-
CVE-2025-22137 – Pingvin Share File Traversal
CVE ID : CVE-2025-22137 Published : Jan. 8, 2025, 4:15 p.m. | 5 hours, 28 minutes ago Description : Pingvin Share is a self-hosted file sharing platform and an alternative for WeTransfer. This vulnerability allows an authenticated or unauthenticated (if anonymous shares are allowed) user to overwrite arbitrary files on the server, including sensitive system files, via…
-
CVE-2024-55517 – Polaris FT Intellect Core Banking SQL Injection
CVE ID : CVE-2024-55517 Published : Jan. 8, 2025, 4:15 p.m. | 5 hours, 28 minutes ago Description : An issue was discovered in the Interllect Core Search in Polaris FT Intellect Core Banking 9.5. Input passed through the groupType parameter in /SCGController is mishandled before being used in SQL queries, allowing SQL injection in an authenticated…
-
CVE-2024-55656 – Redis RedisBloom Probabilistic Data Structures Integer Overflow Information Leak Out-of-Bounds Write
CVE ID : CVE-2024-55656 Published : Jan. 8, 2025, 4:15 p.m. | 5 hours, 28 minutes ago Description : RedisBloom adds a set of probabilistic data structures to Redis. There is an integer overflow vulnerability in RedisBloom, which is a module used in Redis. The integer overflow vulnerability allows an attacker (a redis client which knows the…
-
SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall urges admins to patch exploitable SSLVPN bug immediately SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual ex … Read more Published Date: Jan 08, 2025 (2 hours, 27 minutes ago) Vulnerabilities has been mentioned in this…
-
Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens
Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. KerioControl is a … Read more Published Date: Jan 08, 2025 (2 hours, 48 minutes ago) Vulnerabilities has been mentioned in this article.…
-
CVE-2025-0282 (CVSS 9.0): Ivanti Confirms Active Exploitation of Critical Flaw
CVE-2025-0282 (CVSS 9.0): Ivanti Confirms Active Exploitation of Critical Flaw Ivanti has issued a security advisory addressing two vulnerabilities in its Connect Secure, Policy Secure, and Neurons for ZTA Gateways. The vulnerabilities—CVE-2025-0282 and CVE-2025-0283—pose signif … Read more Published Date: Jan 08, 2025 (3 hours, 3 minutes ago) Vulnerabilities has been mentioned in this article. Go to…
-
EAGERBEE Malware Detection: New Backdoor Variant Targets Internet Service Providers and State Bodies in the Middle East
Hot on the heels of the re-emergence of a more advanced NonEuclid RAT variant in the cyber threat arena, a novel malware iteration known as the Eagerbee backdoor poses an increasing threat to organizations in the Middle East, primarily targeting Internet Service Providers (ISPs) and state agencies. The enhanced EAGERBEE backdoor variant can deploy payloads,…
-
ZDI Threat Hunting 2024: Highlights, Trends, & Challenges
Reflecting on 2024, it has been an eventful year for the Zero Day Initiative Threat Hunting team. Throughout the year, we identified numerous threat actor campaigns exploiting zero-day vulnerabilities, uncovered additional variants of these vulnerabilities, and discovered even more vulnerabilities through our in-the-wild research. In this blog, we will highlight some of the key achievements…