The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-1709 Severity: CRITICAL (CVSS: 10.0) Impacted Products: ConnectWise ScreenConnect 23.9.7 and prior Description: Authentication Bypass Using an Alternate Path or Channel vulnerability, may allow direct access to confidential information or critical systems. Remediation: Patch on-premise instances.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2022-4262 Severity: 8.8 HIGH Impacted Products: Google Chrome versions prior to 108.0.5359.94 Description: Type confusion in V8 allowed remote attackers to potentially exploit heap corruption via a crafted HTML page. Remediation: Apply updates per vendor instructions.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-21887 Severity: 9.1 CRITICAL Impacted Products: Ivanti Connect Secure (9.x, 22.x) and Ivanti Policy Secure (9.x, 22.x) Description: Command injection vulnerability allowing an authenticated administrator to execute arbitrary commands. Remediation: Apply mitigations per vendor instructions or discontinue use if mitigations unavailable.…