Security Vulnerabilities

The latest Security Vulnerabilities

NewsSecurity Vulnerabilities

LDAPNightmare exploit crashes LSASS and forces a reboot of Windows domain controllers

Jason Davies 313 Views 0 Comments 1 min read

On December 10th 2024, Yuki Chen (@guhe120) identified two LDAP vulnerabilities: a Remote Code Execution (RCE) flaw and a Denial

Read More
NewsSecurity Vulnerabilities

Palo Alto Firewall Denial of Service (DoS) in DNS Security Using a Specially Crafted Packet (CVE-2024-3393)

Jason Davies 252 Views 0 Comments 1 min read

CVE number = CVE-2024-3393 A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software

Read More
NewsSecurity Vulnerabilities

D-Link DIR-823G auto reboot vulnerability (CVE-2024-13030)

Jason Davies 206 Views 0 Comments 0 min read

A vulnerability was found in D-Link DIR-823G 1.0.2B05_20181207. It has been rated as critical and the CVE is CVE-2024-13030 This

Read More
NewsSecurity Vulnerabilities

Connection Hijacking Vulnerability in Huawei Home Routers (CVE-2023-52718)

Jason Davies 261 Views 0 Comments 1 min read

CVE number = CVE-2023-52718 A connection hijacking vulnerability exists in some Huawei home routers. Successful exploitation of this vulnerability may

Read More
NewsSecurity Vulnerabilities

HarfBuzz Heap-based Buffer Overflow Vulnerability (CVE-2024-56732)

Luke Simmonds 222 Views 0 Comments 0 min read

CVE number = CVE-2024-56732 HarfBuzz is a text shaping engine. Starting with version 8.5.0 through to version 10.0.1, there is

Read More
NewsSecurity Vulnerabilities

Onyxia remote code execution (RCE) vulnerability [CVE-2024-56333]

Jason Davies 219 Views 0 Comments 0 min read

Onyxia is a web app that aims at being the glue between multiple open source backend technologies to provide a

Read More
NewsSecurity Vulnerabilities

Navidrome Plaintext Storage of JWT Secret in navidrome.db vulnerability [CVE-2024-56362]

Jason Davies 193 Views 0 Comments 0 min read

CVE number – CVE-2024-56362 Navidrome is an open source web-based music collection server and streamer. Navidrome stores the JWT secret

Read More
NewsSecurity Vulnerabilities

APTRS (Automated Penetration Testing Reporting System) Server Side Template Injection Vulnerability [CVE-2024-56363]

Luke Simmonds 213 Views 0 Comments 1 min read

APTRS (Automated Penetration Testing Reporting System) is a Python and Django-based automated reporting tool designed for penetration testers and security

Read More
NewsSecurity Vulnerabilities

Sophos issues hotfixes for three critical flaws in XG firewall

Luke Simmonds 204 Views 0 Comments 2 min read

Sophos has issued hotfixes to resolve three security vulnerabilities in its Firewall products. These flaws, under certain conditions, could enable

Read More
NewsSecurity Vulnerabilities

Webmin CGI Command Injection Remote Code Execution Vulnerability [CVE-2024-12828]

Jason Davies 189 Views 0 Comments 0 min read

CVE number = CVE-2024-12828 This vulnerability allows remote attackers to execute arbitrary code on affected installations of Webmin. Authentication is

Read More