13 matches found
Chrome Targeted by Active In-the-Wild Exploit Tied to Undisclosed High-Severity Flaw
Google on Wednesday shipped security updates for its Chrome browser to address three security flaws, including one it said has come under active exploitation in the wild. The vulnerability, rated high in severity, is being tracked under the Chromium issue tracker ID "466192044." Unlike other...
PT-2025-21132 · Zoom · Zoom
Name of the Vulnerable Software and Affected Versions: Zoom affected versions not specified Description: A high-severity flaw has been identified and patched in Zoom Workplace Apps. The issue was disclosed and patched on the same day, 2025-05-13. Recommendations: At the moment, there is no...
CISA Flags Actively Exploited Vulnerability in SonicWall SMA Devices
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a security flaw impacting SonicWall Secure Mobile Access SMA 100 Series gateways to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The high-severity vulnerability, tracked...
Apache OFBiz Update Fixes High-Severity Flaw Leading to Remote Code Execution
A new security flaw has been addressed in the Apache OFBiz open-source enterprise resource planning ERP system that, if successfully exploited, could lead to unauthenticated remote code execution on Linux and Windows. The high-severity vulnerability, tracked as CVE-2024-45195 CVSS score: 7.5,...
Thousands of Unpatched Openfire XMPP Servers Still Exposed to High-Severity Flaw
Thousands of Openfire XMPP servers are unpatched against a recently disclosed high-severity flaw and are susceptible to a new exploit, according to a new report from VulnCheck. Tracked as CVE-2023-32315 CVSS score: 7.5, the vulnerability relates to a path traversal vulnerability in Openfire's...
Google Play Apps Remain Vulnerable to High-Severity Flaw
UPDATE Researchers are warning that several popular Google Play applications – including mobile browser app Edge – have yet to push out an important update addressing a high-severity vulnerability in the Google Play Core Library. The vulnerability exists in Google Play Core Library, which is...
Attackers Exploiting High-Severity Network Security Flaw, Cisco Warns
Cisco is warning that a high-severity flaw in its network security software is being actively exploited – allowing remote, unauthenticated attackers to access sensitive data. Patches for the vulnerability CVE-2020-3452 in question, which ranks 7.5 out of 10 on the CVSS scale, were released last...
GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions 9.x/8.x/7.x/6.x of the Apache Tomcat released in the past 13...
FDA Warns of Potentially Fatal Flaws in Medtronic Insulin Pumps
The Food and Drug Administration FDA has issued an emergency alert, warning that Medtronic MiniMed insulin pumps are vulnerable to potentially life-threatening cyberattacks. Specifically impacted are Medtronic’s MiniMed insulin pumps, the MiniMed 508 insulin pump and MiniMed Paradigm series insul...
Mozilla Fixes Second Actively-Exploited Firefox Flaw
UPDATE Mozilla has fixed a high-severity vulnerability in its Firefox browser being actively exploited in the wild. The vulnerability CVE-2019-11708 is separate from a critical flaw under active attack that was patched earlier this week CVE-2019-11707. However, both vulnerabilities were discovere...
Cisco Service Provider, WebEx Bugs Offer Up Remote Code Execution
Cisco is warning of critical remote code-execution RCE vulnerabilities in the Cisco Prime Infrastructure PI and Evolved Programmable Network EPN Manager, which is used by telcos, mobile carriers, cable companies and ISPs to manage their hardware infrastructure. The vendor also issued estimated...
Allaire's JRUN Unauthenticated Access to WEB-INF directory
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory Allaire's JRUN ---------------------------------------------------------------------- FS Advisory ID: FS-102300-12-JRUN Release Date: October 23, 2000 Product: JRun 3.0 Vendor: Allaire Inc...
FS-073100-10-BEA.txt
Foundstone, Inc. http://www.foundstone.com "Securing the Dot Com World" Security Advisory BEA's WebLogic .jsp/.jhtml remote command execution ---------------------------------------------------------------------- FS Advisory ID: FS-073100-10-BEA Release Date: July 31, 2000 Product: WebLogic Vendo...