Several decade-old Local Privilege Escalation (LPE) vulnerabilities found in the needrestart component, installed by default in Ubuntu Server, allow local attackers to gain root access on the system. Needrestart is a utility that checks whether the system needs to be…
Among content management systems (CMS) widely used around the world, a dangerous vulnerability has been identified in Drupal Core. Exploiting this vulnerability allows attackers to execute malicious code through users’ browsers. This vulnerability is mainly related to the Overlay module…
Oracle has issued an urgent security alert regarding a critical vulnerability in its Agile Product Lifecycle Management (PLM) framework, which is currently being actively exploited in real-world attacks. The vulnerability, identified as CVE-2024-21287, allows unauthenticated attackers to gain access to…
Apache Tomcat is an open-source software developed to support Java applications. It operates as a web server and servlet container, complying with Java EE (Enterprise Edition) specifications. Due to its efficiency, flexibility, and extensive configuration options, Tomcat is widely used…
A critical vulnerability has been discovered in the Samba Active Directory (AD) system. This vulnerability could allow attackers to escalate privileges within the system and potentially take control of the entire domain. The vulnerability, tracked as CVE-2023-3961, affects Samba versions…
Broadcom has issued a warning about two critical vulnerabilities identified in VMware vCenter Server. One of these vulnerabilities, enabling remote code execution (RCE), is tracked as CVE-2024-38812 and is currently being actively exploited in cyberattacks. Details of the Vulnerabilities Affected…
On November 13, 2024, the PostgreSQL Global Development Group released a critical security update for all supported versions of PostgreSQL. The update applies to PostgreSQL versions 17.1, 16.5, 15.9, 14.14, 13.17, and 12.21. It addresses four security vulnerabilities and fixes…
This vulnerability, identified as CVE-2024-45791, affects all versions of Apache HertzBeat released before version 1.6.1. The issue arises from the exposure of sensitive tokens through HTTP GET requests containing query strings. This flaw could allow attackers to gain unauthorized access…
A new security vulnerability has been identified in GitHub’s Command Line Interface (CLI) that could allow attackers to execute malicious commands on a user’s system via remote code execution (RCE). This vulnerability, identified as CVE-2024-32002, affects versions of GitHub CLI…
A newly discovered critical vulnerability in the Laravel framework, identified as CVE-2024-52301, has raised significant concerns among web developers. This vulnerability potentially allows attackers to gain unauthorized access to applications built on Laravel, threatening the security of data and system…