News – Page 20 – UZCERT Team

Computer Emergency
Response Team

News

A high-level vulnerability has been discovered in the WordPress LiteSpeed Cache plugin

Cybersecurity researchers have discovered another critical security flaw in the LiteSpeed Cache plugin for WordPress that could allow unauthenticated users to take control of arbitrary accounts.Tracked as CVE-2024-44000 (CVSS score: 7.5), the vulnerability affects versions of the LiteSpeed Cache plugin…

News

⚠️ Vulnerability Found in GiveWP WordPress Plugin Puts Over 100,000 Websites at Risk

💻 Vulnerability discovered in WordPress’ GiveWP fundraising plugin that exposes over 100,000 websites to remote code execution attacks.This vulnerability, tracked as CVE-2024-5932 () (CVSS score: 10.0), affects all versions of the GiveWP plugin prior to version 3.14.2.🧑‍💻 This information is…

News

CYBERKENT 2.0. Cyber Security Summit – Central Eurasia, CSS 2024

“Cyber Security Summit – Central Eurasia, CSS 2024” is scheduled to be held on October 9-10, 2024. Within the framework of the program, the republic competition “Cyberkent 2.0” will be held. In this regard, the “Cybersecurity Center” announces the selection…

News

A discovered vulnerability in Cisco Software Manager could allow hackers to change passwords

Cisco’s Smart Software Manager On-Prem (SSM On-Prem ( c78-734539.html)) has a critical vulnerability that allows unauthenticated, remote attackers to change user passwords, including those of administrative users.💻 This CVE-2024-20419 () high-level vulnerability allows attackers to exploit a system by sending…

News

An XSS vulnerability discovered in Zimbra could allow hackers to remotely execute malicious JavaScript code

A critical security flaw has been discovered in Zimbra Collaboration Suite (ZCS) that could allow hackers to execute malicious JavaScript code.This high-level vulnerability was found in the Zimbra webmail management interface, identified as CVE-2024-33533 ().The impact of this vulnerability is…

News

Vulnerabilities in Cisco VPN routers allow attackers to execute remote code

Cisco recently disclosed a significant flaw in the bootloader module of its RV340 and RV345 Dual WAN Gigabit VPN routers. This flaw could allow a remote, authenticated attacker to execute arbitrary code on an affected device.This high-level vulnerability identified as…

News

GitLab’ discovered a high-profile vulnerability that could allow remote code execution

GitLab () is a announced the release of Community Edition (CE) and Enterprise Edition (EE) versions 17.2.1, 17.1.3 and 17.0.5 to address several vulnerabilities. These updates contain important bug and security fixes.🔴 Identified CVE-2024-5067 () medium vulnerability;🔴 Identified CVE-2024-7057 ()…

News

The RADIUS protocol vulnerability affected several Cisco products

Remote Authentication Dial-in Service (RADIUS ()) protocol affecting multiple Cisco products A critical vulnerability has been disclosed.💻 This CVE-2024-3596 () vulnerability allows an attacker to spoof RADIUS responses, leading to unauthorized access to network resources. This vulnerability may affect many…