FlagThis

Multiple vulnerabilities in Git’s credential retrieval protocol have been discovered which could allow attackers to access user credentials. These flaws stem from the improper handling of messages within Git’s credential protocol affecting tools like GitHub Desktop, Git Credential Manager, and Git LFS. Successful exploitation of these flaws can lead to credential exposure.

Security vulnerabilities in Subaru’s Starlink connected vehicle service have been exposed, allowing remote access to customer accounts, including the ability to unlock and start vehicles, and access a year of location history. This poses significant privacy and security risks for vehicle owners. The vulnerability stems from a lack of proper access controls in the Starlink system and use of javascript. These security flaws emphasize the need for better security in connected car platforms and protection of user data.

A critical vulnerability, tracked as CVE-2025-23006, has been discovered in SonicWall’s SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC). This flaw, classified under CWE-502 (Deserialization of Untrusted Data), carries a severity score of 9.8 (Critical), indicating its potential for a devastating impact. SonicWall has confirmed active exploitation of this vulnerability by malicious actors, allowing them to execute arbitrary OS commands on affected appliances. The vulnerability stems from the improper handling of data during deserialization processes. This flaw can be exploited by attackers to inject malicious code into the targeted appliances, ultimately leading to complete system compromise. SonicWall has issued an urgent security advisory and released a patch for this vulnerability. The company strongly urges users to update their SMA1000 appliances immediately.

A critical relative path traversal vulnerability (CVE-2024-52012) in Apache Solr for Windows allows arbitrary file path write access via the ‘configset upload’ API. Additionally, a medium severity vulnerability (CVE-2025-24814) allows users to replace trusted configset files with arbitrary configurations. These flaws require immediate patching to prevent attackers from writing or altering files on the system. Organizations need to prioritize patching their Apache Solr instances. The lack of input sanitization and insecure file handling exposes significant security risks.

Cisco’s Meeting Management tool has a critical vulnerability with a 9.9 severity rating, which could allow a remote attacker with low privileges to gain admin-level access. This vulnerability was addressed with a patch from Cisco, but it highlights the risks in managing network and video infrastructure and the importance of applying security updates promptly. The vulnerability allows a low privileged user to get admin access via an API exploit.

The rapid patching of this vulnerability shows that Cisco is responding to threats, but also shows that the risk of these kinds of attacks are common in modern infrastructure. The high severity rating underscores the potential impact on organizations using this technology.

A critical remote code execution vulnerability (CVE-2024-9042) in Kubernetes allows attackers to execute commands with SYSTEM privileges on all Windows nodes in a cluster. This vulnerability, specifically in the new beta logging feature ‘Log Query’, is easily exploitable, resulting in full system compromise. This highlights the danger of introducing new features without thorough security testing, impacting organizations that rely on Kubernetes. Immediate patching is vital to prevent potential unauthorized access and lateral movement within the Kubernetes environment.

Multiple critical vulnerabilities in Ivanti CSA have been actively exploited by Chinese state-sponsored actors, prompting warnings from CISA and the FBI. These vulnerabilities allow attackers to gain unauthorized access and execute arbitrary code. The agencies have released detailed technical information and IOCs for network defenders. These exploits highlight the need for immediate patching and robust security measures, and demonstrates the speed at which attackers are weaponizing disclosed vulnerabilities.

Multiple vulnerabilities have been discovered in various Jenkins plugins, including CSRF, permission bypass, and credential exposure issues. These vulnerabilities affect plugins like Azure Service Fabric, Eiffel Broadcaster, OpenID Connect Authentication, Bitbucket Server Integration, and GitLab Plugin. A large number of plugins (including the zoom plugin) are vulnerable with critical security issues. These flaws can be exploited by malicious actors to gain unauthorized access or escalate privileges within Jenkins environments.

Multiple critical vulnerabilities, tracked as CVE-2024-10811, CVE-2024-13161, CVE-2024-13160, and CVE-2024-13159, have been identified in Ivanti Endpoint Manager (EPM) software. These path traversal vulnerabilities allow unauthenticated attackers to extract sensitive information from affected systems. Ivanti has released patches to address these severe flaws. This incident underscores the significant risk posed by software vulnerabilities and the importance of proactive patching and system updates.