CVE ID : CVE-2024-5594 Published : Jan. 6, 2025, 2:15 p.m. | 6 hours, 45 minutes ago Description : OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected…

CVE ID : CVE-2025-21611 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR’d instead of AND’ed with the role used to determine if a user was enabled. This allows…

CVE ID : CVE-2025-21612 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn’t escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability…

Vulnerable Moxa devices expose industrial networks to attacks Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network securi … Read more Published Date: Jan 06, 2025 (3 hours, 44 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-9140…

Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. Previously, the malware was seen in attacks … Read more Published Date: Jan 06, 2025 (6 hours, 5 minutes ago) Vulnerabilities has been mentioned in this…

MediaTek rings in the new year with a parade of chipset vulns MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets. The fabless semi … Read more Published Date: Jan 06, 2025 (6 hours, 32 minutes ago)…

CVE ID : CVE-2024-12970 Published : Jan. 6, 2025, 12:15 p.m. | 2 hours, 12 minutes ago Description : Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2. Severity: 3.9 | LOW Visit…

CVE ID : CVE-2024-45558 Published : Jan. 6, 2025, 11:15 a.m. | 3 hours, 12 minutes ago Description : Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length. Severity: 7.5 | HIGH Visit the link for more details, such as…

CVE ID : CVE-2024-45559 Published : Jan. 6, 2025, 11:15 a.m. | 3 hours, 12 minutes ago Description : Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend. Severity: 5.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-21464 Published : Jan. 6, 2025, 11:15 a.m. | 3 hours, 12 minutes ago Description : Memory corruption while processing IPA statistics, when there are no active clients registered. Severity: 8.4 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source