Security News

Critical Flaw in Microchip ASF Exposes IoT Devices to Remote Code Execution Risk
2024-09-23 09:58

A critical security flaw has been disclosed in the Microchip Advanced Software Framework (ASF) that, if successfully exploited, could lead to remote code execution. The vulnerability, tracked as...

Patch Issued for Critical VMware vCenter Flaw Allowing Remote Code Execution
2024-09-18 05:08

Broadcom on Tuesday released updates to address a critical security flaw impacting VMware vCenter Server that could pave the way for remote code execution. The vulnerability, tracked as...

Google Fixes GCP Composer Flaw That Could've Led to Remote Code Execution
2024-09-16 13:07

A now-patched critical security flaw impacting Google Cloud Platform (GCP) Composer could have been exploited to achieve remote code execution on cloud servers by means of a supply chain attack...

Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
2024-09-06 05:22

A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning (ERP) system that, if successfully exploited, could lead to unauthenticated remote code...

Apache fixes critical OFBiz remote code execution vulnerability
2024-09-05 21:33

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows...

Critical WPML Plugin Flaw Exposes WordPress Sites to Remote Code Execution
2024-08-28 04:14

A critical security flaw has been disclosed in the WPML WordPress multilingual plugin that could allow authenticated users to execute arbitrary code remotely under certain circumstances. The...

New Zero-Day Flaw in Apache OFBiz ERP Allows Remote Code Execution
2024-08-06 04:16

A new zero-day pre-authentication remote code execution vulnerability has been disclosed in the Apache OFBiz open-source enterprise resource planning system that could allow threat actors to achieve remote code execution on affected instances. "The root cause of the vulnerability lies in a flaw in the authentication mechanism," SonicWall, which discovered and reported the shortcoming, said in a statement.

New Specula tool uses Outlook for remote code execution in Windows
2024-07-29 21:44

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. This C2 framework works by creating a custom Outlook Home Page using WebView by exploiting CVE-2017-11774, an Outlook security feature bypass vulnerability patched in October 2017.

Critical Flaw in Telerik Report Server Poses Remote Code Execution Risk
2024-07-26 04:10

Progress Software is urging users to update their Telerik Report Server instances following the discovery of a critical security flaw that could result in remote code execution. The vulnerability, tracked as CVE-2024-6327, impacts Report Server version 2024 Q2 and earlier.

New OpenSSH Vulnerability Discovered: Potential Remote Code Execution Risk
2024-07-10 03:26

Select versions of the OpenSSH secure networking suite are susceptible to a new vulnerability that can trigger remote code execution. The vulnerability, tracked as CVE-2024-6409, is distinct from CVE-2024-6387 and relates to a case of code execution in the privsep child process due to a race condition in signal handling.