CVE-2024-11667 - Directory Traversal in Zyxel ATP, USG FLEX, and USG20(W)-VPN – Exploit Details and Practical Example
Zyxel’s security appliances are commonly used in offices and remote work locations. Recently, a serious vulnerability (CVE-2024-11667) was discovered in the web management interfaces
CVE-2024-36467 - How Authenticated API Users Can Escalate Privileges in Zabbix (Risk & Exploit Explained)
Zabbix is a popular, open-source monitoring platform widely used in IT environments. On June 2024, a critical security vulnerability—CVE-2024-36467—was disclosed. Simply put, if
CVE-2024-5921 - How Palo Alto Networks GlobalProtect’s Certificate Validation Flaw Puts Endpoints at Risk
TL;DR:
A recently discovered security bug—CVE-2024-5921—in Palo Alto Networks’ GlobalProtect app makes it possible for attackers to connect the VPN client to
CVE-2024-53676 - Remote Code Execution via Directory Traversal in HPE Insight Remote Support
Important: This post explains the CVE-2024-53676 vulnerability in detail, including how it works, a proof-of-concept code snippet, references, and thoughts on mitigation. If you manage
CVE-2024-49053 - Unpacking the Microsoft Dynamics 365 Sales Spoofing Vulnerability
---
Microsoft Dynamics 365 Sales is widely used to manage customer relationships, track leads, and close deals. But in May 2024, a new vulnerability shook
Episode
00:00:00
00:00:00