CVE ID : CVE-2024-50603 Published : Jan. 8, 2025, 1:15 a.m. | 8 hours, 35 minutes ago Description : An issue was discovered in Aviatrix Controller before 7.1.4191 and 7.2.x before 7.2.4996. Due to the improper neutralization of special elements used in an OS command, an unauthenticated attacker is able to execute arbitrary code. Shell metacharacters can…

CVE ID : CVE-2025-22133 Published : Jan. 7, 2025, 10:15 p.m. | 11 hours, 35 minutes ago Description : WeGIA is a web manager for charitable institutions. Prior to 3.2.8, a critical vulnerability was identified in the /WeGIA/html/socio/sistema/controller/controla_xlsx.php endpoint. The endpoint accepts file uploads without proper validation, allowing the upload of malicious files, such as .phar, which…

CVE ID : CVE-2024-55555 Published : Jan. 7, 2025, 5:15 p.m. | 16 hours, 35 minutes ago Description : Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product’s repository, that have default APP_KEY values. The route/{hash} route defined…

CISA meldt actief misbruik van oud kritiek lek in Oracle WebLogic Server Aanvallers maken actief misbruik van een oude kritieke kwetsbaarheid in Oracle WebLogic Server of hebben dit gedaan, zo meldt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerik … Read more Published Date: Jan 08, 2025 (55 minutes ago) Vulnerabilities has been mentioned…

CVE-2024-52875: KerioControl Firewall Flaw Under Active Exploit, Urgent Patching Required A critical vulnerability in GFI KerioControl firewalls (versions 9.2.5 through 9.4.5) is under active exploitation, allowing attackers to gain complete control of affected devices. The vulnerability, … Read more Published Date: Jan 08, 2025 (6 hours, 35 minutes ago) Vulnerabilities has been mentioned in this article. Go…

CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploite … Read more Published Date: Jan 08, 2025 (5 hours, 29 minutes ago) Vulnerabilities has been mentioned…

“Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers XLab has released a report on the Gayfemboy botnet, a rapidly evolving threat leveraging a 0-day vulnerability in Four-Faith industrial routers. This botnet, initially a modest derivative of the infam … Read more Published Date: Jan 08, 2025 (7 hours, 23 minutes ago) Vulnerabilities has been mentioned in…

CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller Source: Jakub KoreptaJakub Korepta, Principal Security Consultant and Head of Infrastructure Security at Securing, has released a detailed report uncovering a critical command injection vulnerability … Read more Published Date: Jan 08, 2025 (7 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2024-50603 Go…

CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to organizations about three actively exploited security flaws impacting Mitel and Oracle systems. These vulner … Read more Published Date: Jan 08, 2025 (7 hours, 52 minutes ago) Vulnerabilities has been mentioned…