The WordPress CleanTalk plugin currently has a serious authentication bypass vulnerability, identified as CVE-2024-10542 and CVE-2024-10781, which allows an unauthenticated attacker to bypass security measures and perform actions that would normally require valid authentication. In particular, an attacker could install and activate arbitrary plugins on a vulnerable site, potentially leading to remote code execution and Read more about [2025.01 Vulnerability Report] WordPress CleanTalk Plugin Authentication Bypass Vulnerability (CVE-2024-10542, CVE-2024-10781)[…]

Vulnerability report written by the TA team by analyzing “Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)” CVE-2024-21534 is a remote code execution (RCE) vulnerability in the jsonpath-plus package due to improper input sanitization. This vulnerability can cause serious security threats to the system by allowing a malicious user to execute arbitrary code through input. Systems with Read more about [2024.12 Vulnerability Report] Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)[…]

Vulnerability report written by the TA team by analyzing “Cleo Harmony, VLTrader and LexiCom File Read/Write Vulnerability” The vulnerability is a file read/write vulnerability in the software provided by Cleo that attempts to access or upload malicious files in the service using the software through a manipulated VLSync header. The vulnerabilities were patched in Harmony, Read more about [2024.12 Vulnerability Report] Cleo Harmony, VLTrader and LexiCom File Read/Write Vulnerability[…]

Vulnerability report written by the TA team by analyzing “Joomla! CMS Security Bypass (CVE-2023-23752)” CVE-2023-23752 is a vulnerability found in Joomla! versions 4.0.0 through 4.2.7 that allows unauthorized access to web service endpoints due to incorrect access validation. This can lead to a risk that a malicious user can access the system without authentication or Read more about [2024.11 Vulnerability Report] Joomla! CMS Security Bypass (CVE-2023-23752)[…]

Vulnerability report written by the TA team by analyzing “PHP Stack Buffer Overflow Vulnerability” CVE-2023-3824 is a stack buffer overflow vulnerability in PHP that occurs when reading PHAR (PHP Archive) files. This vulnerability could allow attackers to cause memory corruption or execute remote code on the affected system. To mitigate this risk, it is crucial Read more about [2024.10 Vulnerability Report] PHP Stack Buffer Overflow Vulnerability[…]

Vulnerability report written by the TA team by analyzing “Jenkins Arbitrary File Read” The vulnerability is a random file read vulnerability in Jenkins that could allow an agent-accessible attacker to connect with the controller and read to any file in the controller, which could lead to an RCE attack. The vulnerabilities were patched in Jenkins Read more about [2024.09 Vulnerability Report] Jenkins Arbitrary File Read[…]

Vulnerability report written by the TA team by analyzing “MS Office Zero-day vulnerability Follina(CVE-2022-30190)” CVE-2022-30190 is a remote code execution (RCE) vulnerability in Microsoft Support Diagnostic Tool (MSDT) that could allow attackers to execute arbitrary commands on a victim’s system via a malicious Word document. To prevent this vulnerability, it is important to apply the Read more about [2024.08 Vulnerability Report] MS Office Zero-day vulnerability Follina(CVE-2022-30190)[…]

Vulnerability report written by the TA team by analyzing “Atlassian Confluence Remote Code Execution (CVE-2024-21683)” Atlassian Confluence Remote Code Execution The vulnerability is an RCE vulnerability in Confluence Data Center and Server that allows users with “Confusion Administrator” privileges to upload malicious JS files through the “Add New Language” feature in General Configuration – Configuration Read more about [2024.08 Vulnerability Report] Atlassian Confluence Remote Code Execution (CVE-2024-21683)[…]

Vulnerability report written by the TA team by analyzing “Jenkins Arbitrary File Leak Vulnerability (CVE-2024-23897)” This vulnerability, identified in Jenkins’ built-in command line interface (CLI) and its interaction with the args4j library, allows attackers to exploit the ability to substitute the file contents for the “@” character after a file path in command arguments. Unfortunately, Read more about [2024.07 Vulnerability Report] Jenkins Arbitrary File Leak Vulnerability (CVE-2024-23897)[…]