🐞 CVE les plus discutées dans la semaine 19

Did I hear someone say path traversal? @cR0w https://arcticwolf.com/resources/blog/cve-2024-7399/../#PathTraversal #Vulnerability #Cybersecurity @infosec

🚨 Critical alert: CVE-2024-7399 actively exploited in Samsung MagicINFO servers (<21.1050). Unauthenticated RCE risks full compromise of digital signage networks. Patch now! Have you secured your systems?Learn more: https://zerodaily.me/blog/2025-05-06-samsung-magicinfo-cve-2024-…

🚨 Critical alert: CVE-2024-7399 actively exploited in Samsung MagicINFO servers (<21.1050). Unauthenticated RCE risks full compromise of digital signage networks. Patch now! Have you secured your systems?Learn more: https://zerodaily.me/blog/2025-05-06-samsung-magicinfo-cve-2024-…

Tracked as CVE-2024-7399 (CVSS score of 8.8), the issue is described as an “improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server” that could be exploited to write arbitrary files with system privileges. https://www.securityweek.c…

Samsung MagicINFO 9 servers might be letting hackers in—thanks to a sneaky path traversal flaw that lets attackers upload malicious files without even needing to log in. Is your digital signage safe? Read on for the must-know fix.https://thedefendopsdiaries.com/understanding-and-…

Running code on Tesla security ECU from tire: details on new CVE-2025-2082 vulnerability. 🛞 🔀 🚗 💥Link to post: https://www.linkedin.com/posts/dlaskov_automotive-research-carhacking-activity-7325949598554865665-vchY

Heads up SonicWall SMA100 admins: Two patched vulns CVE-2023-44221/CVE-2024-38475 are actively exploited in the wild. Attackers chain them for system access. Update ASAP & check for suspicious activity.#SonicWall #CyberSecurity #PatchNow

watchTowr Warns of Active Exploits Targeting SonicWall SMA 100 Devices Using CVE-2024-38475 and CVE-2023-44221.Read: https://hackread.com/watchtowr-exploits-target-sonicwall-sma-100-devices/ #CyberSecurity #Vulnerability #SonicWall #CyberAttack

Security Advisory - SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilitiesand following the following technical disclosure:🔗 https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/It's exploited.🔗 Bundle wit…

The exploitation of the two security defects, tracked as CVE-2023-44221 and CVE-2024-38475, came to light last week, when SonicWall updated its advisories to flag them as targeted in attacks. https://www.securityweek.com/poc-published-for-exploited-sonicwall-vulnerabilities/

This Week in Security: Encrypted Messaging, NSO’s Judgement, and AI CVE DDoSCryptographic messaging has been in the news a lot recently. Like the formal audit of WhatsApp (the actual PDF). And the results are good. There are some minor potential problems that the audit highlights…

Heads up SonicWall SMA100 admins: Two patched vulns CVE-2023-44221/CVE-2024-38475 are actively exploited in the wild. Attackers chain them for system access. Update ASAP & check for suspicious activity.#SonicWall #CyberSecurity #PatchNow

watchTowr Warns of Active Exploits Targeting SonicWall SMA 100 Devices Using CVE-2024-38475 and CVE-2023-44221.Read: https://hackread.com/watchtowr-exploits-target-sonicwall-sma-100-devices/ #CyberSecurity #Vulnerability #SonicWall #CyberAttack

Security Advisory - SonicWall SMA100 SSL-VPN Affected By Multiple Vulnerabilitiesand following the following technical disclosure:🔗 https://labs.watchtowr.com/sonicboom-from-stolen-tokens-to-remote-shells-sonicwall-sma100-cve-2023-44221-cve-2024-38475/It's exploited.🔗 Bundle wit…

The exploitation of the two security defects, tracked as CVE-2023-44221 and CVE-2024-38475, came to light last week, when SonicWall updated its advisories to flag them as targeted in attacks. https://www.securityweek.com/poc-published-for-exploited-sonicwall-vulnerabilities/

This Week in Security: Encrypted Messaging, NSO’s Judgement, and AI CVE DDoSCryptographic messaging has been in the news a lot recently. Like the formal audit of WhatsApp (the actual PDF). And the results are good. There are some minor potential problems that the audit highlights…

🚨ACTIVE EXPLOITATION ALERT🚨Great work Kyle Lefton 🎉The baddies at Akamai SIRT (Security Intelligence Response Team) have identified the first ITW exploitation of command injection vulns CVE-2024-6047 and CVE-2024-11120. It's a Mirai variant called LZRD (pronounced luh-zurd accord…

𝗠𝗶𝗿𝗮𝗶’𝘀 𝗯𝗮𝗰𝗸, exploiting IoT like a script kiddie’s wet dream. CVE-2024-6047/11120: command injection hell. Akamai’s SIRT saw the botnet RSVP. 𝗦𝗲𝗰𝘂𝗿𝗲 𝘆𝗼𝘂𝗿 𝗴𝗲𝗮𝗿—entropy doesn’t wait.https://www.akamai.com/blog/security-research/2025/may/active-exploitation-mirai-geovision-iot-botn…

[RSS] SysOwned, Your Friendly Support Ticket - SysAid On-Premise Pre-Auth RCE Chain (CVE-2025-2775 And Friends) - watchTowr Labshttps://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/

Looks like three of the SysAid CVEs in this report have been published and are all scored sev:CRIT 9.3:https://nvd.nist.gov/vuln/detail/CVE-2025-2775https://nvd.nist.gov/vuln/detail/CVE-2025-2776https://nvd.nist.gov/vuln/detail/CVE-2025-2777But the last one was rejected:https://n…

Critical vulnerabilities discovered in SysAid's on-premise IT support software💥 Vulnerability: XML External Entity (XXE) injections that can lead to RCE⚠️ Impact: Retrieval of sensitive files, full admin access, and arbitrary code execution, risking data breaches and system compr…