Please turn on your JavaScript for this page to function normally.
QNAP
15 QNAP NAS bugs and one PoC disclosed, update ASAP! (CVE-2024-27130)

Researchers have found 15 vulnerabilities in QNAP’s network attached storage (NAS) devices, and have released a proof-of-concept for one: an unauthenticated stack …

Ivanti
PoC exploit for Ivanti EPMM privilege escalation flaw released (CVE 2024-22026)

Technical details about and a proof-of-concept (PoC) exploit for CVE-2024-22026, a privilege escalation bug affecting Ivanti EPMM, has been released by the …

Palo Alto Networks
Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades

There are proof-of-concept techniques allowing attackers to achieve persistence on Palo Alto Networks firewalls after CVE-2024-3400 has been exploited, the company has …

Progress
PoC for critical Progress Flowmon vulnerability released (CVE-2024-2389)

More details of and a proof-of-concept exploit for an unauthenticated OS command injection vulnerability (CVE-2024-2389) in Flowmon, Progress Software’s network …

Palo Alto Networks
Palo Alto firewalls: Public exploits, rising attacks, ineffective mitigation

UPDATE: April 30, 09:30 AM ET New story: Palo Alto firewalls: CVE-2024-3400 exploitation and PoCs for persistence after resets/upgrades While it initially seemed that …

Delinea Secret Server
A critical vulnerability in Delinea Secret Server allows auth bypass, admin access

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass …

Fortra FileCatalyst
PoC exploit for critical Fortra FileCatalyst MFT vulnerability released (CVE-2024-25153)

Proof-of-concept (PoC) exploit code for a critical RCE vulnerability (CVE-2024-25153) in Fortra FileCatalyst MFT solution has been published. About CVE-2024-25153 Fortra …

Fortinet
Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of …

arcserve
PoC for critical Arcserve UDP vulnerabilities published (CVE-2024-0799, CVE-2024-0800)

Arcserve has fixed critical security vulnerabilities (CVE-2024-0799, CVE-2024-0800) in its Unified Data Protection (UDP) solution that can be chained to upload malicious files …

Attackers exploiting ConnectWise ScreenConnect flaws, fixes available for all users (CVE-2024-1709, CVE-2024-1708)

The two ScreenConnect vulnerabilities ConnectWise has recently urged customers to patch have finally been assigned CVE numbers: CVE-2024-1709 for the authentication bypass, …

Windows
A zero-day vulnerability (and PoC) to blind defenses relying on Windows event logs

A zero-day vulnerability that, when triggered, could crash the Windows Event Log service on all supported (and some legacy) versions of Windows could spell trouble for …

Jenkins
Critical Jenkins RCE flaw exploited in the wild. Patch now! (CVE-2024-23897)

Several proof-of-concept (PoC) exploits for a recently patched critical vulnerability (CVE-2024-23897) in Jenkins have been made public and there’s evidence of …

Don't miss

Cybersecurity news