16分钟
漏洞的披露
CVE-2024-45195: Apache OFBiz Unauthenticated Remote Code Execution (Fixed)
Apache OFBiz低于18.12.16 is vulnerable to unauthenticated remote code execution (CVE-2024-45195) on Linux 和 Windows. Exploitation is facilitated by bypassing previous patches.
6分钟
漏洞的披露
CVE-2024-6922: Automation Anywhere Automation 360 Server-Side Request Forgery
Automation 360 Robotic Process Automation suite v21-v32 is vulnerable to unauthenticated Server-Side Request Forgery (SSRF).
10分钟
管理检测和响应(耐多药)
CVE-2024-4978: Backdoored Justice AV Solutions Viewer Software Used in Apparent Supply Chain Attack
Justice AV Solutions (JAVS)是一家美国公司.S.-based company specializing in digital audio-visual recording solutions for courtroom environments.
Rapid7 has determined that users with JAVS Viewer v8.3.7 installed are at high risk 和 should take immediate action.
19分钟
紧急威胁响应
CVE-2024-27198 和 CVE-2024-27199: JetBrains TeamCity Multiple Authentication Bypass Vulnerabilities (FIXED)
Rapid7’s vulnerability research team identified two new vulnerabilities affecting JetBrains TeamCity CI/CD server: CVE-2024-27198 和 CVE-2024-27199, both of which are authentication bypasses.
11分钟
漏洞的披露
CVE-2023-47218: QNAP QTS 和 QuTS Hero Unauthenticated Comm和 Injection (FIXED)
Rapid7 has identified an unauthenticated comm和 injection vulnerability in the QNAP operating system known as QTS, a core part of the firmware for numerous QNAP entry- 和 mid-level Network Attached Storage (NAS) devices.
1分钟
伶盗龙
CVE-2023-5950 Rapid7 伶盗龙 Reflected XSS
This advisory covers a specific issue identified in 伶盗龙 和 disclosed by a security code review. Rapid7 伶盗龙 versions prior to 0.7.0-4 suffer from a reflected cross site scripting vulnerability.
8分钟
漏洞的披露
Multiple Vulnerabilities in South River Technologies Titan MFT 和 Titan SFTP [FIXED]
As part of our continuing research project into managed file transfer risk, including JSCAPE MFT 和 Fortra Globalscape EFT Server, Rapid7 discovered several vulnerabilities in South River Technologies’ Titan MFT 和 Titan SFTP servers.
4分钟
漏洞的披露
CVE-2023-4528: Java Deserialization 脆弱性 in JSCAPE MFT (Fixed)
2023年8月, Rapid7发现CVE-2023-4528, a Java deserialization vulnerability in Redwood Software’s JSCAPE MFT secure managed file transfer product. 成功ful exploitation can run arbitrary Java code as the `root` on Linux or the `SYSTEM` user on Windows.
6分钟
漏洞的披露
CVE-2023-35082 - MobileIron Core Unauthenticated API Access 脆弱性
Rapid7 discovered a new vulnerability that allows unauthenticated attackers to access the API in unsupported versions of MobileIron Core (11.2及以下).
5分钟
漏洞的披露
CVE-2023-38205: Adobe ColdFusion Access Control Bypass [FIXED]
Rapid7 discovered that the initial patch for CVE-2023-29298 (Adobe ColdFusion access control bypass vulnerability) did not successfully remediate the issue.
7分钟
漏洞的披露
CVE-2023-29298: Adobe ColdFusion Access Control Bypass
Rapid7 discovered an access control bypass vulnerability affecting Adobe ColdFusion that allows an attacker to access the administration endpoints.
22分钟
漏洞的披露
Multiple Vulnerabilities in Fortra Globalscape EFT Administration Server [FIXED]
Rapid7 has uncovered four issues in Fortra Globalscape EFT, the worst of which can lead to remote code execution.
4分钟
漏洞的披露
Raptor Technologies Volunteer Management Client-Side Security Controls (FIXED)
A vulnerability in Raptor Technology Volunteer Management for Schools is being disclosed in accordance with Rapid7’s vulnerability disclosure policy.
33分钟
漏洞的披露
Multiple Vulnerabilities in Rocket Software UniRPC server (Fixed)
In early 2023, Rapid7 discovered several vulnerabilities in Rocket Software UniData UniRPC. We worked with the company to fix issues 和 coordinate this disclosure.
7分钟
漏洞的披露
CVE-2023-0391: MGT-COMMERCE CloudPanel Shared Certificate 脆弱性 和 Weak Installation Procedures
Rapid7 has discovered three security concerns in CloudPanel from MGT-COMMERCE, a self-hosted web administration solution.