cves - Defensium Labs Blog

Sign in Subscribe

cves

A collection of 2 posts

[CVE-2024-41597] Cross-Site Request Forgery (CSRF) in ProcessWire CMS v.3.0.229

[CVE-2024-41597] Cross-Site Request Forgery (CSRF) in ProcessWire CMS v.3.0.229

In this blog post, we will discuss a recent vulnerability that DefensiumLabs found in ProcessWire CMS v3.0.229. This vulnerability allows a remote attacker to execute arbitrary code via a crafted HTML file on the comments functionality.

Unveiling the CVE-2024–6387: OpenSSH 'RegreSSHion' Vulnerability

vulnerabilities Featured

Unveiling the CVE-2024–6387: OpenSSH 'RegreSSHion' Vulnerability

CVE-2024-6387 is a critical vulnerability in OpenSSH versions 8.5p1 to 9.8p1 on glibc-based Linux systems. It stems from a race condition in the signal handler, allowing remote attackers to execute arbitrary code as root, leading to complete system compromise.