Category: alerts

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — adobe_commerce  Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue does not require user… Read more

Juniper has released security updates to address multiple vulnerabilities in Junos OS, Junos OS Evolved, Paragon Active Assurance and Junos OS: EX4300 Series. A cyber threat actor could exploit some of these vulnerabilities to cause a denial-of-service condition. Users and administrators are encouraged to review Juniper’s Support Portal and apply the necessary updates. Read more

Citrix released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  CISA encourages users and administrators to review and apply the necessary updates:  XenServer and Citrix Hypervisor Security Update for CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142 Read more

CISA is collaborating with private industry partners to respond to a recent compromise discovered by independent security researchers impacting Sisense, a company that provides data analytics services. CISA urges Sisense customers to: Reset credentials and secrets potentially exposed to, or used to access, Sisense services.  Investigate—and report to CISA—any suspicious activity involving credentials potentially exposed… Read more

Microsoft released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   Users and administrators are encouraged to review the following and apply the necessary updates:   Microsoft Security Update Guide for April Read more

Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info abb — symphony_plus_s+_operations  ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony Plus products (e.g., S+ Operations, S+ Engineering and S+ Analyst) This issue affects Symphony Plus… Read more

Ivanti has released security updates to address vulnerabilities in all supported versions (9.x and 22.x) of Ivanti Connect Secure and Policy Secure gateways. A cyber threat actor could exploit one of these vulnerabilities to take control of an affected system.  Users and administrators are encouraged to review the following Ivanti advisory and apply the necessary updates: … Read more

Read more

High Vulnerabilities   PrimaryVendor — Product Description Published CVSS Score Source & Patch Info acowebs — pdf_invoices_and_packing_slips_for_woocommerce  Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce: from n/a through 1.3.7. 2024-03-28 8.2 CVE-2024-30230audit@patchstack.com active_websight — seo_backlink_monitor  Improper Neutralization of Input During… Read more