentioned in this article. Go to…
-
CVE-2024-9939 – WordPress File Upload Path Traversal Vulnerability
CVE ID : CVE-2024-9939 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. Severity:…
-
CVE-2024-45033 – Apache Airflow Fab Provider Insufficient Session Expiration Remote Authentication Bypass
CVE ID : CVE-2024-45033 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient…
-
CVE-2024-54676 – Apache OpenMeetings Object Deserialization Vulnerability
CVE ID : CVE-2024-54676 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn’t specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to…
-
CVE-2024-13186 – Apache MinigameCenter Information Leak
CVE ID : CVE-2024-13186 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source
-
CVE-2024-12855 – AdForest for WordPress AJAX Capability Bypass
CVE ID : CVE-2024-12855 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like ‘sb_remove_ad’ in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers,…