Sophos fixes Triple Critical Vulnerabilities in its Firewall

Sophos released patches for three critical security vulnerabilities in their widely-used network security tool, Sophos Firewall that posed significant risks, including remote code execution and privilege escalation. CVE-2024-12727: Pre-Authentication SQL Injection This vulnerability with a CVSS score of 9.8 involves the email protection feature of Sophos Firewall. If a specific configuration of Secure PDF eXchange […]

Critical Johnson Controls Products Vulnerabilities Enables Remote SQL Injection Attacks

itsecuritynews.info - 01/Feb 16:36

A critical advisory addressing a severe SQL injection vulnerability affecting multiple Johnson Controls industrial control system products. The...

Command injection in Apache bRPC heap profiler

australiancybersecuritymagazine.com.au - 29/Jan 02:52

The CyberArk Labs team have identified Apache bRPC users are exposed to a critical command injection flaw in the /pprof/heap endpoint...

U.S. CISA adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog

securityaffairs.co - 30/Jan 10:40

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Ivanti EPMM to its Known Exploited Vulnerabilities catalog. The U.S....

SmarterTools patches critical SmarterMail flaw allowing code execution

securityaffairs.co - 30/Jan 11:53

SmarterTools fixed two SmarterMail flaws, including a critical bug (CVE-2026-24423) that could allow arbitrary code execution. SmarterTools fixed two...

BeyondTrust Remote Access Products 0-Day Vulnerability Allows Remote Code Execution

itsecuritynews.info - 11:18

BeyondTrust has disclosed a critical pre-authentication remote code execution vulnerability affecting its Remote Support (RS) and Privileged Remote...

CISA Adds SolarWinds Web Help Desk RCE Flaw to Known Exploited Vulnerabilities List

itsecuritynews.info - 04/Feb 08:37

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a newly disclosed vulnerability CVE‑2025‑40551 affecting SolarWinds...

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

securityaffairs.co - 28/Jan 15:53

Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and...

Critical Django Flaw Allows DoS and SQL Injection Attacks

itsecuritynews.info - 04/Feb 06:11

The Django Software Foundation has issued emergency security patches addressing six critical vulnerabilities affecting multiple versions of the...

SolarWinds Patches Critical Web Help Desk Vulnerabilities

itsecuritynews.info - 29/Jan 13:32

The four critical flaws could be exploited without authentication for remote code execution or authentication bypass. The post SolarWinds Patches...

Multiple Vulnerabilities in React Server Components Enable DoS Attacks

itsecuritynews.info - 27/Jan 10:05

Multiple critical security vulnerabilities have recently been disclosed in React Server Components, enabling threat actors to launch Denial-of-Service...

العناوين :