Category Archives: Vulnerabilities

The US Cybersecurity and Infrastructure Security Agency (CISA) has warned Ivanti customers of active exploitation of a critical Endpoint Manager (EPM) vulnerability allowing remote code execution (RCE) that the company fixed in May 2024. Tracked as CVE-2024-29824, the flaw is an SQL injection vulnerability in the Ivanti EPM core server that allows an unauthenticated attacker […]

Nvidia has patched a critical vulnerability affecting its container toolkit (formerly known as Nvidia docker). The vulnerability — tracked as CVE-2024-0132 — has been assigned a CVSS score of 9 out of 10 and can allow a rogue user or application to break out of their dedicated container and gain full access to the underlying […]

IT management solutions provider Ivanti confirmed that a high-severity flaw patched this week in an older version of its Cloud Service Appliance (CSA) has been exploited in attacks. The vulnerability was fixed as part of the company’s September security update, which also included patches for critical and high-severity flaws in other products. “​​Following public disclosure, […]

Google has announced new compensation incentives for people who find vulnerabilities in the Chrome browser as part of the company’s Chrome Vulnerability Reward Program (VRP). The increases to its Chrome bug reward structure follow increases Google made last month for “exceptional quality” reports of flaws in a range of Alphabet offerings, including Gmail and Nest. The […]

A critical vulnerability has been reported in WPML — a multilingual WordPress plugin with more than a million installations globally — that allows remote code execution on affected WordPress sites. The vulnerability tracked as CVE-2024-6386 received a CVSS rating of 9.9 out of 10 and affects all versions of the plugin before 4.6.13. “The WPML […]

Microsoft-owned source code management platform, GitHub, has rolled out fixes for three vulnerabilities affecting its Enterprise Server product, including a critical one allowing site administrator privileges to an attacker. Reported via the GitHub Bug Bounty Program, the critical vulnerability tracked as CVE-2024-6800 has received a CVSS rating of 9.5 out of 10. “On GitHub Enterprise […]

SolarWinds has issued a hotfix to patch up a security oversight that could allow remote access to sensitive credentials hardcoded in its Web Help Desk (WHD) product. The vulnerability, tracked as CVE-2024-28987, has been rated “critical” with a CVSS score of 9.1 out of 10. “The SolarWinds Web Help Desk software is affected by a […]

SAP has sealed a bunch of severe bugs affecting its systems, including two critical vulnerabilities that can allow full system compromise. On its Security Patch Day for August 2024, the software giant rolled out fixes for a total of 17 vulnerabilities, with six hot fixes — CVSS ranging between 7 and 10 out of 10 […]

SAP has sealed a bunch of severe bugs affecting its systems, including two critical vulnerabilities that can allow full system compromise. On its Security Patch Day for August 2024, the software giant rolled out fixes for a total of 17 vulnerabilities, with six hot fixes — CVSS ranging between 7 and 10 out of 10 […]

There is a distinct difference of opinion on the level of harm a newly revealed Microsoft Office vulnerability exposing NT Lan Manager (NTLM) hashes, being tracked as CVE-2024-38200, could potentially cause to organizations. The vulnerability affects multiple 32-bit and 64-bit versions of Office, including Office 2016, Office 2019, Office LTSC 2021, and Microsoft 365 Apps […]