CVE CyberSecurity Database News (Page 517)

Nov 27, 2024 API Exploit

CVE-2024-36467 - How Authenticated API Users Can Escalate Privileges in Zabbix (Risk & Exploit Explained)

Zabbix is a popular, open-source monitoring platform widely used in IT environments. On June 2024, a critical security vulnerability—CVE-2024-36467—was disclosed. Simply put, if

Nov 27, 2024 Windows Exploit

CVE-2024-5921 - How Palo Alto Networks GlobalProtect’s Certificate Validation Flaw Puts Endpoints at Risk

TL;DR: A recently discovered security bug—CVE-2024-5921—in Palo Alto Networks’ GlobalProtect app makes it possible for attackers to connect the VPN client to

Nov 27, 2024 RCE Exploit PHP

CVE-2024-53676 - Remote Code Execution via Directory Traversal in HPE Insight Remote Support

Important: This post explains the CVE-2024-53676 vulnerability in detail, including how it works, a proof-of-concept code snippet, references, and thoughts on mitigation. If you manage

Nov 26, 2024

CVE-2024-53849 - Vulnerability in editorconfig-core-c Leads to Buffer Overflow with Malicious Patterns

editorconfig-core-c is a main C implementation of the popular EditorConfig file format parser, powering many editors and tools for maintaining consistent coding styles. A newly

Nov 26, 2024 Microsoft Exploit

CVE-2024-49053 - Unpacking the Microsoft Dynamics 365 Sales Spoofing Vulnerability

--- Microsoft Dynamics 365 Sales is widely used to manage customer relationships, track leads, and close deals. But in May 2024, a new vulnerability shook