SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Zoho Patches Critical Zero-day Flaw in its ADSelfService plus Exploited in The Wild
Zoho Patches Critical Zero-day Flaw in ADSelfService to patch a remote code execution (RCE) vulnerability existing in Zoho ADSelfService plus. The vulnerability allows the execution of unauthenticated remote arbitrary code on the affected systems. A vulnerability management solution can remediate th...
CVE Research
Netgear Patches High Severity Flaws In Its Smart Switches
Netgear is a multinational computer networking company that produces networking hardware for consumers, businesses, and service providers. Netgear identified three high severity vulnerabilities and patched them recently, affecting its wide range of products. Most of these affected products are smart...
CVE Research
A Critical Vulnerability in Atlassian Confluence Server Under Active Exploitation
Atlassian Confluence recently published a security advisory to patch a critical OGNL(Object-Graph Navigation Language) injection vulnerability existing in Confluence Server and Data Center instance. This vulnerability allowed authenticated and, in some instances, even unauthenticated users to execu...
CVE Research
VMware Releases Security Update for Multiple Products
VMware, the virtualization giant, has patched six vulnerabilities, including 4 high severity vulnerabilities, in its recent security update VMSA-2021-0018. The vulnerabilities tracked as CVE-2021-22022, CVE-2021-22023, CVE-2021-22024, CVE-2021-22025, CVE-2021-22026, CVE-2021-22027 are affecting the ...
CVE Research
Sophos UTM Creating a ‘Big’ Bounty with Remote Code Execution Flaw
A critical and high severity remote code execution vulnerability CVE-2020-25223 with CVSS 3. x severe base score 9.8 is present in Sophos SG UTM. Sophos reported this vulnerability on September 18, 2020, in their Advisory. A reliable vulnerability management tool can help to combat these vulnerabil...
CVE Research
Microsoft Exchange Servers Actively Under Exploitation Via ProxyShell Vulnerabilities
Microsoft Exchange Servers are actively exploited in the wild by various threat actors. Attackers are looking for vulnerable instances of Microsoft Exchange Servers and exploiting them via ProxyShell vulnerabilities. ProxyShell is the name given to the set of three vulnerabilities existing in Micros...
CVE Research
Adobe Releases Critical Security Updates for Magento
As part of its August 2021 Patch Tuesday, Adobe has rolled out fixes for its e-commerce platform, Magento. These updates address 26 vulnerabilities, 20 of which have been rated as critical. On successful exploitation, most of these vulnerabilities could lead to arbitrary code execution. Apart from M...
CVE Research
Microsoft August 2021 Patch Tuesday Addresses 44 CVEs, Including Three Zero-Days
Microsoft has released August Patch Tuesday security updates with a total of 44 vulnerabilities in the family of Windows and Mac operating systems and related products. In the release by Microsoft, 7 were rated as Critical and 37 as Important. Hence, the products covered in August’s security update ...
CVE Research
SanerNow’s Extensive Coverage for Top Routinely Exploited Vulnerabilities
Cyber threats are growing in number, but the measures to prevent attacks and breaches are not getting the same attention. To educate organizations about consistent cyber hygiene measures, government agencies take responsibility for keeping companies informed about imminent threats across entire coun...