PHP package Voyager flaws expose to one-click RCE exploits

The open-source PHP package Voyager is affected by three vulnerabilities that could be exploited to achieve one-click remote code execution on affected instances. Voyager is a popular open-source PHP package for managing Laravel applications, offering an admin interface, BREAD operations, media, and user management. During an ordinary scan activity, SonarSource researchers reported an arbitrary file write vulnerability in […]

Laravel admin package Voyager vulnerable to one-click RCE flaw

bleepingcomputer.com - 29/Jan 19:27

Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution...

PHP Voyager flaws lead to RCE

thecyberthrone.in - 02:20

Three critical vulnerabilities have been disclosed in the open-source PHP package Voyager, a widely used tool for managing Laravel applications. These...

CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild

itsecuritynews.info - 26/Jan 04:06

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding a critical vulnerability, CVE-2025-23006, affecting...

QNAP says it has fixed several major vulnerabilities in NAS backup, recovery app

lovablevibes.co - 24/Jan 16:29

QNAP said it addressed six flaws in its Hybrid Backup Sync tool The flaws stemmed from rsync, an open-source file syncing tool Users are advised to...

Vulnerability Summary for the Week of January 20, 2025

itsecuritynews.info - 27/Jan 18:36

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD The a+HRD from aEnrich...

CVE-2025-0107 PoC Exploit Code Released for PaloAlto Flaw

thecyberthrone.in - 19/Jan 00:56

Background: CVE-2025-0107 is a critical OS command injection vulnerability discovered in Palo Alto Networks’ Expedition Tool, version 1.2.101...

Patch now: Cisco fixes critical 9.9-rated, make-me-admin bug in Meeting Management

itsecuritynews.info - 23/Jan 23:36

No in-the-wild exploits … yet Cisco has pushed a patch for a critical, 9.9-rated vulnerability in its Meeting Management tool that could allow a...

CISA adds Apple vulnerability CVE-2025-24085 to KEV Catalog

thecyberthrone.in - 01:04

CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-24085 Apple...

One of Salt Typhoon’s favorite flaws still wide open on 91% of at-risk Exchange Servers

itsecuritynews.info - 23/Jan 23:36

But I mean, you’ve had nearly four years to patch One of the critical security flaws exploited by China’s Salt Typhoon to breach US telecom and...

Meta’s Llama Framework Flaw Exposes AI Systems to Remote Code Execution Risks

itsecuritynews.info - 26/Jan 11:33

A high-severity security flaw has been disclosed in Meta’s Llama large language model (LLM) framework that, if successfully exploited, could allow...

Rubriques :