Vulnerability

ServiceNow recently disclosed three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178) affecting multiple Now Platform versions, allowing unauthenticated remote code execution and unauthorized file access.  The vulnerabilities, with CVSS scores ranging from 6.9 to 9.3, pose...

A newly discovered vulnerability in Google Cloud Platform (GCP) has raised significant security concerns among users and experts alike. The vulnerability, dubbed "ConfusedFunction," involves GCP's Cloud Functions and Cloud Build services, potentially allowing attackers...

The PKfail vulnerability is a significant security issue affecting over 200 device models of Secure Boot. PKfail is a critical firmware supply-chain issue that undermines the Secure Boot process in the UEFI ecosystem. Secure Boot...

A vulnerability in OpenStack's Nova component has been identified, potentially allowing hackers to gain unauthorized access to cloud servers. This vulnerability, tracked as CVE-2024-40767, affects multiple versions of Nova and poses a serious risk...

Security analysts have identified 6,635 GeoServer instances exposed to the Internet, which makes them vulnerable to critical remote code execution (RCE) attacks. A recent tweet from the Shadowserver Foundation stated that the vulnerability, tracked as...

A recently discovered vulnerability in Microsoft's Windows Hello for Business (WHfB) authentication system allowed attackers to bypass the supposedly phishing-resistant login method, raising concerns about the security of this widely adopted passwordless solution. This flaw...

A critical security vulnerability has been discovered in the Progress® Telerik® Report Server, potentially allowing attackers to execute remote code on affected systems. The flaw, identified as CVE-2024-6327, has been assigned a CVSS score...

GitLab has released new Community Edition (CE) and Enterprise Edition (EE) versions to address multiple vulnerabilities. Among these, a high-severity cross-site scripting (XSS) vulnerability has garnered particular attention due to its potential to allow attackers...

A new threat actor, TAG-100, has emerged and is actively targeting government and private sector organizations worldwide and initiates its attacks by exploiting vulnerabilities in internet-facing devices, such as Citrix NetScaler and F5 BIG-IP,...

A critical security vulnerability in Docker Engine has been discovered, potentially allowing attackers to bypass authentication and gain unauthorized access to systems. The vulnerability, identified as CVE-2024-41110, affects multiple versions of Docker Engine and...