A maximum-severity security flaw has been disclosed in the TP-Link Archer C5400X gaming router that could lead to remote code execution on susceptible devices by sending specially crafted requests.
The vulnerability, tracked as CVE-2024-5035, carries a CVSS score of 10.0. It impacts all versions of the router firmware including and prior to 1_1.1.6. It has 
Two recently disclosed security flaws in Ivanti Connect Secure (ICS) devices are being exploited to deploy the infamous Mirai botnet.
That's according to findings from Juniper Threat Labs, which said the vulnerabilities CVE-2023-46805 and CVE-2024-21887 have been leveraged to deliver the botnet payload.
While CVE-2023-46805 is an authentication bypass flaw, CVE-2024-
Palo Alto Networks has released hotfixes to address a maximum-severity security flaw impacting PAN-OS software that has come under active exploitation in the wild.
Tracked as CVE-2024-3400 (CVSS score: 10.0), the critical vulnerability is a case of command injection in the GlobalProtect feature that an unauthenticated attacker could weaponize to execute arbitrary code with root
A critical security flaw in the Rust standard library could be exploited to target Windows users and stage command injection attacks.
The vulnerability, tracked as CVE-2024-24576, has a CVSS score of 10.0, indicating maximum severity. That said, it only impacts scenarios where batch files are invoked on Windows with untrusted arguments.
"The Rust standard library did not properly escape
Multiple security vulnerabilities have been disclosed in LG webOS running on its smart televisions that could be exploited to bypass authorization and gain root access on the devices.
The findings come from Romanian cybersecurity firm Bitdefender, which discovered and reported the flaws in November 2023. The issues were fixed by LG as part of updates released on March 22, 2024.
The
A pair of zero-day flaws identified in Ivanti Connect Secure (ICS) and Policy Secure have been chained by suspected China-linked nation-state actors to breach less than 10 customers.
Cybersecurity firm Volexity, which identified the activity on the network of one of its customers in the second week of December 2023, attributed it to a hacking group it tracks under the name UTA0178
Zyxel has released patches to address 15 security issues impacting network-attached storage (NAS), firewall, and access point (AP) devices, including three critical flaws that could lead to authentication bypass and command injection.
The three vulnerabilities are listed below -
CVE-2023-35138 (CVSS score: 9.8) - A command injection vulnerability that could allow an
VMware has flagged that a recently patched critical command injection vulnerability in Aria Operations for Networks (formerly vRealize Network Insight) has come under active exploitation in the wild.
The flaw, tracked asΒ CVE-2023-20887, couldΒ allowΒ a malicious actor with network access to the product to perform a command injection attack, resulting in remote code execution.
It impacts VMware
Critical security flaws in Cacti, Realtek, and IBM Aspera Faspex are being exploited by various threat actors in hacks targeting unpatched systems.
This entails the abuse ofΒ CVE-2022-46169Β (CVSS score: 9.8) andΒ CVE-2021-35394Β (CVSS score: 9.8) to deliverΒ MooBotΒ andΒ ShellBotΒ (aka PerlBot), Fortinet FortiGuard LabsΒ saidΒ in a report published this week.
CVE-2022-46169Β relates to a critical
Cisco on Wednesday rolled outΒ security updatesΒ to address a critical flaw impacting its IP Phone 6800, 7800, 7900, and 8800 Series products.
The vulnerability, tracked as CVE-2023-20078, is rated 9.8 out of 10 on the CVSS scoring system and is described as a command injection bug in the web-based management interface arising due to insufficient validation of user-supplied input.
Successful
Atlassian has rolled out fixes for aΒ critical security flawΒ in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations.
Tracked asΒ CVE-2022-36804Β (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests.
<!--adsense-->
βAn
Login
FreshRSS