Vulnerability News

Cybersecurity researchers have uncovered active exploitation of a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS), tracked as CVE-2023-48788. This flaw, stemming from improper filtering of SQL commands, allows attackers to execute unauthorized...

BeyondTrust has disclosed a severe security vulnerability in its Privileged Remote Access (PRA) and Remote Support (RS) products that could allow attackers to execute unauthorized system commands. The vulnerability, tracked as CVE-2024-12356 with a...

Sophos has announced that it has released hotfixes for three critical security vulnerabilities in its Sophos Firewall product to prevent potential exploitation. These vulnerabilities could allow attackers to execute remote code on a limited...

Foxit Software has released updates for its widely used Foxit PDF Reader and Foxit PDF Editor, addressing critical security vulnerabilities that could allow attackers to execute remote code. The updates, version 2024.4 for both products,...

A critical security flaw has been discovered in Siemens' User Management Component (UMC), potentially exposing numerous industrial control systems to remote attacks. The vulnerability, identified as CVE-2024-49775, allows unauthenticated, remote attackers to execute arbitrary...

Recently, researchers have discovered a relatively harmless app called "BMI CalculationVsn" on the Amazon App Store, masquerading as a normal health tool to steal data. This application performs malicious actions like screen recording, retrieving a...

A critical vulnerability was found in McDonald’s McDelivery, one of India’s top food delivery apps, allowing unlimited orders for just $0.01. The flaws were identified by a researcher who conducted a detailed investigation into the...

Security researchers have uncovered a technique that takes previously unexploitable reflected input vulnerabilities and turns them into fully functional attacks through clever use of HTTP Range headers. The findings highlight a new potential threat...

A significant security vulnerability in Craft CMS, one of the most widely used PHP-based content management systems, has been uncovered, allowing unauthenticated remote code execution (RCE) under default configurations. The vulnerability, identified as CVE-2024-56145,...

SHARP has issued an urgent security advisory regarding multiple vulnerabilities discovered in several of its router products. Customers using the affected devices are strongly urged to update their firmware immediately to secure their networks...