Archive

20/02/2025

CVE-2025-0108 PAN-OS: Authentication Bypass in the Management Web Interface

An authentication bypass in the Palo Alto Networks PAN-OS software by the PAN-OS management web interface and invoke certain PHP scripts.

15/01/2025

Fortinet Warns of Auth Bypass Zero-day Exploited to Hijack Firewalls

Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

11/12/2024

Windows LDAP Remote Code Execution Vulnerability

CVE-2024-49112 is a Critical RCE vulnerability affecting the Windows LDAP Client with a CVSS score of 9.8.

06/12/2024

SQL injection in Zabbix user.get API

A non-admin user account on the Zabbix frontend with the default User role, or with any other role that gives API access can exploit this vulnerability.

18/11/2024

PAN-OS: Authentication Bypass in the Management Web Interface

Missing authentication for critical function in the FortiManager fgfmd daemon [CWE-306] vulnerability could allow a remote unauthenticated attacker to execute arbitrary code or commands through specially crafted requests.

17/09/2024

SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks

SolarWinds has released fixes to address two security flaws in its Access Rights Manager (ARM) software, including a critical vulnerability that could result in remote code execution.

01/07/2024

Remote Unauthenticated Code Execution Vulnerability in OpenSSH server

Race condition in sshd(8) A critical vulnerability in sshd(8) was present in Portable OpenSSH versions between 8.5p1 and 9.7p1 (inclusive) that may allow arbitrary code execution with root privileges.

10/05/2024

Google Zero Day Vulnerability Created

Google on Thursday released security updates to address a zero-day flaw in Chrome that it said has been actively exploited in the wild.

08/05/2024

Veeam RCE Vulnerability Exposes Data Protection Services to Risk Created

Veeam, a leading provider of backup and data protection solutions, has released a security advisory concerning a critical remote code execution (RCE) vulnerability in its Service Provider Console.

25/04/2024

Multiple MySQL2 Flaw Let Attackers Arbitrary Code Remotely Created

The node-mysql2 library, a popular JavaScript tool used for database connections with over 2 million installations weekly, has been identified with three critical security flaws:

24/04/2024

Google Patches Critical Chrome Vulnerability Created

Google recently announced a Chrome update to version 124, addressing four security vulnerabilities, with the most severe being a critical type confusion bug in the ANGLE graphics layer engine, designated as CVE-2024-4058.

17/04/2024

PuTTY SSH Client Found Vulnerable to Key Recovery Attack Created

PuTTY, a widely-used SSH client, has been found vulnerable to a critical flaw that could lead to the recovery of NIST P-521 private keys.

07/04/2024

Linux Systems Under Threat: Mitigating CVE-2024-1086 Created

A critical security vulnerability, CVE-2024-1086, has emerged, targeting Linux kernels from version 5.14 to 6.6, affecting distributions such as Debian, Ubuntu, and KernelCTF.

01/04/2024

Addressing the CVE-2024-3094 Vulnerability in XZ Utils Across Linux Distributions Created

A critical security vulnerability, designated as CVE-2024-3094, has been identified in the XZ Utils compression tools widely utilized across various Linux distributions in recent days.

07/03/2024

VMware Releases Critical Security Patches for ESXi, Workstation, and Fusion Vulnerabilities Created

VMware has issued critical security patches to address four vulnerabilities affecting its ESXi, Workstation, and Fusion products.

07/03/2024

Apple Releases Urgent Updates to Address Actively Exploited Zero-Day Vulnerabilities Created

Apple has swiftly responded to critical security concerns by releasing urgent updates to rectify two actively exploited zero-day vulnerabilities.

22/02/2024

VMware Security Vulnerabilities

VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.

15/02/2024

Adobe Security Vulnerabilities

Adobe Framemaker versions 2022.1 and earlier are affected by an Improper Authentication vulnerability that could result in a Security feature bypass.

14/02/2024

Microsoft Outlook Vulnerability

It is a Remote Code Execution (RCE) vulnerability in Microsoft Outlook, which is expected to occur in Outlook 2016 until 2021 (see CVE-2024-21413).

03/02/2024

AnyDesk Security Breach

AnyDesk, a popular remote access solution, recently confirmed that it experienced a cyberattack on its production systems, resulting in unauthorized access.

31/01/2024

Microsoft Edge Vulnerability

A significant vulnerability in Microsoft Edge (Chromium-based) has been identified, designated as CVE-2024-21326.

22/01/2024

Ivanty Vulnerability

A command injection vulnerability in web components of Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) allows an authenticated administrator to send specially crafted requests and execute arbitrary commands on the appliance.

16/01/2024

Critical RCE Flaw in Confluence Data Center and Server Created

A critical security vulnerability has been identified in Confluence Data Center and Confluence Server, known as CVE-2023-22527.

13/10/2023

Samba Security Update

A path traversal vulnerability was identified in Samba when processing client pipe names connecting to Unix domain sockets within a private directory.

31/10/2023

Improper Authorization Vulnerability In Confluence Data Center and Server

As part of Atlassian's ongoing monitoring of this CVE, we observed publicly posted critical information about the vulnerability which increases risk of exploitation.

10/10/2023

Windows IIS Server Elevation of Privilege Vulnerability

CVE-2023-36434 is an EoP vulnerability in Windows IIS server that was assigned a CVSSv3 score of 9.8 and rated as important.

10/10/2023

Microsoft Message Queuing Remote Code Execution Vulnerability

CVE-2023-35349 is Critical remote code execution (RCE) vulnerabilities affecting Microsoft Message Queuing (MSMQ), and a CVSS score of 9.8.

09/10/2023

Firefox Vulnerability

Memory safety bugs present in Firefox 117, Firefox ESR 115.2, and Thunderbird 115.2.

03/10/2023

Apple Remote Code Execution Vulnerability

This issue was addressed with improved checks.

18/09/2023

Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability

On September 18, 2023, the Microsoft Edge Elevation of Privilege Vulnerability vulnerability was released.

08/07/2023

Firefox Arbitrary Code Execution Vulnerability

According to the vulnerability report that has been released on 08th of April; presence of memory safety bugs in Firefox 115 is causing memory corruption.

25/07/2023

Apache Shiro Path Traversal Vulnerability

According to the vulnerability report that has been released on 25th of July; A critical vulnerability has been identified in Apache Shiro which can result in an authentication bypass, potentially putting sensitive data at risk.

22/07/2023

Open SSH Remote Code Execution Vulnerability

According to the vulnerability report that has been released on 22nd of July; a now-patched flaw in OpenSSH that could be potentially exploited in order to run arbitrary commands remotely on compromised hosts under specific conditions.

20/07/2023

Adobe Deserialization of Untrusted Data Vulnerability

According to the vulnerability report released on 20th of July; Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability which could result in Arbitrary code execution.

11/07/2023

Microsoft General Update Vulnerabilities

On 11th of July, Microsoft has released a report for the following vulnerabilities.

10/07/2023

Linux UniFi Malicious Commands Vulnerability

According to the vulnerability report that has been released on 10th of July; a backup file vulnerability was found in UniFi version applications (Version 7.3.83 and earlier) running on Linux operating systems allows application administrators to execute malicious commands on the host device being restored.

10/07/2023

RXVT Unicode Package Remote Code Execution Vulnerability

According to the vulnerability report released on 10th of July; the rxvt-unicode package is vulnerable to a remote code execution, in the Perl background extension, when an attacker can control the data written to the user's terminal and certain options are set.

07/07/2023

Cisco Traffic Encryption Break Vulnerability

On the July 07 dated vulnerability report released by Cisco, customers warned of a high-severity vulnerability impacting some data center switch models and allowing attackers to tamper with encrypted traffic.

03/07/2023

GitHub SSRF Vulnerability

03 Temmuz 2023 tarihinde GitHub repository plantuml/plantuml 1.2023.9. öncesi sürümleri için bir Sunucu isteği sahteciliği zafiyet duyurusu yayınlandı.

02/07/2023

Google Chrome Mojo Heap Corruption Vulnerability

According to the vulnerability report released on 02n of July; out of bounds memory access in Mojo in Google Chrome prior to 114.0.5735.90 allows a remote attacker to potentially exploit heap corruption via a crafted HTML page.

29/06/2023

Windows Livebook Arbitrary Code Execution Vulnerability

Livebook is a web application for writing interactive and collaborative code notebooks.

28/06/2023

Linux Memory Corruption Vulnerability

A memory corruption vulnerability exists in the libpthread linuxthreads functionality of uClibC 0.9.33.2 and uClibC-ng 1.0.40. according to the vulnerability report that has been released on 28th of June.

28/06/2023

Apache Accumulo Improper Authentication Vulnerability

Improper Authentication vulnerability in Apache Software Foundation Apache Accumulo has been released.

28/06/2023

Vmware Use-After-Free Vulnerability

It has been released that there is a use-after-free vulnerability in VMware vCenter Server in the implementation of the DCERPC protocol.

27/06/2023

Windows Thunderbird - Firefox Vulnerability

According to the vulnerability report which has been released on 27th of June; a newline in a filename could have been used to bypass the file extension security mechanisms that replace malicious file extensions such as .lnk with .download.

27/06/2023

Microsoft Azure Code Injection Vulnerability

Azure CLI is the command-line interface for Microsoft Azure.

27/06/2023

Windows Environment Variables Vulnerability

According to the vulnerability that has been released on 27th of June; attackers may maliciosly set environment variables on Windows due to unsanitized NUL values.

21/06/2023

HP Device Manager Command Injection Vulnerability

According to the vulnerability that has been released on June 20, HP Device Manager (prior to HPDM 5.0.10) could potentially allow to a command injection and/or elevation of privileges

21/06/2023

Google Chrome Autofill Payments Use After Free Vulnerability

Use after free in Autofill payments in Google Chrome prior to 114.0.5735.133 allows a remote attacker to exploit heap corruption via a crafted HTML page. Chromium security severity is classified as critical for this vulnerability

21/06/2023

GitHub Code Injection Vulnerability

On June 21, a Code Injection vulnerability for GitHub repository nuxt/nuxt prior to 3.5.3. has been released.

15/06/2023

Adobe Commerce Neutralization of Special ElementsVulnerability

On June 15, Adobe released that Adobe Commerce versions 2.4.6 (and earlier), 2.4.5-p2 (and earlier) and 2.4.4-p3 (and earlier) are affected by a Improper Neutralization of Special Elements Used in a Template Engine vulnerability which may lead to arbitrary code execution by an admin-privilege authenticated attacker.

15/06/2023

Adobe Animate Arbitrary Code ExecutionVulnerability

On June 15, 2023 Adobe released a use-after-free vulnerability for the Animate versions 22.0.9 (and earlier) and 23.0.1 (and earlier).

15/06/2023

GitHub Repository Froxlor Improper Restriction of Excessive Authentication Attempts Vulnerability

On June 15, 2023 an Improper Restriction of Excessive Authentication Attempt vulnerability for GitHub repository froxlor/froxlor prior to 2.0.20. has been released.

15/06/2023

GitHub Repository Pyload Code Injection Vulnerability

On June 15, 2023 Code Injection in GitHub repository pyload/pyload prior to 0.5.0b3.dev31 vulnerability has been released.

14/06/2023

Windows Exchange Server Remote Code Execution Vulnerability

On June 14, 2023 Microsoft released an Exchange Server Remote Code Execution Vulnerability.

13/06/2023

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

On June 13, 2023 Microsoft released Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability.

13/06/2023

Windows Remote Desktop Client Remote Code Execution Vulnerability

On June 13, 2023 Microsoft released a Windows Remote Desktop Client Remote Code Execution Vulnerability

13/06/2023

Windows Group Policy Elevation of Privilege Vulnerability

On June 13, 2023 Microsoft released Windows Group Policy Elevation of Privilege Vulnerability

13/06/2023

Windows SharePoint Server Elevation of Privilege Vulnerability

On June 13, 2023 Microsoft released Windows Microsoft SharePoint Server Elevation of Privilege Vulnerability.

13/06/2023

Vmware Privileged Guest Operations Vulnerability

A fully compromised ESXI Host may force VMware Tools to fail to authenticate host-to-guest operations, negatively impacting the confidentiality and integrity of the guest virtual machine.

07/06/2023

Vmware Aria Operations Command Injection Vulnerability

Multiple Aria Operations Vulnerabilities were reported to Vmware on June 07.

31/05/2023

Windows Point-to-Point Protocol Remote Code Execution Vulnerability

On May 31, 2023 Microsoft released Point-to-Point Protocol (PPP) Remote Code Execution Vulnerability

15/05/2023

SAP GUI NTLM Authentication Vulnerability

On May 15, 2023 a vulnerability regarding SAP GUI for Windows - version 7.70, 8.0 has been released.

15/05/2023

Apple Arbitrary Remote Code Execution Vulnerability

On May 15, 2023 An Apple arbitrary code execution Vulnerability has been released.

15/05/2023

Icloud Gatekeeper Vulnerability

On May 11, 2023 An Icloud Gatekeeper Vulnerability has been released.

09/05/2023

Windows Network File System Remote Code Execution Vulnerability

On May 09, 2023 Microsoft released Windows Network File System Remote Code Execution Vulnerability. (CVE-2023-24941)

09/05/2023

Windows Pragmatic General Multicast Remote Code Execution Vulnerability

On May 09, 2023 Microsoft released Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

01/05/2023

VMware Aria Operations Deserialization Vulnerability

On May 01, 2023, a Vmware deserialization vulnerability has been released.

26/04/2023

Google Chrome Skia Integer Overflow Vulnerability

In Google Chrome prior to 112.0.5615.137, integer overflow in Skia allows a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

12/04/2023

Microsoft Message Queuing Remote Code Execution Vulnerability

On April 12, 2023 Microsoft Message Queuing Remote Code Execution Vulnerability has been released. (CVE-2023-21554)

12/04/2023

Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability

On April 12, 2023 Microsoft has released Windows Pragmatic General Multicast (PGM) Remote Code Execution Vulnerability (CVE-2023-28250)

30/03/2023

Linux Kernel 5.15 Vulnerability

On March 30, 2023, A critical vulnerability was discovered in ksmbd in the Linux kernel 5.15 through 5.19 before 5.19.2.

23/03/2023

Remote Code Execution Vulnerability In Windows HTTP Protocol Stack

On March 23, 2023, Microsoft released Internet Control Message Protocol (ICMP) Remote Code Execution Vulnerability ( CVE-2023-23415 )

14/03/2023

Microsoft Outlook Elevation of Privilege Vulnerability

On 14.03.2023, Microsoft announced the “Elevation of Privilege in Microsoft Outlook” vulnerability.

14/03/2023

Remote Code Execution Vulnerability In Windows HTTP Protocol Stack

On March 14, 2023, Microsoft released a security fix for a vulnerability ( CVE-2023-23392 ) in the HTTP/3 protocol stack of Microsoft Windows Server 2022 and Windows 11 systems [1].

14/12/2022

FortiOS Security Vulnerability

Fortinet has released a critical * level security vulnerability for FortiOS with a CVSS V3.1 Score of 9.3.

13/10/2022

Microsoft Windows PPTP Remode Code Execution Vulnerability

Microsoft has announced a remote code execution vulnerability that affects Windows Point-to-Point Tunneling Protocol.

13/10/2022

Microsoft WDAC OLE DB Provider Remote Code Execution Vulnerability

Microsoft has announced a new vulnerability on WDAC OLE DB Provider.

13/10/2022

Microsoft ODBC Driver Remote Code Execution Vulnerability

Microsoft has announced a new remote code execution vulnerability that affects ODBC driver.

13/10/2022

Microsoft Office Remote Code Execution Vulnerability

Microsoft announced a new remote code execution vulnerability that affects Office.

13/10/2022

Microsoft Sharepoint Server Remote Code Execution Vulnerability

Microsoft has announced a new remote code execution vulnerability that affects SharePoint server.

13/10/2022

Microsoft Windows GDI+ Remote Code Execution Vulnerability

Microsoft announced a new remote code execution vulnerability that affects GDI+ component of Windows operating system. Successfull exploitation can lead to remote code execution.

30/09/2022

Exchange Server Zero-Day Security Vulnerability

It was investigated by GTSC about a high* security vulnerability with a CVSS score of 8 and 6.3, and it was communicated to Microsoft about ZDI-CAN-18333 and ZDI-CAN-18802 and approved.

28/09/2022

Aruba Various Products Remote Code Execution Vulnerabilities

Aruba has published 2 new Remote Code Execution vulnerabilities that affect several switch products.

23/09/2022

Windows TCP/IP Vulnerabilities

A vulnerability related to Windows Remote Code Execution has just published.

10/08/2022

Microsoft Remote Code Execution Vulnerabilities

Microsoft has published 5 new Remote Code Execution vulnerabilities that affect Windows operating systems, Office products, and Edge browser.

19/07/2022

Windows Print Spooler Vulnerability

A high* level vulnerability related to Windows Print Spooler has just published.

19/07/2022

Windows CSRSS Vulnerability

A high* level vulnerability related to Windows CSRSS has just published.

07/07/2022

Apache Web Server Vulnerability

A critical* vulnerability related to Apache Web Server has just published.

29/06/2022

Apache Buffer Vulnerability

A critical* vulnerability related to Apache HTTP Server has just published.

19/06/2022

Apache Missing X-Forwarded Headers Vulnerability

A vulnerability related to Apache HTTP Server has just published.

19/06/2022

Microsoft Windows File Server Shadow Copy Agent Service (RVSS) Vulnerability

A vulnerability related to Microsoft File Server Shadow Copy Agent Service (RVSS) has just published.

16/06/2022

Microsoft Windows Network File System Remote Code Execution Vulnerability

A critical* Remote Code Execution Vulnerability related to Windows Network File System (NFS) issued by Microsoft.

09/06/2022

VMware Vulnerability

A high* level vulnerability related to VMware Tools for Windows have been released by VMware.

30/05/2022

Microsoft Support Diagnostic Tool Remote Code Execution Vulnerability

A high* level remote code execution vulnerability has been announced by Microsoft.

27/05/2022

Mozilla Firefox, Firefox for Android, Firefox ESR, Thunderbird Remote Code Execution Vulnerabilities

Two critical vulnerabilities affecting Mozilla products Firefox, Firefox for Android, Firefox ESR and Thunderbird have been published by Mozilla Foundation.

19/05/2022

VMware Vulnerabilities

Two vulnerabilities related to various products (with different criticalities) have been released by VMware.

11/05/2022

Microsoft Windows Network File System Remote Code Execution Vulnerability

A critical* Windows Network File System (NFS) Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released by Microsoft.

11/05/2022

Microsoft Windows LDAP Remote Code Execution Vulnerabilities

Two critical* and eight high* Windows LDAP Remote Code Execution Vulnerabilities with CVSS 3.1 scores between 8.8 and 9.8 were released by Microsoft.

20/04/2022

Oracle Vulnerabilities

Oracle released 520 patches for vulnerabilities with different criticalities in its April 2022 patch notification.

16/04/2022

Microsoft Windows Network File System Remote Code Execution Vulnerability

A critical* Windows Network File System (NFS) Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released by Microsoft.

13/04/2022

VMware Vulnerabilities

Eight vulnerabilities related to various products (with different criticalities) have been released by VMware. If exploited, these vulnerabilities are likely to cause remote code execution, authentication bypass, etc.

13/04/2022

Google Chrome Vulnerability

Google released a critical* Chrome vulnerability with a CVSS 3.1 score of 9.6. Use after free in Safe Browsing in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page.

13/04/2022

Microsoft Patch Tuesday Vulnerabilites

Microsoft released patches for more than 100 vulnerabilities on 12 April 2022. Nine of those vulnerabilities have been assessed as “critical” (CVE-2022-22008, CVE-2022-23257, CVE-2022-23259, CVE-2022-24500, CVE-2022-24491, CVE-2022-24357, CVE-2022-24541, CVE-2022-26809, CVE-2022-26919) by Microsoft (these are all remote code execution vulnerabilities).

01/04/2022

Spring Cloud Function and Spring Framework Remote Code Execution Vulnerabilities

Within the framework of CVE-2022-22963; in Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.

21/03/2022

Apache HTTP Server Vulnerabilities

3 new critical* vulnerabilities with CVSS 3.1 score of 9.8 have been published.

18/03/2022

ISC Berkeley Internet Name Domain Denial of Service Vulnerabilities

Four new vulnerabilities affecting the BIND DNS software have been released, two of them being high severity.

10/03/2022

Microsoft Exchange Server Remote Code Execution Vulnerability

One high* level Microsoft Exchange Server Remote Code Execution Vulnerability with a CVSS 3.1 score of 8.8 was released.

07/03/2022

Mozilla Firefox, Focus and Thunderbird Vulnerabilities

2 critical* vulnerabilities affecting Firefox, Focus and Thunderbird products have been released by Mozilla.

03/03/2022

Google Chrome Vulnerabilities

28 security fixes have been released by Google with respect to vulnerabilities affecting Chrome.

18/02/2022

Apache APISIX Vulnerability

A critical* Apache APISIX vulnerability with a CVSS V3.1 Score of 9.8 has been released.

18/02/2022

Apache Log4j JDBCAppender Vulnerability

A critical* Log4j JDBCAppender vulnerability with a CVSS V3.1 Score of 9.8 has been released.

18/02/2022

Apache Cassandra Vulnerability

A critical* Apache Cassandra vulnerability with a CVSS V3.1 Score of 9.1 has been released.

02/02/2022

Samba Remote Code Execution Vulnerability

Samba disclosed a critical* remote code execution vulnerability affecting all versions of Samba prior to 4.13.17.

15/01/2022

Microsoft Exchange Server Remote Code Execution Vulnerabilites-21846

One critical* Microsoft Exchange Server Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.0 was released.

12/01/2022

Microsoft Exchange Server Remote Code Execution Vulnerabilites-21855

Two critical Microsoft Exchange Server Remote Code Execution Vulnerabilities with a CVSS 3.1 score of 9.0 were released.

24/12/2021

Microsoft Office App Remote Code Execution Vulnerability

A critical* Microsoft Office App Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.6 was released.

23/12/2021

Windows Encrypting File System (EFS) Remote Code Execution Vulnerability

A critical* Windows Encrypting File System (EFS) Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released.

10/12/2021

Log4j Zero Day Vulnerability

A new zero-day vulnerability has been discovered for the java logging library log4j, which is widely used in many applications.

04/11/2021

Microsoft Chromium-Based Vulnerabilities

Two zero-day vulnerabilities affecting Chromium-based products have been released by Microsoft (No CVSS scores have been assigned by NIST and Microsoft yet).

21/10/2021

Microsoft Windows Hyper-V Remote Code Execution Vulnerability-40461

A critical* Microsoft Windows Hyper-V Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.0 was released.

21/10/2021

Microsoft Windows Hyper-V Remote Code Execution Vulnerability-38672

A critical* Microsoft Windows Hyper-V Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.0 was released.

13/10/2021

Microsoft Exchange Server Remote Code Execution Vulnerability-26427

A critical* Microsoft Exchange Server Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.0 was released.

11/10/2021

Information on Apache CVE-2021-41773 and CVE-2021-42013 Vulnerabilities

On 4 October 2021, the Apache Software Foundation disclosed a vulnerability in Apache HTTP Server 2.4.49 version known as CVE-2021-41773.

27/09/2021

Microsoft Windows WLAN AutoConfig Service Remote Code Execution Vulnerability

A critical* Microsoft WLAN (Wireless Local Area Network) AutoConfig Service Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released.

25/08/2021

Microsoft Windows Network File System Remote Code Execution Vulnerability

A Windows Services for Network File System (NFS) ONCRPC XDR Driver Remote Code Execution with a CVSS 3.1 score of 9.8 was released by Microsoft.

24/08/2021

Microsoft Windows Print Spooler Remote Code Execution Vulnerability

A critical* Windows Print Spooler Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released by Microsoft.

22/08/2021

Microsoft Windows TCP/IP Remote Code Execution Vulnerability

A Windows TCP/IP Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released by Microsoft.

21/07/2021

SolarWinds Serv-U Remote Code Execution Vulnerability (Zero-Day Exploit)

Microsoft stated that it discovered a remote code execution (RCE) vulnerability (with a CVSS 3.1 score of 10.0) in the SolarWinds Serv-U product utilizing a Remote Memory Escape Vulnerability.

21/07/2021

Microsoft Exchange Server Remote Code Execution Vulnerability-34473

A critical Microsoft Exchange Server Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released.

21/07/2021

Microsoft Exchange Server Remote Code Execution Vulnerability-31206

A critical Microsoft Exchange Server Remote Code Execution Vulnerability with a CVSS 3.1 score of 9.8 was released.

26/05/2021

VMware VCenter Remote Code Execution Vulnerability

Two critical* VMware VCenter Remote Code Execution Vulnerabilities with a CVSS 3.1 score of 9.8 were released by VMware.

14/04/2021

Microsoft Exchange Server Remote Code Execution Vulnerabilities

Three critical *and one high* level Microsoft Exchange Server Remote Code Execution Vulnerabilities with a CVSS 3.1 score of 9.8, 9.8, 9.0 and 8.8 were released.

03/03/2021

March 2021 Microsoft Exchange 0-Day Reports

Microsoft has published multiple zero-day vulnerabilities used to attack on-premises versions of Microsoft Exchange Server that can be used in targeted attacks.

03/03/2021

Spectre Vulnerability Exploitation

A security researcher discovered several employee Spectre exploits that were loaded into the VirusTotal database last month.

19/02/2021

Masslogger Phishing Campaign

Since the mid-January 2021, It is detected that a new version of a Masslogger Trojen horse, targeted Windows system, have been aimed the users in Turkey, Italy and Latvia.

20/01/2021

SolarWinds: Raindrop Malware

Symantec company announced on January 19, 2021, that a new malicious software was detected in connection with the Solarwinds attack.

28/12/2020

SolarWinds Orion API Authentication Bypass Vulnerability

According to a document published by the CERT Coordination Center, the SolarWinds Orion API, which is used to interface with all other Orion system monitoring and management systems, allows attackers to run commands without authentication.

22/12/2020

SolarWinds Sunburst Attack Campaign

In the leak report announced by FireEye in December 2020, it was reported that the leak was carried out through a module containing a backdoor on the platform called SolarWinds Orion.

07/07/2020

StrongPity Watering Hole

Strongpity isimli grup Türkiye ve Suriye’yi hedef alarak watering hole tekniğiyle zararlı yazılım bulaştırarak bilgisayarda bulunan verileri komuta kontrol sunucusuna göndermeye çalışmaktadır.

11/03/2020

Microsoft SMBv3 Compression Vulnerability

It was announced by Microsoft on March 10, 2020 that the SMBv3 protocol contains vulnerability with the code CVE-2020-0796.

11/03/2020

Critical Microsoft Vulnerability – March 2020

With the release of March 2020 security updates, Microsoft has released updates for 115 vulnerabilities.

28/02/2020

MS Exchange Validation Key Remote Code Execution Vulnerability

On February 11, 2020, Microsoft published a vulnerability that could cause remote code execution in the Exchange e-mail server.

22/10/2019

MS IIS Server Authorization Vulnerability

A critical vulnerability was published by Microsoft on October 8, 2019, concerning IIS servers and enabling authorization upgrades.

16/01/2020

MS Windows CryptoAPI Spoofing Vulnerability

On January 14, 2020, Microsoft has published a vulnerability in cryptographic libraries (Crypt32.dll) in new versions of Windows in the first Patch Tuesday list of 2020.