CVE CyberSecurity Database News (Page 516)

Nov 27, 2024 Exploit

CVE-2024-42326 - How a Use-After-Free Bug in browser.c’s `es_browser_get_variant` Enabled Critical Exploitation

On June 10, 2024, a critical vulnerability—CVE-2024-42326—was disclosed affecting a number of applications using the es_browser_get_variant function in the open-source

Nov 27, 2024

CVE-2024-42328 - Exploiting NULL Pointer Dereference in WebDriver Browser Data Download

CVE-2024-42328 is a newly discovered vulnerability affecting web automation software that uses a WebDriver-controlled Browser object for HTTP downloads. This issue can cause a NULL

Nov 27, 2024

CVE-2024-36468 - Zabbix Server/Proxy Stack Buffer Overflow Exploit – Breaking Down The Vulnerability

--- On June 19, 2024, the Zabbix team published a security advisory about a serious stack buffer overflow, tracked as CVE-2024-36468, in the Zabbix server

Nov 27, 2024 API Exploit SQL PHP

CVE-2024-42327 - Zabbix API SQL Injection Exploit in CUser.get – How Any API User Can Hack Your Database

--- Introduction Yet another major security hole has been found in the world of network monitoring—this time in Zabbix, the popular open-source platform used

Nov 27, 2024 Exploit

CVE-2024-11667 - Directory Traversal in Zyxel ATP, USG FLEX, and USG20(W)-VPN – Exploit Details and Practical Example

Zyxel’s security appliances are commonly used in offices and remote work locations. Recently, a serious vulnerability (CVE-2024-11667) was discovered in the web management interfaces