Look for any podcast host, guest or anyone
Showing episodes and shows of

VulnVibes

Shows

VulnVibesVulnVibes[VULN] - Xerox Versalink Printers Vulnerable to Pass-Back Attacks - CVE-2024-12510 & CVE-2024-12511Researchers at Rapid7 have identified vulnerabilities in Xerox Versalink C7025 multifunction printers that could enable attackers to steal user credentials. Tracked as CVE-2024-12510 and CVE-2024-12511, these flaws facilitate a "pass-back attack," in which the printer is deceived into returning authentication data to the attacker.2025-02-1905 minVulnVibesVulnVibes[VULN] - OpenSSH Client & Server Vulnerabilities Allow MiTM and DoS Attacks - CVE-2025-26465 & CVE-2025-26466The Qualys Threat Research Unit (TRU) has revealed two newly discovered vulnerabilities in OpenSSH, impacting both clients and servers. Designated as CVE-2025-26465 and CVE-2025-26466, these flaws could allow attackers to carry out machine-in-the-middle (MITM) attacks and denial-of-service (DoS) exploits.2025-02-1904 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.18Daily Summary of WordPress critical and high vulnerabilities2025-02-1906 minVulnVibesVulnVibes[VULN] - SQL Injection Vulnerability in PostgreSQL Allows Remote System Attacks - CVE-2025-1094Rapid7 researchers have identified a high-severity SQL injection vulnerability (CVE-2025-1094) in PostgreSQL’s interactive tool, psql. Discovered during an investigation into the exploitation of a separate BeyondTrust vulnerability, this flaw enables attackers to execute arbitrary code on impacted systems.2025-02-1705 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.17Daily Summary of WordPress critical and high vulnerabilities2025-02-1711 minVulnVibesVulnVibes[VULN] - Winzip RCE Vulnerability - CVE-2025-1240A critical vulnerability has been identified in WinZip, potentially enabling remote attackers to execute arbitrary code on affected systems. Designated as CVE-2025-1240, this flaw stems from how WinZip processes 7Z files and could be exploited if a user interacts with a malicious file or webpage.2025-02-1405 minVulnVibesVulnVibes[VULN] - Severe Vulnerabilities in PAM-PKCS#11 Put Linux Authentication at Risk - CVE-2025-24032Multiple critical security flaws have been discovered in the PAM-PKCS#11 login module, a widely used tool for X.509 certificate-based authentication on Linux systems. These vulnerabilities could enable attackers to bypass authentication, gain unauthorized system access, and potentially escalate privileges.2025-02-1204 minVulnVibesVulnVibes[VULN] - Remote Code Execution (RCE) Vulnerability Found in Wazuh Server - CVE-2025-24016Wazuh, a prominent open-source security solutions provider, has released a critical security advisory about a remote code execution (RCE) vulnerability impacting its platform. Designated as CVE-2025-24016 with a CVSS score of 9.9, this flaw could enable attackers to take full control of affected Wazuh servers.2025-02-1203 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.12Daily Summary of WordPress critical and high vulnerabilities2025-02-1204 minVulnVibesVulnVibes[VULN] - Critical Ivanti CSA Vulnerability Allows Attackers to Execute Arbitrary Code - CVE-2024-47908Ivanti has released a security advisory addressing critical vulnerabilities in its Cloud Services Application (CSA). Tracked as CVE-2024-47908 and CVE-2024-11771, these flaws could enable attackers to execute remote code and access sensitive data without authorization.2025-02-1204 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.11 - 2Daily Summary of WordPress critical and high vulnerabilities2025-02-1212 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.11 - 1Daily Summary of WordPress critical and high vulnerabilities2025-02-1111 minVulnVibesVulnVibes[VULN] - GitHub Enterprise SAML Bypass Vulnerability - CVE-2025-24200Security researcher Hakivvi has released a detailed analysis of CVE-2025-23369 (CVSSv4 7.6), a vulnerability that enables attackers to bypass SAML authentication in GitHub Enterprise.2025-02-1103 minVulnVibesVulnVibes[VULN] - Apple Releases Emergency Updates to Fix Actively Exploited Zero-Day Vulnerability - CVE-2025-24200Apple has released critical security updates for iOS and iPadOS to patch a zero-day vulnerability, CVE-2025-24200, which has been actively exploited in targeted attacks. This flaw enables attackers to bypass USB Restricted Mode on locked devices, potentially exposing sensitive data.2025-02-1104 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.10Daily Summary of WordPress critical and high vulnerabilities2025-02-1005 minVulnVibesVulnVibes[VULN] - Critical bugs in Zimbra Collaboration - CVE-2025-25064Two newly discovered security vulnerabilities have been identified in Zimbra Collaboration, a popular open-source email and collaboration platform. These flaws, tracked as CVE-2025-25064 and CVE-2025-25065, present a significant risk to businesses using Zimbra for email, calendaring, file sharing, and task management. If exploited, they could enable attackers to gain unauthorized access to sensitive data and internal network resources.2025-02-1004 minVulnVibesVulnVibes[VULN] - The Critical Outlook Vulnerability Putting Organizations at Risk - CVE-2024-21413A severe security flaw in Microsoft Outlook, identified as CVE-2024-21413, is currently being actively exploited, presenting a major risk to organizations globally. Rated 9.8 out of 10 on the CVSS scale, this vulnerability enables attackers to remotely execute arbitrary code when a user opens a malicious email.2025-02-0905 minVulnVibesVulnVibes[VULN] - Cisco ISE Critical vulnerabilities - CVE-2025-20124 & CVE-2025-20125Cisco has released a security advisory regarding two critical vulnerabilities in its Identity Services Engine (ISE), a widely used network security policy management platform. These vulnerabilities, identified as CVE-2025-20124 and CVE-2025-20125, could allow authenticated attackers to execute arbitrary commands with root privileges and bypass authorization controls, posing significant risks to affected systems.2025-02-0904 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.07Daily Summary of WordPress critical and high vulnerabilities2025-02-0805 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.06Daily Summary of WordPress critical and high vulnerabilities2025-02-0806 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.05Daily Summary of WordPress critical and high vulnerabilities2025-02-0803 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.04Daily Summary of WordPress critical and high vulnerabilities2025-02-0803 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.02.03Daily Summary of WordPress critical and high vulnerabilities2025-02-0803 minVulnVibesVulnVibes[VULN] - Laravel package Voyager RCE vulnerabilityThree security vulnerabilities found in the open-source PHP package Voyager, used for managing Laravel applications, could allow remote code execution attacks.2025-02-0107 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.30Daily Summary of WordPress critical and high vulnerabilities2025-02-0103 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.30Daily Summary of WordPress critical and high vulnerabilities2025-01-3110 minVulnVibesVulnVibes[HotTopic] - DeepSeek AI - Database ExposureWiz Research discovered a publicly accessible ClickHouse database owned by DeepSeek, granting full control over database operations and access to internal data. This exposure included over a million lines of log streams containing chat history, secret keys, backend details, and other highly sensitive information. The Wiz Research team promptly and responsibly reported the issue to DeepSeek, which swiftly secured the vulnerability.2025-01-3004 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.29Daily Summary of WordPress critical and high vulnerabilities2025-01-3003 minVulnVibesVulnVibes[VULN] - SQL Injection Flaw in VMware Avi Load Balancer - CVE-2025-22217Broadcom has issued an alert regarding a high-severity security vulnerability in VMware Avi Load Balancer, identified as CVE-2025-22217, with a CVSS score of 8.6. This unauthenticated blind SQL injection flaw allows malicious actors with network access to execute specially crafted SQL queries, potentially granting them unauthorized access to the database.2025-01-2904 minVulnVibesVulnVibes[VULN] - Cacti network monitoring RCE - CVE-2025-22604A severe security vulnerability has been revealed in the Cacti open-source network monitoring and fault management framework, potentially enabling an authenticated attacker to execute remote code on vulnerable instances.2025-01-2904 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.28Daily Summary of WordPress critical and high vulnerabilities2025-01-2904 minVulnVibesVulnVibes[VULN] - QNAP patched multiple vulnerabilitiesQNAP has fixed six rsync vulnerabilities that could let attackers gain remote code execution on unpatched Network Attached Storage (NAS) devices.2025-01-2905 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.27Daily Summary of WordPress critical and high vulnerabilities2025-01-2904 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.26Daily Summary of WordPress critical and high vulnerabilities2025-01-2704 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.25Daily Summary of WordPress critical and high vulnerabilities2025-01-2603 minVulnVibesVulnVibes[VULN] - Zero-day vulnerability exploited: SonicWall SMA series - CVE-2025-23006SonicWall has released an urgent security advisory regarding a critical vulnerability in its SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). Identified as CVE-2025-23006 with a CVSS score of 9.8, this pre-authentication remote command execution flaw poses a significant risk, enabling attackers to fully compromise vulnerable devices.2025-01-2506 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.24Daily Summary of WordPress critical and high vulnerabilities2025-01-2506 minVulnVibesVulnVibes[VULN] - Microsoft Configuration Manager Exploit - CVE-2024-43468Security researcher Mehdi Elyassa from Synacktiv published the technical details and a proof-of-concept (PoC) exploit code for a critical vulnerability in Microsoft Configuration Manager (MCM), tracked as CVE-2024-43468, with a CVSS score of 9.8. This flaw allows unauthenticated attackers to exploit SQL injection vulnerabilities, enabling the execution of arbitrary commands on servers and their underlying databases.2025-01-2406 minVulnVibesVulnVibes[VULN] - Kibana Exposing Sensitive Information - CVE-2024-43707Kibana, the popular open-source data visualization and exploration tool, has released a security update addressing two vulnerabilities, including one high severity flaw. The update, version 8.15.0, is available now and all users are strongly encouraged to upgrade their installations immediately.2025-01-2404 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.22Daily Summary of WordPress critical and high vulnerabilities2025-01-2404 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.21 Daily Summary of WordPress critical and high vulnerabilities 2025-01-2304 minVulnVibesVulnVibes[VULN] - Outlook Remote Code Execution - CVE-2025-21298Microsoft has addressed a critical vulnerability (CVE-2025-21298) in its latest 2025 Patch Tuesday update. This flaw, rated with a CVSS score of 9.8, allows attackers to achieve remote code execution (RCE) on Windows devices through a specially crafted email2025-01-2303 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.21Daily Summary of WordPress critical and high vulnerabilities2025-01-2208 minVulnVibesVulnVibes[VULN] - Oracle Patch-Batch - CVE-2025-21535Oracle Releases January 2025 Patch to Address 318 Flaws Across Major Products 2025-01-2215 minVulnVibesVulnVibes[VULN] - Critical Sentry Account Takeover - CVE-2025-22146A recently patched vulnerability Sentry could have allowed attackers to take over accounts 2025-01-2106 minVulnVibesVulnVibes[VULN] - Mongoose Search Injection Flaw - CVE-2025-2306Search injection attack has been discovered on the popular MongoDB object modeling tool.2025-01-2106 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.20 Daily Summary of WordPress critical and high vulnerabilities 2025-01-2005 minVulnVibesVulnVibes[Hot Topic] - TikTok has been banned in the USAShort update of latest information about TikTok ban in the USA2025-01-1911 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.17Daily Summary of WordPress critical and high vulnerabilities2025-01-1703 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.16Daily Summary of WordPress critical and high vulnerabilities2025-01-1704 minVulnVibesVulnVibes[VULN] - Multiple security flaws in SimpleHelp - CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726CVE-2024-57727&&CVE-2024-57728&&CVE-2024-57726 : Critical SimpleHelp Flaws Allow File Theft, Privilege Escalation, and RCE Attacks2025-01-1604 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.15Daily Summary of WordPress critical and high vulnerabilities2025-01-1604 minVulnVibesVulnVibes[VULN] - Active Exploitation of FortiOS and FortiProxy vulnerability - CVE-2024-55591A critical FortiOS and FortiProxy vulnerability is being exploited in the wild. This authentication bypass flaw allows remote attackers to gain super-admin privileges.2025-01-1505 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.14Daily Summary of WordPress critical and high vulnerabilities2025-01-1504 minVulnVibesVulnVibes[VULN] - SQL Injection Vulnerability in SAP NetWeaver AS - CVE-2025-0063A critical SQL injection vulnerability exists due to insufficient input validation in certain Remote Function Call (RFC) enabled function modules. 2025-01-1408 minVulnVibesVulnVibes[VULN] - Unauthenticated exploitation of JuniperOS - CVE-2025-21598Out-of-Bounds Read issue in the routing protocol daemon (RPD) of Junos OS and Junos OS Evolved 2025-01-1404 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.13 Daily Summary of WordPress critical and high vulnerabilities 2025-01-1406 minVulnVibesVulnVibes[VULN] - RCE in NETGEAR routers for ages - CVE-2024-12847 NETGEAR Router Flaw Exploited in the Wild for Years. MSF exploit has been released in 2013.2025-01-1303 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.10 Daily Summary of WordPress critical and high vulnerabilities 2025-01-1105 minVulnVibesVulnVibes[VULN] - Aviatrix Controller RCE - CVE-2024-50603Critical Command Injection Vulnerability in Aviatrix Controller 2025-01-1004 minVulnVibesVulnVibes[Hot Topic] - Slovakian Ransomware Attack Some information about the recent cyber attack against Slovakian real-estate system. 2025-01-1004 minVulnVibesVulnVibes[WordPress] - WP Safe - 2025.01.09Daily Summary of WordPress critical and high vulnerabilities2025-01-1003 minVulnVibesVulnVibes[VULN] - LDAP Nightmare - CVE-2024-49113PoC Exploit Released for Zero-Click Vulnerability in Windows. github.com/SafeBreach-Labs/CVE-2024-49113 2025-01-0910 minVulnVibesVulnVibes[VULN] - Sonicwall Zero-day - CVE 2024 53704 CVE-2024-53704 : Zero-day vulnerability in Sonicwall: An authentication bypass in SonicOS SSLVPN 2025-01-0907 minVulnVibesVulnVibes[VULN] - Ivanti ZeroDay - CVE-2025-0282 Ivanti Connect Secure zero-day exploited in the wild. 2025-01-0907 min