The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting Apache Flink, an open-source, unified stream-processing and batch-processing framework, to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
Tracked as CVE-2020-17519, the issue relates to a case of improper access control that
A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer (MFT) software that could be abused to create a new administrator user.
Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10.
"Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4.1 allows an unauthorized user to create an admin user via the administration portal," Fortra&
A security flaw has been disclosed in Kyoceraβs Device Manager product that could be exploited by bad actors to carry out malicious activities on affected systems.
"This vulnerability allows attackers to coerce authentication attempts to their own resources, such as a malicious SMB share, to capture or relay Active Directory hashed credentials if the βRestrict NTLM: Outgoing NTLM
Apache has released a security advisory warning of a critical security flaw in the Struts 2 open-source web application framework that could result in remote code execution.
Tracked as CVE-2023-50164, the vulnerability is rooted in a flawed "file upload logic" that could enable unauthorized path traversal and could be exploited under the circumstances to upload a malicious file
Critical security flaws have been disclosed in the Open Authorization (OAuth) implementation of popular online services such as Grammarly, Vidio, and Bukalapak, building upon previous shortcomings uncovered inΒ Booking[.]com and Expo.
The weaknesses, now addressed by the respective companies following responsible disclosure between February and April 2023, could have allowed malicious actors to
A sophisticated Facebook phishing campaign has been observed exploiting a zero-day flaw in Salesforce's email services, allowing threat actors to craft targeted phishing messages using the company's domain and infrastructure.
"Those phishing campaigns cleverly evade conventional detection methods by chaining the Salesforce vulnerability and legacy quirks in Facebook's Web Games platform,"
Improperly deactivated and abandoned SalesforceΒ SitesΒ andΒ CommunitiesΒ (aka Experience Cloud) could pose severe risks to organizations, leading to unauthorized access to sensitive data.
Data security firm Varonis dubbed the abandoned, unprotected, and unmonitored resources βghost sites.β
βWhen these Communities are no longer needed, though, they are often set aside but not deactivated,β Varonis
Login
FreshRSS