Vulnerability News

Over 48,000 SonicWall devices remain vulnerable to a critical security flaw, exposing organizations worldwide to ransomware attacks. The vulnerability, identified as CVE-2024-40766, was first disclosed in September 2024 and continues to be actively exploited by...

The cybersecurity landscape witnessed unprecedented vulnerabilities during 2024, with a record-breaking 40,009 Common Vulnerabilities and Exposures (CVEs) published. This marks a staggering 38% increase from the 28,818 CVEs reported in 2023, highlighting the rapidly evolving...

Amazon Web Services (AWS) has introduced the same remote code execution (RCE) vulnerability three times over the last four years through its Neuron SDK, highlighting critical lapses in securing its Python package installation processes....

A critical Windows Registry Elevation of Privilege vulnerability, identified as CVE-2024-43641. This flaw, which affects various editions of Windows Server 2025, Windows 10, and Windows 11, has been assigned a CVSS v3.1 score of...

A critical security vulnerability in Angular Expressions, a standalone module for the Angular.JS web framework, has been discovered, potentially allowing attackers to execute arbitrary code and gain full system access. The vulnerability, identified as CVE-2024-54152,...

Researchers unveiled a proof-of-concept (PoC) exploit for a critical vulnerability in Windows Lightweight Directory Access Protocol (LDAP), tracked as CVE-2024-49112. The flaw, disclosed by Microsoft on December 10, 2024, during its Patch Tuesday update, carries...

A critical 7-Zip zero-day exploit has been allegedly leaked by a hacker who is an individual operating under the alias "NSA_Employee39" on X, which allows attackers to execute arbitrary code on a victim’s machine...

In the ongoing battle against cyber threats, the Cybersecurity and Infrastructure Security Agency (CISA) has flagged a critical vulnerability in Palo Alto Networks' PAN-OS software that could leave enterprise firewalls susceptible to remote attacks....

Palo Alto Networks has disclosed a high-severity vulnerability, CVE-2024-3393, in its PAN-OS software that powers its next-generation firewalls. The flaw allows unauthenticated attackers to exploit the DNS Security feature by sending specially crafted DNS packets,...

A critical SQL injection vulnerability, identified as CVE-2024-45387, has been discovered in Apache Traffic Control, a widely used open-source platform for managing large-scale content delivery networks (CDNs). This vulnerability affects versions 8.0.0 through 8.0.1 of...