CVE ID : CVE-2024-55555 Published : Jan. 7, 2025, 5:15 p.m. | 16 hours, 35 minutes ago Description : Invoice Ninja before 5.10.43 allows remote code execution from a pre-authenticated route when an attacker knows the APP_KEY. This is exacerbated by .env files, available from the product’s repository, that have default APP_KEY values. The route/{hash} route defined…

CISA meldt actief misbruik van oud kritiek lek in Oracle WebLogic Server Aanvallers maken actief misbruik van een oude kritieke kwetsbaarheid in Oracle WebLogic Server of hebben dit gedaan, zo meldt het Cybersecurity and Infrastructure Security Agency (CISA) van het Amerik … Read more Published Date: Jan 08, 2025 (55 minutes ago) Vulnerabilities has been mentioned…

CVE-2024-52875: KerioControl Firewall Flaw Under Active Exploit, Urgent Patching Required A critical vulnerability in GFI KerioControl firewalls (versions 9.2.5 through 9.4.5) is under active exploitation, allowing attackers to gain complete control of affected devices. The vulnerability, … Read more Published Date: Jan 08, 2025 (6 hours, 35 minutes ago) Vulnerabilities has been mentioned in this article. Go…

CISA Flags Critical Flaws in Mitel and Oracle Systems Amid Active Exploitation Vulnerability / Network Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three flaws impacting Mitel MiCollab and Oracle WebLogic Server to its Known Exploite … Read more Published Date: Jan 08, 2025 (5 hours, 29 minutes ago) Vulnerabilities has been mentioned…

“Gayfemboy” Botnet Leveraging 0-Day Exploit in Four-Faith Industrial Routers XLab has released a report on the Gayfemboy botnet, a rapidly evolving threat leveraging a 0-day vulnerability in Four-Faith industrial routers. This botnet, initially a modest derivative of the infam … Read more Published Date: Jan 08, 2025 (7 hours, 23 minutes ago) Vulnerabilities has been mentioned in…

CVE-2024-50603 (CVSS 10): Critical Command Injection Vulnerability in Aviatrix Controller Source: Jakub KoreptaJakub Korepta, Principal Security Consultant and Head of Infrastructure Security at Securing, has released a detailed report uncovering a critical command injection vulnerability … Read more Published Date: Jan 08, 2025 (7 hours, 1 minute ago) Vulnerabilities has been mentioned in this article. CVE-2024-50603 Go…

CISA Alerts on Actively Exploited Vulnerabilities in Mitel MiCollab and Oracle WebLogic Server The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning to organizations about three actively exploited security flaws impacting Mitel and Oracle systems. These vulner … Read more Published Date: Jan 08, 2025 (7 hours, 52 minutes ago) Vulnerabilities has been mentioned…

SonicWall Issues Important Security Advisory for Multiple Vulnerabilities in SonicOS SonicWall, a leading cybersecurity provider, has issued an important security advisory warning of multiple vulnerabilities affecting its SonicOS operating system. These flaws, impacting both Gen6 and … Read more Published Date: Jan 08, 2025 (7 hours, 45 minutes ago) Vulnerabilities has been mentioned in this article. Go…

Trio of Critical Vulnerabilities in Netis Routers Enables Unauthenticated RCE A recent report by security researcher H00die.Gr3y has revealed a series of critical vulnerabilities affecting several Netis routers, as well as their rebranded counterparts from GLCtec and Stonet. Th … Read more Published Date: Jan 08, 2025 (8 hours, 3 minutes ago) Vulnerabilities has been mentioned in…