CVEFeed Newsroom – Latest Cybersecurity Updates
The "Cyber Newsroom Feed" module is a live feed of the latest cyber news enriched with CVE and vulnerability data. The feed is updated every 5 minutes and includes the latest news from the cyber security industry. The feed is designed to provide users with a comprehensive overview of the latest cyber security news and trends.
 
                                                - 
                                                            
                                                                seclists.org 
KL-001-2024-008: Journyx Authenticated Remote Code Execution
Full Disclosure mailing list archives KL-001-2024-008: Journyx Authenticated Remote Code Execution From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 7 Aug 2024 ... Read more
 
                                                - 
                                                            
                                                                seclists.org 
KL-001-2024-007: Journyx Unauthenticated Password Reset Bruteforce
Full Disclosure mailing list archives From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 7 Aug 2024 18:51:14 -0500 KL-001-2024-007: Journyx Unauthenticated Pass ... Read more
 
                                                - 
                                                            
                                                                seclists.org 
KL-001-2024-006: Open WebUI Arbitrary File Upload + Path Traversal
Full Disclosure mailing list archives From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 7 Aug 2024 18:49:23 -0500 KL-001-2024-006: Open WebUI Arbitrary File Up ... Read more
 
                                                - 
                                                            
                                                                seclists.org 
KL-001-2024-005: Open WebUI Stored Cross-Site Scripting
Full Disclosure mailing list archives KL-001-2024-005: Open WebUI Stored Cross-Site Scripting From: KoreLogic Disclosures via Fulldisclosure <fulldisclosure () seclists org> Date: Wed, 7 Aug 2024 18:4 ... Read more
 
                                                - 
                                                            
                                                                The Register 
Devices with insecure SSH services are everywhere, say infosec duo
Black Hat A funny thing happened to security researchers at attack surface management company runZero when they were digging into the xz backdoor earlier this year: They found a whole bunch of vulnera ... Read more
 
                                                - 
                                                            
                                                                BleepingComputer 
Windows Update downgrade attack "unpatches" fully-updated systems
SafeBreach security researcher Alon Leviev revealed at Black Hat 2024 that two zero-days could be exploited in downgrade attacks to "unpatch" fully updated Windows 10, Windows 11, and Windows Server s ... Read more
 
                                                - 
                                                            
                                                                The Register 
Your Windows updates can all be downgraded, says security researcher
Black Hat Security researchers from SafeBreach have found what they say is a Windows downgrade attack that's invisible, persistent, irreversible and maybe even more dangerous than last year's BlackLot ... Read more
 
                                                - 
                                                            
                                                                BleepingComputer 
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. The vulnerabil ... Read more
 
                                                - 
                                                            
                                                                Cybersecurity News 
CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks
Today, Jenkins, the popular open-source automation server, has issued an urgent advisory detailing two vulnerabilities, one with a critical severity rating. These vulnerabilities, identified as CVE-20 ... Read more
 
                                                - 
                                                            
                                                                The Hacker News 
Roundcube Webmail Flaws Allow Hackers to Steal Emails and Passwords
Email Security / Vulnerability Cybersecurity researchers have disclosed details of security flaws in the Roundcube webmail software that could be exploited to execute malicious JavaScript in a victim' ... Read more
 
                         
                         
                         
                                             
                                            