Security vendor F5 has prepared hotfixes for a pair of vulnerabilities affecting its BIG-IP and BIG-IQ networking devices that could result in remote code execution (RCE). Software updates...
A prototype pollution vulnerability that could lead to remote code execution (RCE) in Parse Server has been patched. An attacker could potentially trigger RCE through the...
Melis Platform, the open source e-commerce and content management system (CMS), was vulnerable to remote code execution (RCE) via a critical deserialization vulnerability. Tracked as CVE-2022-39297 and with a...
The team behind the Cobalt Strike penetration testing tool has responded to reports of a failed remote code execution (RCE) exploit patch with a new fix. HelpSystems’ Cobalt...
Windows servers running Microsoft Office Online Server can be exploited to achieve server-side request forgery (SSRF) and thereafter remote code execution (RCE) on the host, according to security...
A critical flaw patched in the Apache Commons Text library has sparked comparisons with the ‘Log4Shell’ bug that surfaced in the near-ubiquitous open source component Log4j last year....
A vulnerability in GitLab allowed attackers to stage various attacks against GitLab servers, including the cloud-hosted GitLab.com platform. The bug, reported by security researcher ‘yvvdwf’, was caused...
A bug in vm2, a popular JavaScript sandbox environment, could allow malicious actors to bypass sandbox protections and stage remote code execution (RCE) on the host device. Vm2,...
An unpatched remote code execution (RCE) vulnerability in Nepxion Discovery, an open source project that provides functionality for the Spring Cloud framework, has been made public....
Cloud-based source code management (SCM) platforms support integration with self-hosted CI/CD solutions through webhooks, which is great for DevOps automation. However, the benefits can come with security trade-offs....
Security researchers from IHTeam have uncovered a serious vulnerability in a plugin to the pfSense firewall technology. The affected pfBlockerNG plugin is not installed by default...
Security release also includes precautionary patches for potential Log4j-like flaw in Logback library. Diversified technology and infrastructure software provider Open-Xchange has released fixes for several security...
An unauthenticated arbitrary object instantiation vulnerability in LDAP Account Manager (LAM) has been discovered during an internal penetration test. LAM is a PHP web application for...