-
Russian internet provider confirms its network was ‘destroyed’ following attack claimed by Ukrainian hackers
In a statement on the Russian social media platform VKontakte, the St. Petersburg-based company said the “planned” attack “destroyed” its infrastructure overnight. Nodex added that it was working to restore systems from backups but could not provide a timeline for when operations would fully resume. Go to Source
-
Bug in macOS, Gatekeeper’s security can be bypassed by malware.
The macOS operating system was recently patched for a security vulnerability that could be exploited by a threat actor to bypass “myriad foundational macOS security mechanisms” and run arbitrary code. Patrick Wardle described the discovery in a series of tweets on Thursday. According to CVE-2021-30853 (CVSS 5.5), the issue involves a scenario where a rogue…
-
Azure App Service Exposed Hundreds of Source Code Repositories after four years.
A security flaw has been discovered in Microsoft’s Azure App Service that exposed source code for customer applications written in Java, Node, PHP, Python, and Ruby for at least four years since September 2017. According to Wiz researchers, the vulnerability, codenamed “Not Legit,” was first reported to the tech giant on October 7, 2021, and…
-
CVE-2024-9939 – WordPress File Upload Path Traversal Vulnerability
CVE ID : CVE-2024-9939 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The WordPress File Upload plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 4.24.13 via wfu_file_downloader.php. This makes it possible for unauthenticated attackers to read files outside of the originally intended directory. Severity:…
-
CVE-2024-45033 – Apache Airflow Fab Provider Insufficient Session Expiration Remote Authentication Bypass
CVE ID : CVE-2024-45033 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Insufficient Session Expiration vulnerability in Apache Airflow Fab Provider. This issue affects Apache Airflow Fab Provider: before 1.5.2. When user password has been changed with admin CLI, the sessions for that user have not been cleared, leading to insufficient…
-
CVE-2024-54676 – Apache OpenMeetings Object Deserialization Vulnerability
CVE ID : CVE-2024-54676 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : Vendor: The Apache Software Foundation Versions Affected: Apache OpenMeetings from 2.1.0 before 8.0.0 Description: Default clustering instructions at https://openmeetings.apache.org/Clustering.html doesn’t specify white/black lists for OpenJPA this leads to possible deserialisation of untrusted data. Users are recommended to upgrade to…
-
CVE-2024-13186 – Apache MinigameCenter Information Leak
CVE ID : CVE-2024-13186 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source
-
CVE-2024-12855 – AdForest for WordPress AJAX Capability Bypass
CVE ID : CVE-2024-12855 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The AdForest theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several AJAX actions like ‘sb_remove_ad’ in all versions up to, and including, 5.1.7. This makes it possible for authenticated attackers,…
-
CVE-2024-13185 – Apache MinigameCenter Information Disclosure
CVE ID : CVE-2024-13185 Published : Jan. 8, 2025, 9:15 a.m. | 35 minutes ago Description : The MinigameCenter module has insufficient restrictions on loading URLs, which may lead to some information leakage. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source