In recent security news, two researchers, Thomas Chauchefoin and Paul Gerste from SonarSource, have disclosed technical details for a critical Visual Studio Code remote code execution vulnerability and shared a public proof-of-concept (PoC) exploit....
In the realm of machine learning, Apache Submarine has emerged as a prominent End-to-End Machine Learning Platform, empowering data scientists to seamlessly create and manage machine learning workflows. This versatile platform caters to the...
Atlassian has recently disclosed a critical vulnerability affecting the Bamboo Data Center and Server. This vulnerability, classified as CVE-2023-22516, allows an authenticated attacker to execute arbitrary code on the affected system, posing a severe...
A critical vulnerability dubbed Looney Tunables in the GNU C library (glibc), a core component of Linux-based systems, has been added to the U.S. Cybersecurity and Infrastructure Security Agency’s (CISA) Known Exploited Vulnerabilities (KEV)...
Synology, a leading provider of network-attached storage (NAS) and surveillance solutions, has issued a security advisory to address a high-severity vulnerability affecting Synology Router Manager (SRM). This vulnerability, discovered during the PWN2OWN 2023 security...
GIMP, the GNU Image Manipulation Program, is a widely used open-source image editing software that has gained immense popularity among graphic designers and enthusiasts. However, recent discoveries have revealed four critical security vulnerabilities that...
GibbonEdu is an open-source educational software used by schools and institutions worldwide. A critical vulnerability tracked as CVE-2023-45878 carries a CVSS score of 9.8 and affects GibbonEdu versions 25.0.1 and earlier. This vulnerability allows...
Security researchers from Trend Micro have discovered that the Kinsing malware (also known as h2miner) is actively exploiting the Apache ActiveMQ vulnerability CVE-2023-46604 to download and infect Linux systems with cryptocurrency miners. This vulnerability,...
A critical remote code execution (RCE) vulnerability affecting Apache Submarine, a popular end-to-end machine learning (ML) platform, has been discovered and assigned the identifier CVE-2023-46302. This vulnerability, traced to a security flaw in snakeyaml...
In a worrying development for organizations still running Microsoft Exchange Server, over 63,000 servers remain vulnerable to a critical remote code execution (RCE) vulnerability, despite being patched by Microsoft in November 2023. This vulnerability,...
In the vast landscape of big data processing, Apache Hadoop stands as a colossus, powering the computational needs of countless enterprises worldwide. However, a recent discovery, CVE-2023-26031, has cast a shadow over its formidable...
In the intricate web of cybersecurity, a new menace has surfaced, posing a significant threat to thousands of businesses relying on the CrushFTP server suite. One such vulnerability, CVE-2023-43177, recently emerged in the popular...
Microsoft has released a security update to address a critical vulnerability in the Azure CLI that could be exploited by attackers to recover plaintext passwords and usernames from log files created by the affected...
In the world of web development, rich text editors (RTEs) play a crucial role in allowing users to create and edit content without requiring extensive HTML knowledge. TinyMCE, one of the most popular RTEs,...
A vulnerability, identified as CVE-2023-34062, has been discovered in the Reactor Netty HTTP Server, a component of the Reactor Netty framework. This vulnerability, with a CVSS score of 7.5, poses a significant threat to...
Recently, researchers from AMD and the Graz University of Technology in Austria disclosed a new vulnerability named “CacheWarp,” tracked under the identifier “CVE-2023-20592”. This vulnerability affects the first three generations of AMD’s EPYC server...
