SecPod

Learn Search

Search across all Learn content

SecPod Labs

Security Research

In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.

GeoServer Critical RCE Flaw Actively Exploited, Warns CISA

CVE Research

GeoServer Critical RCE Flaw Actively Exploited, Warns CISA

GeoServer, an open-source tool used to share and modify geospatial data, is under attack. CVE-2024-36401, which impacts the GeoTools plugin, has a severity rating of 9.8 and arises from the unsafe evaluation of property names as XPath expressions. The GeoTools library API exposes property and attrib...

Jul 17, 2024 • 4 min read

The Story of Mis-Tech: Ep 2: The Search for a Vulnerability Management Tool That Works!

CVE Research

The Story of Mis-Tech: Ep 2: The Search for a Vulnerability Management Tool That Works!

A quick recap

Jul 14, 2024 • 5 min read

Exim Mail Server Vulnerability: A Critical Threat Affecting Millions

CVE Research

Exim Mail Server Vulnerability: A Critical Threat Affecting Millions

A critical vulnerability (CVE-2024-39929) in the Exim mail transfer agent could enable attackers to deliver malicious attachments to users’ inboxes. The flaw, rated 9.1 out of 10 on the CVSS scale, affects versions up to 4.97.1 and has been fixed in version 4.98.

Jul 14, 2024 • 2 min read

Microsoft’s July 2024 Patch Tuesday Fixes Four Zero Days; Releases Patches for 142 Vulnerabilities

CVE Research

Microsoft’s July 2024 Patch Tuesday Fixes Four Zero Days; Releases Patches for 142 Vulnerabilities

Microsoft released its July edition of Patch Tuesday. In it, Microsoft addressed 142 flaws and patched four zero-day bugs.

Jul 09, 2024 • 5 min read

Ghostscript Vulnerability Actively Exploited in the Wild

CVE Research

Ghostscript Vulnerability Actively Exploited in the Wild

A severe remote code execution (RCE) vulnerability in the widely used Ghostscript library is being actively exploited. This vulnerability, identified as CVE-2024-29510, affects Ghostscript versions 10.03.0 and earlier. Ghostscript, a document conversion tool, is commonly found on Linux systems and i...

Jul 08, 2024 • 2 min read

Unveiling regreSSHion: Critical OpenSSH Flaw Found In Linux Systems

CVE Research

Unveiling regreSSHion: Critical OpenSSH Flaw Found In Linux Systems

Linux users beware! OpenSSH flaw, a networking utility installed on every Unix and Linux system by default, is affected by a critical signal handler race condition vulnerability.

Jul 03, 2024 • 3 min read

Juniper Networks Rolls Out Essential Security Patch for Router Flaw: CVE-2024-2973

CVE Research

Juniper Networks Rolls Out Essential Security Patch for Router Flaw: CVE-2024-2973

Juniper Networks has issued an out-of-band security update to address a critical flaw that poses a significant security risk to its routers. The vulnerability CVE-2024-2973, boasts a CVSS score of 10.0, marking it as exceptionally severe.

Jul 03, 2024 • 3 min read

Managing CISA Known Exploitable Vulnerabilities (KEVs) and Enhancing Cyber Resilience using Saner CVEM

CVE Research

Managing CISA Known Exploitable Vulnerabilities (KEVs) and Enhancing Cyber Resilience using Saner CVEM

Vulnerabilities and exploits are strange bedfellows. While vulnerabilities are unintended and often unavoidable, exploits are deliberately created to feast on these vulnerabilities.

Jul 01, 2024 • 9 min read

New MOVEit Transfer Vulnerability Under Attack – Urgent Patch Required

CVE Research

New MOVEit Transfer Vulnerability Under Attack – Urgent Patch Required

A critical security vulnerability in Progress Software’s MOVEit  Transfer has been discovered and is known to be under active exploitation. The flaw, identified as CVE-2024-5806, has a CVSS score of 9.1 and involves an authentication bypass affecting several versions of MOVEit Transfer.

Jun 27, 2024 • 2 min read