The Apache FHIR IG Publisher XML External Entity Injection vulnerability, known as CVE-2024-52807, was discovered in January 2025 and poses a critical risk to users. Organizations, especially in healthcare, rely on FHIR (Fast Healthcare Interoperability Resources) for essential data transactions. However, this particular vulnerability might allow attackers to exploit the Apache FHIR IG Publisher by…
CVE-2024-54152 is a newly discovered vulnerability in Angular Expressions that poses a serious threat to data security. Identified on January 2, 2025, this vulnerability affects all versions of Angular Expressions prior to 1.4.3. With a CVSS base score of 9.3, the risk to confidentiality, integrity, and availability is extremely high. The root cause lies in…
In recent weeks, a critical vulnerability known as CVE-2024-40693 has been identified in IBM Planning Analytics, making headlines in the cybersecurity world. This serious flaw allows for Remote Code Execution (RCE) via malicious file uploads. Essentially, this means that an attacker can execute arbitrary code on a vulnerable system simply by uploading a harmful file….
DHCP Storitev: Rast in Pričakovanja do 2031 V svetu informacijskih tehnologij se okolje hitro spreminja, še posebej na področju omrežnih storitev. Ena od ključnih storitev, ki jo vsakodnevno uporabljamo, so DHCP (Dynamic Host Configuration Protocol) storitve. V tem članku bomo raziskali, kako DHCP storitve delujejo, njihov razvoj ter pričakovanja in napovedi za prihodnost do leta…
A high-severity cross-site scripting (XSS) vulnerability, known as CVE-2025-0314, has been identified in GitLab’s Community Edition (CE) and Enterprise Edition (EE). This vulnerability mainly arises from the improper rendering of certain file types. When exploited, it permits attackers to inject harmful scripts into GitLab instances. These scripts can lead to session hijacking, theft of sensitive…
The Centreon Centreon Web SQL Injection vulnerability, known as CVE-2024-55573, presents a significant threat to users of the Centreon application. Discovered in late December 2024, this vulnerability is rooted in improperly validated inputs within the web application. This oversight allows attackers to introduce malicious SQL code, potentially leading to unauthorized data access and manipulation, which…
The Centreon Web SQL Injection Vulnerability, identified as CVE-2024-53923, has posed a serious threat to its users since it was discovered in December 2024. Centreon, a widely used IT infrastructure monitoring platform, is targeted by attackers exploiting its web interface. This vulnerability allows for the injection of malicious SQL code, resulting in unauthorized access to…
The CVE-2025-0650 OVN DNS Record Egress ACL Bypass vulnerability surfaced in January 2025, raising serious concerns for organizations using Open vSwitch (OVN). This flaw allows attackers to bypass security measures, particularly egress ACLs for DNS records. Such a bypass can lead to unauthorized access, putting sensitive data at risk. Understanding this vulnerability is crucial for…
CVE-2025-23006 is a critical vulnerability found in the SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). Discovered on January 9, 2025, and publicly disclosed on January 23, 2025, this pre-authentication deserialization vulnerability allows remote attackers to execute arbitrary operating system commands. Sadly, it means that attackers do not need prior authentication to…
CVE-2024-52975 is a significant vulnerability recently identified in Fleet Server, which poses a serious risk by logging sensitive information at the INFO and ERROR levels. Discovered on January 23, 2025, this vulnerability could expose critical policy configurations to unauthorized users, raising concerns about data security. The flaw highlights the need for organizations to closely monitor…