Vulnerability CVE-2023-27532 in a Veeam Backup & Replication component allows an unauthenticated user operating within the backup infrastructure network perimeter to obtain encrypted credentials stored in the configuration database. This may lead to an attacker gaining access to the backup infrastructure hosts.

Numerous threat actors were detected abusing a critical CVE-2022-47966 RCE vulnerability affecting products from ManageEngine. Read our advisory.

The Galaxy App Store is an alternative application store that comes pre-installed on Samsung Android devices. Several Android applications are available on both the Galaxy App Store and Google App Store, and users have the option to use either store to install specific applications. Two vulnerabilities were uncovered with the Galaxy App Store application: Technical…

* Paid Memberships Pro : CVE-2023-23488 - Unauthenticated SQL Injection * Easy Digital Downloads: CVE-2023-23489 - Unauthenticated SQL Injection * Survey Maker: CVE-2023-23490 - Authenticated SQL Injection

A heap-based buffer overflow vulnerability [CWE-122] in FortiOS SSL-VPN may allow a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system

Best Practices • Apply patches as soon as possible • Disable unnecessary ports and protocols • Replace end-of-life infrastructure • Implement a centralized patch management system