Shows
VulnVibes[VULN] - Xerox Versalink Printers Vulnerable to Pass-Back Attacks - CVE-2024-12510 & CVE-2024-12511Researchers at Rapid7 have identified vulnerabilities in Xerox Versalink C7025 multifunction printers that could enable attackers to steal user credentials. Tracked as CVE-2024-12510 and CVE-2024-12511, these flaws facilitate a "pass-back attack," in which the printer is deceived into returning authentication data to the attacker.
2025-02-1905 minVulnVibes[VULN] - OpenSSH Client & Server Vulnerabilities Allow MiTM and DoS Attacks - CVE-2025-26465 & CVE-2025-26466The Qualys Threat Research Unit (TRU) has revealed two newly discovered vulnerabilities in OpenSSH, impacting both clients and servers. Designated as CVE-2025-26465 and CVE-2025-26466, these flaws could allow attackers to carry out machine-in-the-middle (MITM) attacks and denial-of-service (DoS) exploits.
2025-02-1904 minVulnVibes[WordPress] - WP Safe - 2025.02.18Daily Summary of WordPress critical and high vulnerabilities
2025-02-1906 minVulnVibes[VULN] - SQL Injection Vulnerability in PostgreSQL Allows Remote System Attacks - CVE-2025-1094Rapid7 researchers have identified a high-severity SQL injection vulnerability (CVE-2025-1094) in PostgreSQL’s interactive tool, psql. Discovered during an investigation into the exploitation of a separate BeyondTrust vulnerability, this flaw enables attackers to execute arbitrary code on impacted systems.
2025-02-1705 minVulnVibes[WordPress] - WP Safe - 2025.02.17Daily Summary of WordPress critical and high vulnerabilities
2025-02-1711 minVulnVibes[VULN] - Winzip RCE Vulnerability - CVE-2025-1240A critical vulnerability has been identified in WinZip, potentially enabling remote attackers to execute arbitrary code on affected systems. Designated as CVE-2025-1240, this flaw stems from how WinZip processes 7Z files and could be exploited if a user interacts with a malicious file or webpage.
2025-02-1405 minVulnVibes[VULN] - Severe Vulnerabilities in PAM-PKCS#11 Put Linux Authentication at Risk - CVE-2025-24032Multiple critical security flaws have been discovered in the PAM-PKCS#11 login module, a widely used tool for X.509 certificate-based authentication on Linux systems. These vulnerabilities could enable attackers to bypass authentication, gain unauthorized system access, and potentially escalate privileges.
2025-02-1204 minVulnVibes[VULN] - Remote Code Execution (RCE) Vulnerability Found in Wazuh Server - CVE-2025-24016Wazuh, a prominent open-source security solutions provider, has released a critical security advisory about a remote code execution (RCE) vulnerability impacting its platform. Designated as CVE-2025-24016 with a CVSS score of 9.9, this flaw could enable attackers to take full control of affected Wazuh servers.
2025-02-1203 minVulnVibes[WordPress] - WP Safe - 2025.02.12Daily Summary of WordPress critical and high vulnerabilities
2025-02-1204 minVulnVibes[VULN] - Critical Ivanti CSA Vulnerability Allows Attackers to Execute Arbitrary Code - CVE-2024-47908Ivanti has released a security advisory addressing critical vulnerabilities in its Cloud Services Application (CSA). Tracked as CVE-2024-47908 and CVE-2024-11771, these flaws could enable attackers to execute remote code and access sensitive data without authorization.
2025-02-1204 minVulnVibes[WordPress] - WP Safe - 2025.02.11 - 2Daily Summary of WordPress critical and high vulnerabilities
2025-02-1212 minVulnVibes[WordPress] - WP Safe - 2025.02.11 - 1Daily Summary of WordPress critical and high vulnerabilities
2025-02-1111 minVulnVibes[VULN] - GitHub Enterprise SAML Bypass Vulnerability - CVE-2025-24200Security researcher Hakivvi has released a detailed analysis of CVE-2025-23369 (CVSSv4 7.6), a vulnerability that enables attackers to bypass SAML authentication in GitHub Enterprise.
2025-02-1103 minVulnVibes[VULN] - Apple Releases Emergency Updates to Fix Actively Exploited Zero-Day Vulnerability - CVE-2025-24200Apple has released critical security updates for iOS and iPadOS to patch a zero-day vulnerability, CVE-2025-24200, which has been actively exploited in targeted attacks. This flaw enables attackers to bypass USB Restricted Mode on locked devices, potentially exposing sensitive data.
2025-02-1104 minVulnVibes[WordPress] - WP Safe - 2025.02.10Daily Summary of WordPress critical and high vulnerabilities
2025-02-1005 minVulnVibes[VULN] - Critical bugs in Zimbra Collaboration - CVE-2025-25064Two newly discovered security vulnerabilities have been identified in Zimbra Collaboration, a popular open-source email and collaboration platform. These flaws, tracked as CVE-2025-25064 and CVE-2025-25065, present a significant risk to businesses using Zimbra for email, calendaring, file sharing, and task management. If exploited, they could enable attackers to gain unauthorized access to sensitive data and internal network resources.
2025-02-1004 minVulnVibes[VULN] - The Critical Outlook Vulnerability Putting Organizations at Risk - CVE-2024-21413A severe security flaw in Microsoft Outlook, identified as CVE-2024-21413, is currently being actively exploited, presenting a major risk to organizations globally. Rated 9.8 out of 10 on the CVSS scale, this vulnerability enables attackers to remotely execute arbitrary code when a user opens a malicious email.
2025-02-0905 minVulnVibes[VULN] - Cisco ISE Critical vulnerabilities - CVE-2025-20124 & CVE-2025-20125Cisco has released a security advisory regarding two critical vulnerabilities in its Identity Services Engine (ISE), a widely used network security policy management platform. These vulnerabilities, identified as CVE-2025-20124 and CVE-2025-20125, could allow authenticated attackers to execute arbitrary commands with root privileges and bypass authorization controls, posing significant risks to affected systems.
2025-02-0904 minVulnVibes[WordPress] - WP Safe - 2025.02.07Daily Summary of WordPress critical and high vulnerabilities
2025-02-0805 minVulnVibes[WordPress] - WP Safe - 2025.02.06Daily Summary of WordPress critical and high vulnerabilities
2025-02-0806 minVulnVibes[WordPress] - WP Safe - 2025.02.05Daily Summary of WordPress critical and high vulnerabilities
2025-02-0803 minVulnVibes[WordPress] - WP Safe - 2025.02.04Daily Summary of WordPress critical and high vulnerabilities
2025-02-0803 minVulnVibes[WordPress] - WP Safe - 2025.02.03Daily Summary of WordPress critical and high vulnerabilities
2025-02-0803 minVulnVibes[VULN] - Laravel package Voyager RCE vulnerabilityThree security vulnerabilities found in the open-source PHP package Voyager, used for managing Laravel applications, could allow remote code execution attacks.
2025-02-0107 minVulnVibes[WordPress] - WP Safe - 2025.01.30Daily Summary of WordPress critical and high vulnerabilities
2025-02-0103 minVulnVibes[WordPress] - WP Safe - 2025.01.30Daily Summary of WordPress critical and high vulnerabilities
2025-01-3110 minVulnVibes[HotTopic] - DeepSeek AI - Database ExposureWiz Research discovered a publicly accessible ClickHouse database owned by DeepSeek, granting full control over database operations and access to internal data. This exposure included over a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information. The Wiz Research team promptly and responsibly reported the issue to DeepSeek, which swiftly secured the vulnerability.
2025-01-3004 minVulnVibes[WordPress] - WP Safe - 2025.01.29Daily Summary of WordPress critical and high vulnerabilities
2025-01-3003 minVulnVibes[VULN] - SQL Injection Flaw in VMware Avi Load Balancer - CVE-2025-22217Broadcom has issued an alert regarding a high-severity security vulnerability in VMware Avi Load Balancer, identified as CVE-2025-22217, with a CVSS score of 8.6. This unauthenticated blind SQL injection flaw allows malicious actors with network access to execute specially crafted SQL queries, potentially granting them unauthorized access to the database.
2025-01-2904 minVulnVibes[VULN] - Cacti network monitoring RCE - CVE-2025-22604A severe security vulnerability has been revealed in the Cacti open-source network monitoring and fault management framework, potentially enabling an authenticated attacker to execute remote code on vulnerable instances.
2025-01-2904 minVulnVibes[WordPress] - WP Safe - 2025.01.28Daily Summary of WordPress critical and high vulnerabilities
2025-01-2904 minVulnVibes[VULN] - QNAP patched multiple vulnerabilitiesQNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices.
2025-01-2905 minVulnVibes[WordPress] - WP Safe - 2025.01.27Daily Summary of WordPress critical and high vulnerabilities
2025-01-2904 minVulnVibes[WordPress] - WP Safe - 2025.01.26Daily Summary of WordPress critical and high vulnerabilities
2025-01-2704 minVulnVibes[WordPress] - WP Safe - 2025.01.25Daily Summary of WordPress critical and high vulnerabilities
2025-01-2603 minVulnVibes[VULN] - Zero-day vulnerability exploited: SonicWall SMA series - CVE-2025-23006SonicWall has released an urgent security advisory regarding a critical vulnerability in its SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). Identified as CVE-2025-23006 with a CVSS score of 9.8, this pre-authentication remote command execution flaw poses a significant risk, enabling attackers to fully compromise vulnerable devices.
2025-01-2506 minVulnVibes[WordPress] - WP Safe - 2025.01.24Daily Summary of WordPress critical and high vulnerabilities
2025-01-2506 minVulnVibes[VULN] - Microsoft Configuration Manager Exploit - CVE-2024-43468Security researcher Mehdi Elyassa from Synacktiv published the technical details and a proof-of-concept (PoC) exploit code for a critical vulnerability in Microsoft Configuration Manager (MCM), tracked as CVE-2024-43468, with a CVSS score of 9.8. This flaw allows unauthenticated attackers to exploit SQL injection vulnerabilities, enabling the execution of arbitrary commands on servers and their underlying databases.
2025-01-2406 minVulnVibes[VULN] - Kibana Exposing Sensitive Information - CVE-2024-43707Kibana, the popular open-source data visualization and exploration tool, has released a security update addressing two vulnerabilities, including one high severity flaw. The update, version 8.15.0, is available now and all users are strongly encouraged to upgrade their installations immediately.
2025-01-2404 minVulnVibes[WordPress] - WP Safe - 2025.01.22Daily Summary of WordPress critical and high vulnerabilities
2025-01-2404 minVulnVibes[WordPress] - WP Safe - 2025.01.21
Daily Summary of WordPress critical and high vulnerabilities
2025-01-2304 minVulnVibes[VULN] - Outlook Remote Code Execution - CVE-2025-21298Microsoft has addressed a critical vulnerability (CVE-2025-21298) in its latest 2025 Patch Tuesday update. This flaw, rated with a CVSS score of 9.8, allows attackers to achieve remote code execution (RCE) on Windows devices through a specially crafted email
2025-01-2303 minVulnVibes[WordPress] - WP Safe - 2025.01.21Daily Summary of WordPress critical and high vulnerabilities
2025-01-2208 minVulnVibes[VULN] - Oracle Patch-Batch - CVE-2025-21535Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products
2025-01-2215 minVulnVibes[VULN] - Critical Sentry Account Takeover - CVE-2025-22146A recently patched vulnerability Sentry could have allowed attackers to take over accounts
2025-01-2106 minVulnVibes[VULN] - Mongoose Search Injection Flaw - CVE-2025-2306Search injection attack has been discovered on the popular MongoDB object modeling tool.
2025-01-2106 minVulnVibes[WordPress] - WP Safe - 2025.01.20
Daily Summary of WordPress critical and high vulnerabilities
2025-01-2005 minVulnVibes[Hot Topic] - TikTok has been banned in the USAShort update of latest information about TikTok ban in the USA
2025-01-1911 minVulnVibes[WordPress] - WP Safe - 2025.01.17Daily Summary of WordPress critical and high vulnerabilities
2025-01-1703 minVulnVibes[WordPress] - WP Safe - 2025.01.16Daily Summary of WordPress critical and high vulnerabilities
2025-01-1704 minVulnVibes[VULN] - Multiple security flaws in SimpleHelp - CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726 : Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks
2025-01-1604 minVulnVibes[WordPress] - WP Safe - 2025.01.15Daily Summary of WordPress critical and high vulnerabilities
2025-01-1604 minVulnVibes[VULN] - Active Exploitation of FortiOS and FortiProxy vulnerability - CVE-2024-55591A critical FortiOS and FortiProxy vulnerability is being exploited in the wild.
This authentication bypass flaw allows remote attackers to gain super-admin privileges.
2025-01-1505 minVulnVibes[WordPress] - WP Safe - 2025.01.14Daily Summary of WordPress critical and high vulnerabilities
2025-01-1504 minVulnVibes[VULN] - SQL Injection Vulnerability in SAP NetWeaver AS - CVE-2025-0063A critical SQL injection vulnerability exists due to insufficient input validation in certain Remote Function Call (RFC) enabled function modules.
2025-01-1408 minVulnVibes[VULN] - Unauthenticated exploitation of JuniperOS - CVE-2025-21598Out-of-Bounds Read issue in the routing protocol daemon (RPD) of Junos OS and Junos OS Evolved
2025-01-1404 minVulnVibes[WordPress] - WP Safe - 2025.01.13
Daily Summary of WordPress critical and high vulnerabilities
2025-01-1406 minVulnVibes[VULN] - RCE in NETGEAR routers for ages - CVE-2024-12847
NETGEAR Router Flaw Exploited in the Wild for Years. MSF exploit has been released in 2013.
2025-01-1303 minVulnVibes[WordPress] - WP Safe - 2025.01.10
Daily Summary of WordPress critical and high vulnerabilities
2025-01-1105 minVulnVibes[VULN] - Aviatrix Controller RCE - CVE-2024-50603Critical Command Injection Vulnerability in Aviatrix Controller
2025-01-1004 minVulnVibes[Hot Topic] - Slovakian Ransomware Attack
Some information about the recent cyber attack against Slovakian real-estate system.
2025-01-1004 minVulnVibes[WordPress] - WP Safe - 2025.01.09Daily Summary of WordPress critical and high vulnerabilities
2025-01-1003 minVulnVibes[VULN] - LDAP Nightmare - CVE-2024-49113PoC Exploit Released for Zero-Click Vulnerability in Windows.
github.com/SafeBreach-Labs/CVE-2024-49113
2025-01-0910 minVulnVibes[VULN] - Sonicwall Zero-day - CVE 2024 53704
CVE-2024-53704 : Zero-day vulnerability in Sonicwall: An authentication bypass in SonicOS SSLVPN
2025-01-0907 minVulnVibes[VULN] - Ivanti ZeroDay - CVE-2025-0282
Ivanti Connect Secure zero-day exploited in the wild.
2025-01-0907 min