EHA
Zoom Vulnerability Privilege Escalation

Critical Zoom Clients Flaw Let Attackers Escalate Privileges

A vulnerability classified as improper input validation was found in Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows that could potentially allow an authenticated attacker to...
Korenix JetlO 6550 Vulnerability Lets Attackers Gain Unauthorized Access

Korenix JetlO 6550 Vulnerability Lets Attackers Gain Unauthorized Access

Researchers at Hadess have identified a critical vulnerability in the widely-used Korenix JetlO industrial Ethernet switch series. The flaw tracked as CVE-2024-2371 could allow attackers to gain unauthorized access to sensitive data within critical...
Chrome Use After Free Flaw Let Attackers Crash The Browser

Chrome Use After Free Flaw Let Attackers Crash The Browser

As part of a Chrome security update, Google upgraded the Stable channels to 122.0.6261.128/.129 for Windows and Mac and 122.0.6261.128 for Linux.  The Extended Stable channel has been updated to 122.0.6261.129 for Mac and Windows....
Multiple Adobe Enterprise products Vulnerable To Code Execution

Multiple Adobe Enterprise products Vulnerable To Code Execution

Multiple Adobe Enterprise products such as Adobe Experience, Premier Pro, ColdFusion, Bridge, Lightroom, and Animate have been discovered with critical code execution vulnerabilities that were associated with Untrusted search path, Cross-site scripting, Out-of-bounds write,...
Microsoft Patch Tuesday – Major Flaws In Office, Exchange And SQL Server

Microsoft Patch Tuesday – Major Flaws In Office, Exchange And SQL Server

Microsoft published its March 2024 Patch Tuesday, which addressed almost 59 vulnerabilities in its products and none of them were Zero-day or publicly known vulnerabilities. Out of the newly released patches, two are classified as...
Vulnerabilities in Popular Fonts Allow XXE Attacks and Arbitrary Command Execution

Vulnerabilities in Popular Fonts Allow XXE & Arbitrary Command Attacks

The popular fonts used in web development and design can be exploited to launch XML External Entity (XXE) attacks and execute arbitrary commands. These vulnerabilities, identified as CVE-2023-45139, CVE-2024-25081, and CVE-2024-25082, pose a significant...
Fortinet Devices Vulnerable

Vulnerability in 150K+ Fortinet Devices Let Hackers Execute Arbitary Code Remotely

A critical security flaw identified as CVE-2024-21762 has been discovered in Fortinet's FortiOS and FortiProxy secure web gateway systems, potentially impacting around 150,000 devices worldwide. The vulnerability allows for unauthenticated remote code execution (RCE) by...
Gitlab Authorization Bypass Vulnerability Let Attackers Steal Protected Variables

Gitlab Authorization Bypass Vulnerability Let Attackers Steal Protected Variables

GitLab has announced the release of updated versions for its Community Edition (CE) and Enterprise Edition (EE) platforms. These updates address critical vulnerabilities that could allow attackers to bypass authorization mechanisms and access protected...
Cisco Secure Client Flaw let Attackers Trigger CRLF Injection Attack

Cisco Secure Client Flaw let Attackers Trigger CRLF Injection Attack

Cisco has disclosed a critical vulnerability in the SAML authentication process of its Cisco Secure Client software. This vulnerability could potentially allow unauthenticated, remote attackers to conduct a Carriage Return Line Feed (CRLF) injection...
ArubaOS Security Flaw Let Attackers Execute Remote Code

ArubaOS Security Flaw Let Attackers Execute Remote Code

ArubaOS-Switch belongs to Aruba Networks and it's a subsidiary of HPE (Hewlett Packard Enterprise). It helps centralize network management, and besides this, it also develops diverse products related to networking. Security Analysts Discovered a multitude...

Managed WAF

Website

Latest News