The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-21378 Severity: 8.0 HIGH Impacted Products: Various versions of Microsoft 365 Apps, Office 2019, Office Long Term Servicing Channel 2021, Outlook 2016 Description: A vulnerability in Microsoft Outlook allowing remote code execution. Remediation: Microsoft has released patches.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-27198 Severity: Critical (CNA score: 9.8) Impacted Products: JetBrains TeamCity before 2023.11.4 Description: Authentication bypass allowing admin actions. Remediation: Update to TeamCity version 2023.11.4 or newer. More Info: NVD CVE-2024-27198 PoC: Rapid7 Blog CVE-2024-27199 Severity: High (CNA score: 7.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-1709 Severity: 10.0 CRITICAL Impacted Products: ConnectWise ScreenConnect 23.9.7 and prior Description: Authentication Bypass Using an Alternate Path or Channel vulnerability, may allow direct access to confidential information or critical systems. Remediation: Patch on-premise instances.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-1709 Severity: CRITICAL (CVSS: 10.0) Impacted Products: ConnectWise ScreenConnect 23.9.7 and prior Description: Authentication Bypass Using an Alternate Path or Channel vulnerability, may allow direct access to confidential information or critical systems. Remediation: Patch on-premise instances.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2022-4262 Severity: 8.8 HIGH Impacted Products: Google Chrome versions prior to 108.0.5359.94 Description: Type confusion in V8 allowed remote attackers to potentially exploit heap corruption via a crafted HTML page. Remediation: Apply updates per vendor instructions.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-21887 Severity: 9.1 CRITICAL Impacted Products: Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) Description: Command injection vulnerability allowing an authenticated administrator to execute arbitrary commands. Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations unavailable.…