Poster - CVE CyberSecurity Database News (Page 429)

Dec 12, 2024 RCE Microsoft Exploit Java

CVE-2024-49147 - Microsoft Update Catalog Deserialization Vulnerability – How Attackers Can Elevate Privileges (With Code Example)

--- Summary: In June 2024, CVE-2024-49147 exposed a serious vulnerability in the Microsoft Update Catalog website (https://www.catalog.update.microsoft.com/). The root culprit?

Dec 12, 2024 Windows Microsoft API

CVE-2024-49071 - How Windows Defender’s Global Files Search Leaks Sensitive Info With Improper Authorization

June 2024 has seen another serious security issue: CVE-2024-49071, a privilege escalation vulnerability in Windows Defender. This bug exposes sensitive index information to attackers with

Dec 12, 2024

CVE-2024-9367 - GitLab Changelog Template Parsing DoS Vulnerability Explained

CVE-2024-9367 is a security vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). The issue affects all versions from 13.9 before 17.4.

Dec 12, 2024 API

CVE-2024-9387 - Exploiting Open Redirect in GitLab Releases API (11.8–17.6.2)

An open redirect vulnerability is often considered low-to-medium risk—but, in the wrong hands, it can be used for phishing, stealing credentials, or leading users

Dec 12, 2024 CSRF Exploit

CVE-2024-8647 - GitLab Harbor Integration Leaks Anti-CSRF Token (Explained With Exploit Tutorial)

Recently, a critical security vulnerability was discovered in GitLab, one of the world’s most popular DevOps platforms. Tracked as CVE-2024-8647, this issue affects self-hosted