SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Microsoft Windows “PrintNightmare” Vulnerability Exploited in the Wild
A critical zero-day vulnerability has been discovered in Microsoft Windows Print Spooler. This high severity vulnerability dubbed as PrintNightmare is tracked under the CVE identifier CVE-2021-34527. Successful exploitation of this vulnerability allows attackers to conduct arbitrary code execution w...
CVE Research
The Finale of the Eternal Search for the Best Vulnerability Assessment Solution is Nearing!
Vulnerability management solution is usually the most painstaking process for an IT/security team. The teams struggle to run full vulnerability scans in time and create comprehensive risk reports. Throw in a dozen scanners and patching solutions. It’s now full-blown chaos and drama. Top management f...
CVE Research
Google Chrome Patches Another High Severity Zero-Day Flaw Exploited in the Wild
Google has released an emergency fix for its Chrome browser app in Windows, Linux, and Mac. This consists of four vulnerabilities that include one Zero-day vulnerability with High severity. This is the eighth Zero-day vulnerability which is fixed by Google this year and is assigned with CVE-2021-305...
CVE Research
Adobe Critical Security Updates June 2021
Adobe has finally released security updates providing fixes for 21 critical vulnerabilities in Adobe Creative Cloud Desktop Application, After Effects, Photoshop, Animate, RoboHelp Server, Acrobat, and Reader. A total of 41 security vulnerabilities have been finally patched in this release. Having a...
CVE Research
Microsoft June 2021 Patch Tuesday Addresses 50 CVEs Including Six Zero-Days
Microsoft has released June Patch Tuesday, security updates with a total of 50 vulnerabilities in the family of Windows and Mac operating systems and related products. In the release by Microsoft, 5 were rated as Critical and 45 as Important. The products covered in June’s security update include Mi...
CVE Research
Critical Zero-Day Flaw Actively Exploited in WordPress Fancy Product Designer Plugin
A critical zero-day vulnerability has been discovered in a WordPress plugin called Fancy Product Designer. A Wordfence Threat Intelligence team from WordPress security company Defiant alerted about this vulnerability. The vulnerability is under active attack, which is tracked as CVE-2021-24370 by us...
CVE Research
WinRM servers are the latest prey for the Wormable Windows HTTP vulnerability
Microsoft recently patched a critical remote code execution vulnerability in the HTTP Protocol Stack (http. sys). Used by the Windows built-in IIS server for processing HTTP requests. The vulnerability is assigned with an identifier CVE-2021-31166 and has a CVSS score of 9.8. This is a wormable vuln...
CVE Research
Patch Tuesday: Microsoft Security Updates for May 2021.
Microsoft has released May 2021 Patch Tuesday security updates with a total of 55 vulnerabilities in the family of Windows and Mac operating systems and related products. In the release by Microsoft, 4 vulnerabilities were rated as Critical, 50 as Important, and 1 as Moderate. Therefore, a good vuln...
CVE Research
Critical 21Nails Flaws Affect Millions of Exim Servers
A series of critical vulnerabilities were recently disclosed to reside in the popular internet mailer, Exim. The vulnerabilities, collectively termed as 21Nails, were brought to light by researchers at Qualys. The advisory includes 21 vulnerabilities, some of which can be used to gain elevated privi...