The Cybersecurity and Infrastructure Security Agency (CISA) has added two new vulnerabilities in D-Link routers to its Known Exploited Vulnerabilities (KEV) catalog based on evidence of their active exploitation. The CSRF vulnerability CVE-2014-100005 affects...
On May 14, 2024, a new version of Git, v2.45.1, was released, addressing five security vulnerabilities. This update impacts all major platforms: Windows, macOS, Linux, and BSD. Corresponding updates have also been released for...
The Check Point Research team has discovered an exploit targeting Foxit Reader users, which leverages user inattention to execute malicious code. Numerous cybercriminals are actively exploiting this vulnerability, which exploits weaknesses in Foxit Reader’s...
The Belgian university KU Leuven has identified a vulnerability in the Wi-Fi IEEE 802.11 standard, which allows an attacker to deceive victims into connecting to a fake Wi-Fi network and intercepting traffic. According to...
The world’s largest vulnerability database, NVD, managed by the U.S. National Institute of Standards and Technology (NIST), recently experienced a significant disruption that led to a substantial increase in the number of unpublished vulnerabilities....
Microsoft has patched a zero-day vulnerability that was actively exploited to propagate the QakBot botnet on Windows systems. The heap-based buffer overflow vulnerability, CVE-2024-30051 (CVSS score 7.8), affects the Desktop Window Manager (DWM) library....
Microsoft has unveiled the May Patch Tuesday update, which includes fixes for 61 vulnerabilities, including three zero-day vulnerabilities that were either actively exploited or publicly disclosed prior to the patch. Among all the addressed...
Four critical vulnerabilities have been identified in VMware Workstation and Fusion products, potentially allowing attackers to access confidential information, conduct DoS attacks, and execute arbitrary code. These issues affect Workstation 17.x and Fusion 13.x...
Experts from SSD Secure Disclosure have discovered vulnerabilities in the D-Link EXO AX4800 (DIR-X4860) router, which allow an attacker to gain complete control over the device. The flaws were found in DIR-X4860 routers with...
Google has urgently released patches for a newly discovered zero-day flaw in Chrome, following reports of active exploitation by unknown attackers. The vulnerability, catalogued as CVE-2024-4947, affects the V8 JavaScript engine integral to Google’s...
The developers of Cacti, an open-source system for network monitoring and management, have addressed 12 vulnerabilities, including two critical ones leading to arbitrary code execution. Here are the most severe vulnerabilities that have been...
Google has issued an urgent security update for its Chrome browser to address a high-severity “out of bounds write” vulnerability in its V8 JavaScript engine, tracked as CVE-2024-4761. This vulnerability has been confirmed as...
Citrix has issued a warning to its clients regarding the need for manual mitigation of a vulnerability in the SSH client PuTTY, which could allow malicious actors to steal the SSH private key of...
Recent vulnerabilities in Ivanti Connect Secure devices have enabled attackers to deploy the Mirai botnet, according to security researchers from Juniper. These vulnerabilities, identified as CVE-2023-46805 and CVE-2024-21887, are currently being actively exploited. The...
F5 has announced the rectification of two critical vulnerabilities in the BIG-IP Next Central Manager system, which could have been exploited to gain administrative access and create covert unauthorized accounts on managed devices. The...
In a swift response to a severe security threat, Google has rolled out emergency updates for Chrome after discovering a zero-day vulnerability that was being actively exploited. This security breach, known as CVE-2024-4671, concerns...
