Exploit

A critical security vulnerability has been identified in the popular Java security framework, pac4j, specifically affecting versions prior to 4.0. This vulnerability tracked as CVE-2023-25581, allows for remote code execution (RCE), posing a significant...

Foxit PDF Reader has a memory corruption vulnerability that could allow an attacker to execute arbitrary code on the victim machine. Foxit PDF Reader is a free, highly powerful, and feature-rich PDF viewer and editor...

A CI/CD pipeline is a series of automated steps that helps software teams deliver code faster, safer, and more reliably.  It coordinates all the processes involved in continuous integration (CI) and continuous delivery (CD). The...

The popular learning platform Moodle was found to have a critical vulnerability that allowed for remote code execution, which was caused by an improper sanitization of user input that could be exploited to inject...

An intrusion was detected by The DFir Report in early June 2022 that leveraged the Follina vulnerability, CVE-2022-30190 to gain initial access. Apart from getting initial access it also initiated the infection chain of...

A critical vulnerability in PHP, tracked as CVE-2024-4577, is being actively exploited by threat actors in wild just days after its public disclosure in June 2024. The flaw affects PHP installations running in CGI...

Several new vulnerabilities have been discovered in Toshiba e-STUDIO Multi-Function Printers (MFPs) that are used by businesses and organizations worldwide. These vulnerabilities affect 103 different models of Toshiba Multi-Function Printers.  Vulnerabilities identified include Remote Code...

A directory traversal vulnerability (CVE-2024-23334) was identified in aiohttp versions before 3.9.2. This vulnerability allows remote attackers to access sensitive files on the server because aiohttp doesn't validate file reading within the root directory...

Progress addressed a critical vulnerability last week, which was associated with an unauthenticated Command injection on the Progress Flowmon product. This vulnerability was assigned CVE-2024-2189, and the severity was given as 10.0 (Critical). Progress Flowmon is...

Threat actors have been discovered exploiting a Fortinet Forticlient EMS vulnerability to install unauthorized RMM tools and PowerShell backdoors on the targeted systems. The vulnerability exploited by the threat actors was CVE-2023-48788. Moreover, an external inbound...