Security News

Critical Ivanti Endpoint Manager flaw exploited (CVE-2024-29824)
2024-10-03 15:20

CVE-2024-29824, an unauthenticated SQL Injection vulnerability in Ivanti Endpoint Manager (EPM) appliances, is being exploited by attackers, the Cybersecurity and Infrastructure Security Agency...

Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519)
2024-10-02 11:05

Attackers are actively exploiting CVE-2024-45519, a critical Zimbra vulnerability that allows them to execute arbitrary commands on vulnerable installations. Proofpoint’s threat researchers say...

PoC for critical SolarWinds Web Help Desk vulnerability released (CVE-2024-28987)
2024-09-25 14:07

Details about and proof-of-concept (PoC) exploit code for CVE-2024-28987, a recently patched SolarWinds Web Help Desk (WHD) vulnerability that could be exploited by unauthenticated attackers to...

Ivanti vTM auth bypass flaw exploited in attacks, CISA warns (CVE-2024-7593)
2024-09-25 09:41

CVE-2024-7593, a critical authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM) appliances, is actively exploited by attackers. The confirmation comes from the...

Patch this critical Safeguard for Privileged Passwords auth bypass flaw (CVE-2024-45488)
2024-09-19 12:30

Researchers have released technical details about CVE-2024-45488, a critical authentication bypass vulnerability affecting One Identity’s Safeguard for Privileged Passwords (SPP), which could...

Critical VMware vCenter Server bugs fixed (CVE-2024-38812)
2024-09-18 10:38

Broadcom has released fixes for two vulnerabilities affecting VMware vCenter Server that can be triggered by sending a specially crafted network packet, and could lead to remote code execution...

PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190)
2024-09-17 09:55

CVE-2024-8190, an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA) v4.6, is under active exploitation. Details about the attacks are still unknown, but there may be more...

Microsoft confirms second 0-day exploited by Void Banshee APT (CVE-2024-43461)
2024-09-16 12:40

CVE-2024-43461, a spoofing vulnerability affecting Windows MSHTML – a software component used by various apps for rendering render web pages on Windows – “was exploited as a part of an attack...

Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
2024-09-12 12:05

Among the security updates released by Adobe on Tuesday are those for various versions of Adobe Acrobat and Reader, which fix two critical flaws that could lead to arbitrary code execution:...

Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
2024-09-11 11:50

Ivanti has fixed a slew of vulnerabilities affecting its Endpoint Manager solution, including a maximum severity one (CVE-2024-29847) that may allow unauthenticated attackers to remotely execute...