Security Bulletin

Vulnerabilities 2024

author avatar author avatar
7 User Guides by 2 authors

​CVE-2024-9264 - Grafana’s SQL Expressions Vulnerability

Overview. A critical vulnerability, CVE-2024-9264, has been discovered in Grafana, the open-source analytics and visualization platform widely used by organizations worldwide. According to Netlas.io,…

Rama Sadhu
Updated by Rama Sadhu

Adobe ColdFusion Vulnerabilities Exploited in the Wild

Adobe ColdFusion, a popular web development platform, has been targeted by malicious actors exploiting the recently disclosed vulnerabilities, including severe CVE-2023-29300. The exploit has been ob…

Rama Sadhu
Updated by Rama Sadhu

Apache Struts 2 Vulnerability CVE-2023-50164 Exposed

On December 7th, 2023, the Apache Struts project disclosed a significant vulnerability, CVE-2023-50164, in its Struts 2 open-source web framework. Rated at a critical CVSS score of 9.8, this flaw res…

Rama Sadhu
Updated by Rama Sadhu

Apache log4j RCE vulnerability

Click here for PDF format.

Rama Sadhu
Updated by Rama Sadhu

ApacheStructs_VG

Click here for the PDF format.

Author
Updated by Author

CVE-2024-8190 – OS Command Injection in Ivanti CSA

A high severity OS command injection vulnerability, CVE-2024-8190, has been found in Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 and earlier. This flaw allows attackers with admin ac…

Rama Sadhu
Updated by Rama Sadhu

HTTP/2 Rapid Reset Attack Vulnerability

Google , Amazon Web Services & others disclosed a vulnerability in HTTP/2 protocol recently which is being tracked as “ CVE-2023-44487 ”. The flaw lies in the way HTTP/2 protocol was implemented to i…

Rama Sadhu
Updated by Rama Sadhu

Multiple Moveit Transfer Vulnerabilities

Indusface Threat Coverage: MOVEit Transfer SQL Injection Vulnerabilities . Progress has recently raised concerns about multiple vulnerabilities in their MOVEit Transfer secure managed file transfer s…

Rama Sadhu
Updated by Rama Sadhu

Oracle WebLogic Server Deserialization

Click here for PDF format.

Author
Updated by Author

Remote Unauthenticated API Access Vulnerabilities in Ivanti

Ivanti has warned users of its Endpoint Manager Mobile (EPMM) mobile device management (MDM) platform, urging immediate actions to address two vulnerabilities – including a zero-day exploit. These vu…

Rama Sadhu
Updated by Rama Sadhu

Unpacking the Zimbra Cross-Site Scripting Vulnerability(CVE-2023-37580)

On November 16, 2023, Google's Threat Analysis Group revealed an alarming vulnerability in Zimbra Collaboration—a reflected cross-site scripting (XSS) vulnerability assigned CVE-2023-37580. The Zimbr…

Rama Sadhu
Updated by Rama Sadhu

Contact

This site is protected by hCaptcha and its Privacy Policy and Terms of Service apply.