Penetration Testing

APRIL 21, 2024

This flaw, designated CVE-2024-29291, affects versions 8.* of... The post Laravel Framework Hit by Data Exposure Vulnerability (CVE-2024-29291) – Database Credentials at Risk appeared first on Penetration Testing. through 11.*

Penetration Testing 143

Penetration Testing Risk Data breaches 143

Penetration Testing

FEBRUARY 27, 2024

A recently discovered security hole (CVE-2024-0819) in older TeamViewer versions (prior to 15.51.5) could have put your personal password and system security at risk.

Passwords 128

Passwords Risk Penetration Testing 128

Penetration Testing

APRIL 29, 2024

Researchers from HiddenLayer have discovered a significant vulnerability in the R programming language, tracked as CVE-2024-27322, that exposes users to arbitrary code execution through deserialized data.

Penetration Testing 136

Penetration Testing Risk 136

Penetration Testing

APRIL 30, 2024

The vulnerability, tracked as CVE-2024-27790, has been... The post CVE-2024-27790: FileMaker Server Vulnerability Patched, Data Access Risk Addressed appeared first on Penetration Testing.

Penetration Testing 128

Penetration Testing Risk Software 128

Penetration Testing

FEBRUARY 28, 2024

Two critical vulnerabilities (CVE-2024-25065, CVE-2024-23946) have been discovered that put a wide range of businesses at risk. Decoding the Vulnerabilities... The post CVE-2024-25065 & CVE-2024-23946: Critical Vulnerabilities Exposed in Apache OFBiz appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Risk 141

Penetration Testing

APRIL 1, 2024

JumpServer, a popular open-source bastion host system, has recently been found to contain two critical vulnerabilities (CVE-2024-29201 and CVE-2024-29202) that could allow attackers to execute arbitrary code remotely.

Penetration Testing 138

Penetration Testing Risk 138

Penetration Testing

APRIL 3, 2024

Google has revealed in their April 2024 Pixel Update Bulletin that several serious security flaws could be putting your Pixel device at risk.

Penetration Testing 136

Penetration Testing Risk 136

Penetration Testing

JANUARY 24, 2024

Photo Gallery is the leading... The post Over 200,000 Sites at Risk: Directory Traversal CVE-2024-0221 Vulnerability Hits Photo Gallery Plugin appeared first on Penetration Testing. The affected plugin, Photo Gallery by 10Web – Mobile-Friendly Image Gallery, has over 200,000 active installations.

Penetration Testing 131

Penetration Testing Risk Mobile 131

Penetration Testing

FEBRUARY 26, 2024

Two security vulnerabilities (CVE-2024-24401 and CVE-2024-24402) have been identified in Nagios XI, a widely used enterprise-grade monitoring tool. These flaws pose significant risks for organizations utilizing the software. Nagios XI... The post CVE-2024-24401 & 24402: Nagios XI Security Flaws Found!

Penetration Testing 144

Penetration Testing Software Risk 144

Penetration Testing

DECEMBER 29, 2024

A high-severity vulnerability, CVE-2024-55950 (CVSS 8.6), has been identified in Tabby (formerly Terminus), a widely used terminal emulator and SSH client for Windows, macOS, and Linux.

Risk 62

Risk Cybersecurity 62

Penetration Testing

MAY 26, 2024

VuFind, the widely used open-source library discovery platform, has issued an urgent security advisory, disclosing two critical vulnerabilities that could expose libraries and their users to serious risks.

Penetration Testing 116

Penetration Testing Risk 116

Penetration Testing

APRIL 22, 2024

This zero-day flaw, identified as CVE-2024-4040 with a CVSS score of 7.7, poses a severe risk to organizations... The post CVE-2024-4040: CrushFTP Users Targeted in Zero-Day Attack Campaign appeared first on Penetration Testing.

Penetration Testing 141

Penetration Testing Software Risk 141

Penetration Testing

MARCH 8, 2024

Canon has released a security bulletin addressing a buffer overflow vulnerability (CVE-2024-2184, CVSS 9.8) Risk Assessment If an affected... The post Canon Printers: Critical CVE-2024-2184 (CVSS 9.8) Flaw Requires Immediate Firmware Update appeared first on Penetration Testing.

Firmware 142

Firmware Penetration Testing Risk 142

Penetration Testing

FEBRUARY 19, 2024

A critical remote code execution (RCE) vulnerability (CVE-2024-25600, CVSS 9.8) This vulnerability is actively being exploited, rendering affected websites at significant risk.... ... The post CVE-2024-25600: WordPress’s Bricks Builder RCE Flaw Under Attack appeared first on Penetration Testing.

Penetration Testing 138

Penetration Testing Risk 138

Penetration Testing

JANUARY 2, 2025

Two flaws, tracked The post CVE-2024-12912 & CVE-2024-13062: ASUS Routers at Risk appeared first on Cybersecurity News. ASUS has issued a security advisory warning users of critical vulnerabilities affecting several router models.

Risk 131

Risk Cybersecurity 131

Penetration Testing

NOVEMBER 4, 2024

has been identified, posing a significant security risk that could allow attackers to execute arbitrary web scripts or HTML on... The post CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published appeared first on Cybersecurity News.

Risk 92

Risk Cybersecurity 92

Penetration Testing

SEPTEMBER 22, 2024

Tracked as CVE-2024-8698,... The post CVE-2024-8698: Keycloak Vulnerability Puts SAML Authentication at Risk appeared first on Cybersecurity News.

Authentication 145

Authentication Risk Cybersecurity 145

Penetration Testing

FEBRUARY 22, 2024

A patched vulnerability within Apple’s Shortcuts automation framework presents a substantial risk to macOS and iOS devices.

Penetration Testing 135

Penetration Testing Risk 135

Penetration Testing

MARCH 14, 2024

This vulnerability, designated as CVE-2024-27307, poses a serious security risk and could allow attackers... The post CVE-2024-27307: Critical Flaw in Popular JSONata Library Could Lead to Code Execution appeared first on Penetration Testing.

Penetration Testing 139

Penetration Testing Risk 139

Penetration Testing

NOVEMBER 18, 2024

Palo Alto Networks has issued critical advisories regarding two actively exploited vulnerabilities in their PAN-OS software, posing significant risks to organizations relying on the platform for network security.

Network Security 76

Network Security Software Risk Cybersecurity 76

Penetration Testing

MARCH 7, 2024

A recently patched vulnerability (CVE-2024-2044) in pgAdmin, the widely-used PostgreSQL administration tool, highlights the ever-present risks of unsafe data deserialization and insufficient input validation.

Penetration Testing 130

Penetration Testing Risk 130

Penetration Testing

MARCH 8, 2024

What’s the Risk? The... The post CVE-2024-21899 (CVSS 9.8): Critical QNAP Flaw Opens Door to Hackers appeared first on Penetration Testing. These vulnerabilities, if left unaddressed, could provide attackers with various avenues for compromising affected devices.

Penetration Testing 138

Penetration Testing Software Risk Authentication 138

Penetration Testing

SEPTEMBER 2, 2024

A significant vulnerability, CVE-2024-8105, dubbed PKfail, has surfaced within the UEFI ecosystem. this flaw exposes critical UEFI security mechanisms to compromise, making systems vulnerable... The post CVE-2024-8105: An UEFI Flaw Putting Millions of Devices at Risk appeared first on Cybersecurity News.

Risk 145

Risk Cybersecurity 145

Penetration Testing

SEPTEMBER 29, 2024

In a significant development for the cybersecurity community, researchers have published technical details and a proof-of-concept (PoC) exploit for a newly identified vulnerability in the Linux kernel, designated as CVE-2024-26808....

Risk 142

Risk Cybersecurity 142

Penetration Testing

SEPTEMBER 29, 2024

The flaw, tracked as CVE-2024-8353... The post CVE-2024-8353 (CVSS 10): Critical GiveWP Flaw, 100k WordPress Sites at Risk appeared first on Cybersecurity News.

Risk 145

Risk Cybersecurity 145

Penetration Testing

JUNE 3, 2024

with over 2 million monthly downloads, has been found to contain a severe security vulnerability that could leave countless applications at risk. Tracked as CVE-2024-21512 and... The post CVE-2024-21512: MySQL2 Vulnerability Puts Millions of Downloads at Risk appeared first on Penetration Testing.

Penetration Testing 93

Penetration Testing Risk 93

Penetration Testing

MARCH 27, 2024

A serious security vulnerability, dubbed “WallEscape” (CVE-2024-28085), has been uncovered in the essential Linux system utilities package, util-linux.

Passwords 109

Passwords Penetration Testing Risk 109

SecureWorld News

NOVEMBER 18, 2024

The report, released on November 13, 2024, underscores the urgent need for increased security measures to protect critical infrastructure. Among the key findings: Widespread vulnerabilities: The OIG's passive assessment revealed critical or high-risk vulnerabilities in 97 drinking water systems serving more than 26.6 million people.

Cybersecurity 120

Cybersecurity Risk Penetration Testing Technology 120

Penetration Testing

MARCH 26, 2024

The technical details and proof-of-concept (PoC) exploit code for a severe vulnerability in the Linux kernel (CVE-2024-1086) have been exposed, putting countless systems at risk. on the CVSS scale,... The post CVE-2024-1086: Critical Linux Kernel Flaw Demands Immediate Patching, PoC Published! This flaw, rated a 7.8

Penetration Testing 125

Penetration Testing Risk 125

Penetration Testing

MARCH 26, 2024

Critical Vulnerability and Large Payout CVE-2024-2883: Use after... The post Google Chrome Update Patches High-Risk Vulnerabilities appeared first on Penetration Testing. Google has released an important security update for its Chrome browser (version 123.0.6312.86/.87),

Penetration Testing 113

Penetration Testing Risk 113

Penetration Testing

JANUARY 10, 2024

Identified as CVE-2024-20272, this vulnerability allows unauthenticated attackers could gain root privileges on unpatched devices. Cisco Unity Connection lets users access and... The post Root Access Risk: Cisco Unity Connection’s CVE-2024-20272 Security Breach appeared first on Penetration Testing.

Penetration Testing 99

Penetration Testing Risk Software 99

Penetration Testing

NOVEMBER 18, 2024

A recent security advisory from the LibreNMS project has revealed a severe vulnerability (CVE-2024-51092) affecting versions up to 24.9.1 The flaw, rated a critical... The post LibreNMS Vulnerability (CVE-2024-51092): Mitigating the Risk of Server Compromise appeared first on Cybersecurity News.

Risk 130

Risk Cybersecurity 130

Penetration Testing

MARCH 5, 2024

HashiCorp’s Vault, a popular tool for securely managing sensitive data, contains a vulnerability (CVE-2024-2048, CVSS 8.1) Understanding... The post CVE-2024-2048: HashiCorp’s Vault Vulnerability Puts Secrets at Risk appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing Risk Authentication 98

Penetration Testing

MAY 7, 2024

This flaw (CVE-2024-29212) opens a door... The post CVE-2024-29212: Veeam RCE Vulnerability Exposes Data Protection Services to Risk appeared first on Penetration Testing.

Penetration Testing 98

Penetration Testing Risk Backups 98

Penetration Testing

JULY 25, 2024

A critical vulnerability (CVE-2024-40767) has been discovered in OpenStack Nova, the open-source cloud computing platform’s core component for managing virtual servers.

Risk 130

Risk Cybersecurity 130

Penetration Testing

JANUARY 8, 2024

A recently disclosed security flaw, identified as CVE-2024-0193, poses a significant risk to systems relying on this widely used... The post Linux Kernel Flaw CVE-2024-0193 Opens Root Access appeared first on Penetration Testing.

Penetration Testing 111

Penetration Testing Risk 111

Penetration Testing

JULY 5, 2024

This tool, known for its robust capabilities and cross-platform... The post CVE-2024-6376 (CVSS 9.8) in MongoDB Compass Exposes Systems to Code Injection Risks appeared first on Cybersecurity News.

Risk 137

Risk Cybersecurity 137