cpe:2.3:a:juniper:jweb:*:*:*:*:*:*:*:*.
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.
Learn about a RCE vulnerability, discovered by the Imperva Red Team, identified as CVE-2023-22524, in Atlassian Companion for macOS.
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.
Atlassian has released software fixes to address four critical flaws in its software that could lead to remote code execution.
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability
CVE-2023-45498/CVE-2023-45499 advisory
SolarWinds' access controls contain five high and three critical-severity security vulnerabilities that need to be patched yesterday.
Remote code execution requiring no authentication fixed. 2 other RCEs remain unpatched.
Akamai researchers discover a critical vulnerability in Kubernetes that can lead to remote code execution.
As part of our Continuous Automated Red Teaming and Attack Surface Management technology - the watchTowr Platform - we're incredibly proud of our ability to discover nested, exploitable vulnerabilities across huge attack surfaces.
Through our rapid PoC process, we enable our clients to understand if they are vulnerable to emerging
second part in a two-part series going over heap overflow in MiniDLNA (CVE-2023-33476). this post provides a walkthrough of steps taken to write an exploit for this vulnerability in order to achieve remote code execution and pop a shell.
When Lexfo Security teased a critical pre-authentication RCE bug in FortiGate devices on Saturday 10th, many people speculated on the practical impact of the bug. Would this be a true, sky-is-falling level vulnerability like the recent CVE-2022-42475? Or was it some edge-case hole, requiring some unusual and exotic requisite before any exposure? Others even went further, questioning the legitimacy of the bug itself. Details were scarce and guesswork was rife.
In this excerpt of a Trend Micro Vulnerability Research Service vulnerability report, Quinton Crist, Guy Lederfein, and Lucas Miller of the Trend Micro Research Team detail a recently patched remote code execution vulnerability in the Microsoft Network File Service (NFS). This bug was originally dis
Our team is tracking in-the-wild exploitation of zero-day vulnerabilities against PaperCut MF/NG which allow for unauthenticated remote code execution due to an authentication bypass.
This is a story about a security vulnerability in Google that allowed me to run arbitrary code on the computers of 50+ Google employees. Although Google initially considered my finding a serious security incident, later on, it changed its mind and stated that my finding is not, in fact, a vulnerability, but the intended behavior of their software.
Check Point Research recently discovered three vulnerabilities in the “Microsoft Message Queuing” service, commonly known as MSMQ. These vulnerabilities were disclosed to Microsoft and patched in the April Patch Tuesday update. The most severe of these, dubbed QueueJumper by CPR (CVE-2023-21554), is a critical vulnerability that could allow unauthorized attackers to remotely execute arbitrary code in the context of the Windows service process mqsvc.exe.