A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin ‘Really Simple Security’ (formerly ‘Really Simple SSL’), including both free and Pro versions.

On October 23rd, Fortinet published an advisory related to a critical FortiManager API vulnerability, tracked as CVE-2024-47575 (CVSSv3: 9.8). The vulnerability was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices.

Microsoft has released its October 2024 patch Tuesday updates, addressing 118 vulnerabilities including 5 zero-day vulnerabilities from which 2 are actively exploited.

On September 26th, a set of vulnerabilities in multiple components of the Common UNIX Printing System (CUPS) open-source printing system were discovered. These flaws could potentially allow a remote unauthenticated attacker to execute arbitrary commands on UNIX systems under certain conditions.

Veeam has issued security patches addressing 18 high and critical vulnerabilities across its Backup & Replication (VBR), Service Provider Console, and ONE products. The most severe flaw, CVE-2024-40711, is a remote code execution (RCE) vulnerability with a CVSS score of 9.8.

A critical unauthenticated remote code execution (RCE) vulnerability in OpenSSH, identified as CVE-2024-6387 and dubbed "regreSSHion" has been discovered, which allows attackers to gain root privileges on glibc-based Linux systems.

Veeam has notified one of our units about the vulnerabilities in their Backup Enterprise Manager product listed below. The worst of them, CVE-2024-29849, allows an attacker to log in to the web interface as any user.

On March 8, QNAP published a security bulletin disclosing three security flaws in its NAS software products. Exploitation of these vulnerabilities can lead to an authentication bypass, command injection and SQL injection.