Sep 12, 2024 – Vulnerability Alerts!

Cyber Vulnerabilities Unplugged – Today’s Top Picks

Welcome back, my cyber-savvy friends! If you thought the world of cybersecurity was all about grey suits and endless meetings, think again! Today’s vulnerability round-up has more drama than a British soap opera, and you’ll want to keep up. Grab your cup of tea because we’re diving in!

1. CVE-2024-28991: SolarWinds Access Rights Manager – Critical Remote Code Execution

First up, we have a classic, classic vulnerability! SolarWinds Access Rights Manager (ARM) has been exposed to a remote code execution vulnerability. That’s right, authenticated users could misuse this vulnerability like a borrowed umbrella at a rain-soaked picnic, leading to potential chaos. Severity? A staggering 9.0! Read more here!

2. CVE-2024-45824: Oracle WebLogic – Remote Code Execution

Next, on the patio of peril, we have Oracle WebLogic facing a remotely exploitable code vulnerability that can execute malicious commands like it’s auditioning for a leading role in ‘Mission Impossible’! With a 9.8 severity rating, this one’s no joke. Check out the details here!

3. MindsDB Vulnerabilities Galore!

The MindsDB platform just can’t catch a break today! Multiple vulnerabilities were reported, including:

  • CVE-2024-45856: A cheeky cross-site scripting (XSS) vulnerability that allows JavaScript executions within the platform, severity 9.0. More info here!
  • CVE-2024-45852 & CVE-2024-45851: Arbitrary code execution vulnerabilities linked with SharePoint integration, both scoring 8.8 on the severity scale. Dive into the deets here and here!
  • CVE-2024-8749: SQL injection at its finest! Grab a popcorn, because this one’s about revealing all the secrets bouncing in the databases, with a severity rating of 8.8. Wanna know more? Click here!

4. LearnPress & WordPress – SQL Injection Frenzy

If you thought things couldn’t get spicier, the LearnPress WordPress LMS Plugin has two *critical* SQL Injection vulnerabilities reported with severity ratings of 10.0. Talk about setting off the alarms! Dive deeper into these juicy details here and here!

5. A Giggle at CSRF Checks

Multiple WordPress plugins are under the weather with CSRF (Cross-Site Request Forgery) vulnerabilities. No one likes that unexpected cough at a dinner party! Key culprits include:

  • CVE-2024-7862: Missing CSRF checks can make any admin susceptible to a change in settings. More here!
  • CVE-2024-8056: Outdated plugin without proper escaping can lead to a palaver with reflected XSS. Read the report here!

And that’s a wrap for today’s adventure in the world of vulnerabilities! Remember, this isn’t an exhaustive list because, believe it or not, the cyberspace is overflowing with vulnerabilities just waiting to be discovered. For the eager beavers among you, feel free to contact us for live alerts as soon as they come in. Stay safe, stay updated, and until next time – happy surfing!

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Picture of Adam Cooke
Adam Cooke
As the Operations and Compliance Manager, Adam oversees all aspects of the business, ensuring operational efficiency and regulatory compliance. Committed to high standards, he ensures everyone is heard and supported. With a strong background in the railway industry, Adam values rigorous standards and safety. Outside of work, he enjoys dog walking, gardening, and exploring new places and cuisines.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue