#vulnerabilityalert — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #vulnerabilityalert, aggregated by home.social.
-
⚠️ Cloud Software Group reveals a medium severity XSS flaw (CVE-2025-12101) in Citrix NetScaler ADC & Gateway platforms! Vulnerable versions include 14.1 before 14.1-56.73 & 13.1 before 13.1-60.32. Immediate patching is crucial to prevent session hijacking & credential theft. 🔒🛡️
Details here: https://gbhackers.com/citrix-netscaler-adc-and-gateway-flaw/ #CyberSecurity #XSS #Citrix #NetScaler #VulnerabilityAlert #newz
-
🚨 Oh no! The X.Org X server has more holes than a Swiss cheese! 🧀 For the six people who still use it, the suspense of those 'multiple issues' is killing us. Who knew X could stand for 'xtra' vulnerabilities? 🤦♂️
https://lists.x.org/archives/xorg-announce/2025-October/003635.html #XOrg #XServer #Vulnerabilities #SwissCheese #CyberSecurity #TechNews #VulnerabilityAlert #HackerNews #ngated -
🚨 Oh no! The X.Org X server has more holes than a Swiss cheese! 🧀 For the six people who still use it, the suspense of those 'multiple issues' is killing us. Who knew X could stand for 'xtra' vulnerabilities? 🤦♂️
https://lists.x.org/archives/xorg-announce/2025-October/003635.html #XOrg #XServer #Vulnerabilities #SwissCheese #CyberSecurity #TechNews #VulnerabilityAlert #HackerNews #ngated -
🚨 Oh no! The X.Org X server has more holes than a Swiss cheese! 🧀 For the six people who still use it, the suspense of those 'multiple issues' is killing us. Who knew X could stand for 'xtra' vulnerabilities? 🤦♂️
https://lists.x.org/archives/xorg-announce/2025-October/003635.html #XOrg #XServer #Vulnerabilities #SwissCheese #CyberSecurity #TechNews #VulnerabilityAlert #HackerNews #ngated -
🚨 Oh no! The X.Org X server has more holes than a Swiss cheese! 🧀 For the six people who still use it, the suspense of those 'multiple issues' is killing us. Who knew X could stand for 'xtra' vulnerabilities? 🤦♂️
https://lists.x.org/archives/xorg-announce/2025-October/003635.html #XOrg #XServer #Vulnerabilities #SwissCheese #CyberSecurity #TechNews #VulnerabilityAlert #HackerNews #ngated -
The God Mode Vulnerability That Should Kill "Trust Microsoft" Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
#HackerNews #GodMode #Vulnerability #TrustMicrosoft #CyberSecurity #MicrosoftSecurity #VulnerabilityAlert
-
The God Mode Vulnerability That Should Kill "Trust Microsoft" Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
#HackerNews #GodMode #Vulnerability #TrustMicrosoft #CyberSecurity #MicrosoftSecurity #VulnerabilityAlert
-
The God Mode Vulnerability That Should Kill "Trust Microsoft" Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
#HackerNews #GodMode #Vulnerability #TrustMicrosoft #CyberSecurity #MicrosoftSecurity #VulnerabilityAlert
-
The God Mode Vulnerability That Should Kill "Trust Microsoft" Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
#HackerNews #GodMode #Vulnerability #TrustMicrosoft #CyberSecurity #MicrosoftSecurity #VulnerabilityAlert
-
The God Mode Vulnerability That Should Kill "Trust Microsoft" Forever
https://tide.org/blog/god-mode-vulnerability-microsoft-authorityless-security
#HackerNews #GodMode #Vulnerability #TrustMicrosoft #CyberSecurity #MicrosoftSecurity #VulnerabilityAlert
-
@BleepingComputer my favorite: #keepass not among six major password managers shown to be vulnerable to clickjacking: https://www.bleepingcomputer.com/news/security/major-password-managers-can-leak-logins-in-clickjacking-attacks/
anybody knows?
-
Critical Wing FTP Server vulnerability (CVE-2025-47812) under active exploitation! Huntress detected real-world attacks achieving root/SYSTEM access through null byte injection. Organizations must update to version 7.4.4 immediately.
#SecurityLand #BusinessShield #CyberSecurity #InfoSec #VulnerabilityAlert #FTP
-
Critical Wing FTP Server vulnerability (CVE-2025-47812) under active exploitation! Huntress detected real-world attacks achieving root/SYSTEM access through null byte injection. Organizations must update to version 7.4.4 immediately.
#SecurityLand #BusinessShield #CyberSecurity #InfoSec #VulnerabilityAlert #FTP
-
Critical Wing FTP Server vulnerability (CVE-2025-47812) under active exploitation! Huntress detected real-world attacks achieving root/SYSTEM access through null byte injection. Organizations must update to version 7.4.4 immediately.
#SecurityLand #BusinessShield #CyberSecurity #InfoSec #VulnerabilityAlert #FTP
-
"🚨 Urgent TeamCity Vulnerabilities Alert! Patch Now! 🚨"
JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 🛡️💻
🔗 Source: BleepingComputer
Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec
🌍🔐👥
-
"🚨 Urgent TeamCity Vulnerabilities Alert! Patch Now! 🚨"
JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 🛡️💻
🔗 Source: BleepingComputer
Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec
🌍🔐👥
-
"🚨 Urgent TeamCity Vulnerabilities Alert! Patch Now! 🚨"
JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 🛡️💻
🔗 Source: BleepingComputer
Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec
🌍🔐👥
-
"🚨 Urgent TeamCity Vulnerabilities Alert! Patch Now! 🚨"
JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 🛡️💻
🔗 Source: BleepingComputer
Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec
🌍🔐👥
-
"🚨 Urgent TeamCity Vulnerabilities Alert! Patch Now! 🚨"
JetBrains has just patched critical vulnerabilities in TeamCity On-Premises software, tagged CVE-2024-27198 and CVE-2024-27199, with alarming CVSS scores of 9.8 and 7.3. These flaws allow unauthorized access to potentially gain full control over the TeamCity servers. Versions up to 2023.11.3 are affected, urging an immediate update to v2023.11.4. Kudos to Rapid7 for the timely discovery on Feb 20, 2024. Given past abuses by notorious APT groups, securing your systems against such authentication bypasses is crucial to thwart potential supply chain assaults. 🛡️💻
🔗 Source: BleepingComputer
Tags: #JetBrains #TeamCity #CyberSecurity #VulnerabilityAlert #CVE2024-27198 #CVE2024-27199 #Rapid7 #PatchNow #SupplyChainSecurity #AuthenticationBypass #InfoSec
🌍🔐👥
-
"🚨 Critical Vulnerabilities Alert in ConnectWise Software 🚨"
Two vulnerabilities have been identified in ConnectWise's remote desktop software, ScreenConnect, affecting versions 23.9.7 and prior. The first vulnerability (CVE-2024-1708) is a path-traversal issue allowing potential remote code execution or access to sensitive data, rated with a high severity score of 8.4.
The second (CVE-2024-1709) is an authentication bypass, considered critical with a severity score of 10.0, and is easily exploitable with existing proof-of-concept exploits. ConnectWise has issued updates for cloud-hosted instances, but self-hosted deployments need immediate patching. The exposure is global, with significant concentrations in the United States, and it's expected that cybercriminals and nation-state actors will actively exploit these vulnerabilities.
| ---- | ---- | ---- |
| CVE Number | Description | *CVSS Severity* |
| CVE-2024-1708 | ScreenConnect 23.9.7 and prior are affected by a path-traversal vulnerability, which may allow an attacker the ability to execute remote code or directly impact confidential data or critical systems. | 8.4 High |
| CVE-2024-1709 | ConnectWise ScreenConnect 23.9.7 and prior are affected by an authentication bypass using an alternate path or channel vulnerability, which may allow an attacker direct access to confidential information or critical systems. | 10.0 Critical |Professionals using ConnectWise must urgently patch their systems to mitigate these vulnerabilities. The discovery underscores the importance of rigorous security practices in protecting IT infrastructures.
🛡️💻🔐
Tags: #CyberSecurity #VulnerabilityAlert #ConnectWise #CVE2024_1708 #CVE2024_1709 #PatchManagement #ITSecurity #RemoteCodeExecution #PrivilegeEscalation
Source: Unit42 by Palo Alto Networks
-
"🚨 2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure🚨"
A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges.
And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit.
A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.
Tags: #CyberSecurity #VulnerabilityAlert #Ivanti #CVE202421888 #CVE2024221893 #PrivilegeEscalation #PatchManagement #InfosecCommunity #SystemAdmins 🔐💻🛡️
Source: Ivanti's Forums Tenable
-
"🚨 2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure🚨"
A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges.
And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit.
A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.
Tags: #CyberSecurity #VulnerabilityAlert #Ivanti #CVE202421888 #CVE2024221893 #PrivilegeEscalation #PatchManagement #InfosecCommunity #SystemAdmins 🔐💻🛡️
Source: Ivanti's Forums Tenable
-
"🚨 2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure🚨"
A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges.
And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit.
A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.
Tags: #CyberSecurity #VulnerabilityAlert #Ivanti #CVE202421888 #CVE2024221893 #PrivilegeEscalation #PatchManagement #InfosecCommunity #SystemAdmins 🔐💻🛡️
Source: Ivanti's Forums Tenable
-
"🚨 2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure🚨"
A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges.
And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit.
A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.
Tags: #CyberSecurity #VulnerabilityAlert #Ivanti #CVE202421888 #CVE2024221893 #PrivilegeEscalation #PatchManagement #InfosecCommunity #SystemAdmins 🔐💻🛡️
Source: Ivanti's Forums Tenable
-
"🚨 2x High Alert: Ivanti's CVE-2024-21888 - Privilege Escalation Vulnerability AND CVE-2024-21893 - Server-side request forgery vulnerability in the SAML component of Ivanti Connect Secure🚨"
A high-severity vulnerability, CVE-2024-21888, has been identified in Ivanti Connect Secure & Ivanti Policy Secure (versions 9.x, 22.x). This vulnerability permits privilege escalation, allowing a user to gain administrative privileges.
And also a high vulnerability, named CVE-2024-21893, has been discovered in Ivanti Connect Secure and Policy Secure up to versions 9.1R18/22.6R2. This vulnerability affects the SAML component and can be exploited remotely. It allows an attacker to manipulate unknown input, leading to a server-side request forgery issue. There is no publicly available exploit.
A patch has been released to address this vulnerability. Admins are advised to apply patches ASAP and consider a factory reset of devices as an extra precaution.
Tags: #CyberSecurity #VulnerabilityAlert #Ivanti #CVE202421888 #CVE2024221893 #PrivilegeEscalation #PatchManagement #InfosecCommunity #SystemAdmins 🔐💻🛡️
Source: Ivanti's Forums Tenable
-
🚨✨ Critical Alert: SSH ProxyCommand Vulnerability! Dive into the details of CVE-2023-51385, a severe code execution flaw, exposing servers to shell injection. Discover insights, mitigation strategies, and stay ahead of potential threats. 🔐💻
https://www.relianoid.com/blog/ssh-proxycommand-unexpected-code-execution-cve-2023-51385/
#SSHSecurity #CyberRisk #CodeExecutionFlaw #InfoSec #VulnerabilityAlert #SSHProxyCommand #CyberThreats #MitigationStrategies #TechSecurity #CVE2023_51385 #CyberDefense #SSHVulnerability #InfoSecInsights #ServerSecurity #PatchNow
-
"⚠️ #HPEOneView Alert! Triple Vulnerability Threat Uncovered ⚠️"
Hewlett Packard Enterprise's OneView Software is under the spotlight with three critical vulnerabilities identified. These flaws can lead to authentication bypass, sensitive data exposure, and even denial of service. If you're using HPE OneView, it's time to patch up! 🛡️
Vulnerabilities:
1️⃣ CVE-2023-30908 – Remote Authentication Bypass: Scored a whopping 9.8 on CVSS, this flaw allows attackers to bypass authentication due to mishandling of user credentials in HPE OneView. Kudos to Sina Kheirkhah (@SinSinology) from the Summoning Team (@SummoningTeam) for reporting this! 🕵️♂️2️⃣ CVE-2022-4304 – Disclosure of Sensitive Information: A timing-based side channel in OpenSSL's RSA Decryption can leak sensitive info. Attackers can exploit this by sending numerous trial decryption messages. 📩
3️⃣ CVE-2023-2650 – Denial of Service: This flaw lies in OpenSSL's OBJ_obj2txt() method, allowing attackers to launch a DoS attack on HPE OneView. 🚫
Impacted? 🤔 Versions prior to v8.5 and v6.60.05 patch are vulnerable. But don't fret! HPE has released patches for these versions. Head to the HPE Support Center and upgrade ASAP! ⏳
Source: Guru's Article, September 11, 2023
Tags: #Cybersecurity #HPE #VulnerabilityAlert #PatchNow #OpenSSL #DoS #AuthenticationBypass #SensitiveDataLeak #InfoSecCommunity
-
📚 #VulnerabilityAlert! BIND vulnerability CVE-2023-2911 has been identified. Check the details here: [link](https://my.f5.com/manage/s/article/K000135504?utm_source=f5support&utm_medium=RSS) #InfoSec #CyberSecurity
BIND vulnerability CVE-2023-2911
Security Advisory Description
The recursive-clients quota, when reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, could cause a sequence of serve-stale-related lookups to cause named to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. (CVE-2023-2911)