Deep-dive technical analysis, CVE breakdowns, and rapid remediation strategies for critical vulnerabilities across the global supply chain.
Verified advisories and zero-day disclosures.
An information disclosure vulnerability exists in the way that certain functions in Internet Explorer and Edge handle objects in memory. The vulnerability could allow an attacker to detect specific files on the user's computer.
Citrix NetScaler ADC and NetScaler Gateway contain a buffer overflow vulnerability that allows for sensitive information disclosure when configured as a Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server.
Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways contain a critical authentication bypass vulnerability (CVE-2023-46805) in their web component. This allows unauthenticated remote attackers to access restricted resources, often used in conjunction with CVE-2024-21887 for full system compromise.
Ivanti Endpoint Manager Cloud Service Appliance (EPM CSA) contains a code injection vulnerability that allows an unauthenticated user to execute malicious code with limited permissions (nobody).
Microsoft Exchange Server contains a deserialization of untrusted data that allows an authenticated attacker to achieve remote code execution.