Security
Headlines
HeadlinesLatestCVEs

Tag

#vulnerability

Ubuntu Security Notice USN-7063-1

Ubuntu Security Notice 7063-1 - Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon leaked the Pro token to unprivileged users by passing the token as an argument in plaintext. An attacker could use this issue to gain unauthorized access to an Ubuntu Pro subscription.

Packet Storm
Open in Source
#vulnerability#ubuntu#js#auth
Vivo Fibra Askey RTF8225VW Command Execution

The Vivo Fibra Askey RTF8225VW modem suffers from an input validation vulnerability that allows for full escalation to a functioning shell once logged in and using the restricted aspsh shell.

Ubuntu Security Notice USN-7065-1

Ubuntu Security Notice 7065-1 - Damien Schaeffer discovered that Firefox did not properly manage memory in the content process when handling Animation timelines, leading to a use after free vulnerability. An attacker could possibly use this issue to achieve remote code execution.

Zero-day Flaws Exposed EV Chargers to Shutdowns and Data Theft

NCC Group experts share details of how they exploited critical zero-day vulnerabilities in Phoenix Contact EV chargers (electric…

WordPress File Manager Advanced Shortcode 2.3.2 Code Injectin / Shell Upload

WordPress File Manager Advanced Shortcode plugin version 2.3.2 suffers from a code injection vulnerability that allows for remote shell upload.

TOTOLINK 9.x Command Injection

TOTOLINK version 9.x suffers from a remote command injection vulnerability.

MagnusBilling 7.x Command Injection

MagnusBilling version 7.x suffers from a remote command injection vulnerability.

Bookstore Management System 1.0 SQL Injection

Bookstore Management System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Nation-State Attackers Exploiting Ivanti CSA Flaws for Network Infiltration

A suspected nation-state adversary has been observed weaponizing three security flaws in Ivanti Cloud Service Appliance (CSA) a zero-day to perform a series of malicious actions. That's according to findings from Fortinet FortiGuard Labs, which said the vulnerabilities were abused to gain unauthenticated access to the CSA, enumerate users configured in the appliance, and attempt to access the

5 Steps to Boost Detection and Response in a Multi-Layered Cloud

The link between detection and response (DR) practices and cloud security has historically been weak. As global organizations increasingly adopt cloud environments, security strategies have largely focused on "shift-left" practices—securing code, ensuring proper cloud posture, and fixing misconfigurations. However, this approach has led to an over-reliance on a multitude of DR tools spanning