CVE ID : CVE-2024-55628 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine. Prior to version 7.0.8, DNS resource name compression can lead to small DNS messages containing very large hostnames which can be costly to…

CVE ID : CVE-2025-21613 Published : Jan. 6, 2025, 5:15 p.m. | 3 hours, 44 minutes ago Description : go-git is a highly extensible git implementation library written in pure Go. An argument injection vulnerability was discovered in go-git versions prior to v5.13. Successful exploitation of this vulnerability could allow an attacker to set arbitrary values to…

CVE ID : CVE-2024-55529 Published : Jan. 6, 2025, 6:15 p.m. | 2 hours, 45 minutes ago Description : Z-BlogPHP 1.7.3 is vulnerable to arbitrary code execution via zb_usersthemeshelltemplate. Severity: 9.8 | CRITICAL Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go to Source

CVE ID : CVE-2024-5594 Published : Jan. 6, 2025, 2:15 p.m. | 6 hours, 45 minutes ago Description : OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which attackers can use to inject unexpected arbitrary data into third-party executables or plug-ins. Severity: 9.1 | CRITICAL Visit the link for more details, such as CVSS details, affected…

CVE ID : CVE-2025-21611 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR’d instead of AND’ed with the role used to determine if a user was enabled. This allows…

CVE ID : CVE-2025-21612 Published : Jan. 6, 2025, 4:15 p.m. | 4 hours, 45 minutes ago Description : TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn’t escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability…

Vulnerable Moxa devices expose industrial networks to attacks Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network securi … Read more Published Date: Jan 06, 2025 (3 hours, 44 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-9140…

Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. Previously, the malware was seen in attacks … Read more Published Date: Jan 06, 2025 (6 hours, 5 minutes ago) Vulnerabilities has been mentioned in this…

MediaTek rings in the new year with a parade of chipset vulns MediaTek kicked off the first full working week of the new year by disclosing a bevy of security vulnerabilities, including a critical remote code execution bug affecting 51 chipsets. The fabless semi … Read more Published Date: Jan 06, 2025 (6 hours, 32 minutes ago)…

CVE ID : CVE-2024-12970 Published : Jan. 6, 2025, 12:15 p.m. | 2 hours, 12 minutes ago Description : Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2. Severity: 3.9 | LOW Visit…