The Checkmk IT Infrastructure monitoring software has vulnerabilities that have been publicly revealed and could be exploited by a remote, unauthenticated attacker to completely…
Server-side request forgery
Jira Align vulnerabilities allow getting super admin rights
The researcher says that it was theoretically conceivable to move laterally or upward beyond the instance. Jira Align vulnerabilities allow getting super admin rights.…
A serious open source flaw WebPageTest is still not patched.
After a talk, a blog post, and public publication, the RCE exploit is still open for discussion. The maintainers of the WebPageTest project seem…
The Spring Cloud-enabled Nepxion Discovery software does not fix RCE and information leak issues.
Chinese project maintainer appears to have closed the public issue without offering a patch. Nepxion Discovery Software, an open-source project that offers functionality for…
There are two fresh zero-days for Exchange Server
As it looks at (yep, more) reported vulnerabilities in Microsoft Exchange Server that affect the software’s 2013, 2016, and 2019 editions, Microsoft has released…
SSRF flaws created in multiple apps via Google Drive integration errors
Execution flaws in Google Drive integrations created server-side request forgery (SSRF) vulnerabilities in a mixture of applications, a security researcher has disclosed. This included…
Dropbox: PoC release for Ghostscript vulnerability that revealed Airbnb
Malicious programmers have delivered a proof-of-concept (PoC) code that takes advantage of and as of late displayed vulnerability in more seasoned yet generally utilized…
SAP patches 9 high severity vulnerabilities in its Products
One of the severe vulnerabilities is CVE-2021-33698, an unlimited document transfer upload influencing SAP Business One. As per Onapsis, an organization that has some…
WordPress XXE Vulnerability Patched in Version 5.7.1
Security researchers from SonarSource have detected a critical security vulnerability impacting the WordPress 5.7 platform that could have facilitated a potential remote cyberattack to…
VMware deploys patches for security flaws in AI-based vRealize
Critical vulnerabilities infesting an IT platform vRealize of VMware have been patched up that had the potential to facilitate administrator credentials theft to malicious…