VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.
Recent SonicWall Firewall Vulnerability Potentially Exploited in the Wild
SonicWall is warning customers that the recently patched critical vulnerability CVE-2024-40766 may be exploited in the wild.
Microsoft Copilot Studio Vulnerability Led to Information Disclosure
A vulnerability in Microsoft Copilot Studio could be exploited to access sensitive information on the internal infrastructure used by the service, Tenable reports. The flaw, tracked as CVE-2024-38206 (CVSS score of 8.5) and described as a ‘critical’ information disclosure bug, has been fully mitigated, Microsoft said in an August 6 advisory.
NIST Getting Outside Help for National Vulnerability Database
NIST announced on Wednesday that it will be receiving outside help to get the National Vulnerability Database (NVD) back on track within the next few months. The organization informed the cybersecurity community in February that it should expect delays in the analysis of Common Vulnerabilities and Exposures (CVE) identifiers in the NVD, saying that it was working to establish a consortium to improve the program.
Security Flaw in WP-Members Plugin Leads to Script Injection
Attackers could exploit a high-severity cross-site Scripting (XSS) vulnerability in the WP-Members Membership WordPress plugin to inject arbitrary scripts into web pages, according to an advisory from security firm Defiant.
WordPress Plugin Vulnerability Exposed Ferrari Website to Hackers
A vulnerability in a WordPress plugin exposed the official website of sports car maker Ferrari to hacker attacks.
VMware Patches Critical Vulnerability Disclosed at Pwn2Own Hacking Contest
VMware this week released patches for a critical vulnerability disclosed at the Pwn2Own Vancouver 2023 hacking contest.
Zoom Patches High Risk Flaws on Windows, MacOS Platforms
Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.
Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks
A serious vulnerability affecting the eCos SDK made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
Zimbra Credential Theft Vulnerability Exploited in Attacks
CISA has urged organizations to patch a recent Zimbra credential theft vulnerability after reports of exploitation in the wild.
Zoom Patches High Risk Flaws on Windows, MacOS Platforms
Video messaging giant Zoom has released patches for multiple security vulnerabilities that expose both Windows and macOS users to malicious hacker attacks.
Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks
A serious vulnerability affecting the eCos SDK made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
Zimbra Credential Theft Vulnerability Exploited in Attacks
CISA has urged organizations to patch a recent Zimbra credential theft vulnerability after reports of exploitation in the wild.
Realtek SDK Vulnerability Exposes Routers From Many Vendors to Remote Attacks
A serious vulnerability affecting the eCos SDK made by Taiwanese semiconductor company Realtek could expose the networking devices of many vendors to remote attacks.
Zimbra Credential Theft Vulnerability Exploited in Attacks
CISA has urged organizations to patch a recent Zimbra credential theft vulnerability after reports of exploitation in the wild.