Versa Networks has released patches for a Versa Director vulnerability for which proof-of-concept (PoC) code exists.
The post Versa Networks Patches Vulnerability Exposing Authentication Tokens appeared first on SecurityWeek.
Ivanti Warns of Second CSA Vulnerability Exploited in Attacks
In addition to the Ivanti CSA flaw CVE-2024-8190, another vulnerability affecting the same product, tracked as CVE-2024-8963, has been exploited.
The post Ivanti Warns of Second CSA Vulnerability Exploited in Attacks appeared first on SecurityWeek.
Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd
Atlassian’s September 2024 monthly security bulletin details multiple high-severity vulnerabilities in four products.
The post Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd appeared first on SecurityWeek.
GitLab Patches Critical Authentication Bypass Vulnerability
GitLab has patched a critical-severity SAML authentication bypass affecting both Community Edition (CE) and Enterprise Edition (EE) instances.
The post GitLab Patches Critical Authentication Bypass Vulnerability appeared first on SecurityWeek.
CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities
CISA and the FBI have released an alert on XSS vulnerabilities, urging organizations to adopt a secure by design approach and eliminate them.
The post CISA, FBI Urge Organizations to Eliminate XSS Vulnerabilities appeared first on SecurityWeek.
Chrome 129 Patches High-Severity Vulnerability in V8 Engine
Google has released Chrome 129 with patches for nine vulnerabilities, including a high-severity bug in the V8 engine.
The post Chrome 129 Patches High-Severity Vulnerability in V8 Engine appeared first on SecurityWeek.
VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest
VMware warned that an attacker with network access could send a specially crafted packet to execute remote code. CVSS severity score 9.8/10.
The post VMware Patches Remote Code Execution Flaw Found in Chinese Hacking Contest appeared first on SecurityWeek.
D-Link Patches Critical Router Vulnerabilities
D-Link has released patches for critical vulnerabilities that could allow attackers to execute arbitrary code and commands on routers.
The post D-Link Patches Critical Router Vulnerabilities appeared first on SecurityWeek.
Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks
Two recently patched Progress Software WhatsUp Gold vulnerabilities may have been exploited in the wild, possibly in ransomware attacks.
The post Recent WhatsUp Gold Vulnerabilities Possibly Exploited in Ransomware Attacks appeared first on SecurityWeek.
Apple Patches Major Security Flaws with iOS 18 Refresh
Apple warns that attackers can use Siri to access sensitive user data, control nearby devices, or view recent photos without authentication.
The post Apple Patches Major Security Flaws with iOS 18 Refresh appeared first on SecurityWeek.