Git has patched two critical severity security vulnerabilities that could allow attackers to execute arbitrary code after successfully exploiting heap-based buffer overflow weaknesses. A third Windows-specific...
Proof-of-concept exploit code will be released later this week for a critical vulnerability allowing remote code execution (RCE) without authentication in several VMware products. Tracked as...
Hackers are actively exploiting a critical vulnerability patched recently in Control Web Panel (CWP), a tool for managing servers formerly known as CentOS Web Panel. The...
A pre-authentication remote code execution (RCE) exploit has landed for popular web hosting platform Control Web Panel (CWP). The corresponding vulnerability in CWP 7 was patched and then...
Taiwan-based NAS maker Synology has addressed a maximum (10/10) severity vulnerability affecting routers configured to run as VPN servers. The vulnerability, tracked as CVE-2022-43931, was discovered...
Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web...
A dangerous bug in Cacti, the RRDTool frontend and performance/fault management framework, potentially allowed attackers to run arbitrary PHP commands on the server. Cacti is a popular...
UPDATED A series of flaws in Tailscale, an open source mesh virtual private network (VPN) software, could allow attackers to stage remote code execution (RCE) attacks against...
Proof-of-concept exploit code has been released online for two actively exploited and high-severity vulnerabilities in Microsoft Exchange, collectively known as ProxyNotShell. Tracked as CVE-2022-41082 and CVE-2022-41040, the two bugs...
F5 has released hotfixes for its BIG-IP and BIG-IQ products, addressing two high-severity flaws allowing attackers to perform unauthenticated remote code execution (RCE) on vulnerable endpoints....
Recent Comments