A high-severity cross-site scripting (XSS) vulnerability, known as CVE-2025-0314, has been identified in GitLab’s Community Edition (CE) and Enterprise Edition (EE). This vulnerability mainly arises from the improper rendering of certain file types. When exploited, it permits attackers to inject harmful scripts into GitLab instances. These scripts can lead to session hijacking, theft of sensitive…
The Centreon Centreon Web SQL Injection vulnerability, known as CVE-2024-55573, presents a significant threat to users of the Centreon application. Discovered in late December 2024, this vulnerability is rooted in improperly validated inputs within the web application. This oversight allows attackers to introduce malicious SQL code, potentially leading to unauthorized data access and manipulation, which…
The Centreon Web SQL Injection Vulnerability, identified as CVE-2024-53923, has posed a serious threat to its users since it was discovered in December 2024. Centreon, a widely used IT infrastructure monitoring platform, is targeted by attackers exploiting its web interface. This vulnerability allows for the injection of malicious SQL code, resulting in unauthorized access to…
The CVE-2025-0650 OVN DNS Record Egress ACL Bypass vulnerability surfaced in January 2025, raising serious concerns for organizations using Open vSwitch (OVN). This flaw allows attackers to bypass security measures, particularly egress ACLs for DNS records. Such a bypass can lead to unauthorized access, putting sensitive data at risk. Understanding this vulnerability is crucial for…
CVE-2025-23006 is a critical vulnerability found in the SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). Discovered on January 9, 2025, and publicly disclosed on January 23, 2025, this pre-authentication deserialization vulnerability allows remote attackers to execute arbitrary operating system commands. Sadly, it means that attackers do not need prior authentication to…
CVE-2024-52975 is a significant vulnerability recently identified in Fleet Server, which poses a serious risk by logging sensitive information at the INFO and ERROR levels. Discovered on January 23, 2025, this vulnerability could expose critical policy configurations to unauthorized users, raising concerns about data security. The flaw highlights the need for organizations to closely monitor…
A critical vulnerability known as CVE-2024-12857 has recently come to light in the AdForest WordPress theme. Affecting all versions up to 5.1.8, this security flaw has a strikingly high CVSS score of 9.8, signifying a critical issue. Discovered by Chloe Chamberland of Wordfence, this vulnerability permits attackers to bypass authentication mechanisms entirely. Consequently, they can…
CVE-2024-11218, also known as the Podman Buildah Compose Privilege Escalation Vulnerability, was reported on January 20, 2025. This security flaw affects the Buildah package in the Podman ecosystem. The issue enables a malicious Containerfile to expose secure information from the build host to commands executed with the RUN instruction. This situation poses a severe risk,…
The CVE-2025-24024 Matrix Mjolnir Unrestricted Command Execution Vulnerability has recently come to light as a critical security issue. This vulnerability allows attackers to execute arbitrary commands on the Matrix Mjolnir system, posing a significant risk to organizations utilizing this technology. Discovered in mid-January 2025, this vulnerability is currently being exploited by malicious actors, raising alarms…
CVE-2025-23477 is a critical vulnerability found in the Realty Workstation plugin for WordPress. This “Missing Authorization” issue affects versions up to 1.0.45. Discovered on January 21, 2025, it highlights how improper access control can expose sensitive data. Essentially, attackers might exploit this flaw to bypass access control lists (ACLs), giving them unauthorized access to various…