Deep-dive technical analysis, CVE breakdowns, and rapid remediation strategies for critical vulnerabilities across the global supply chain.
Verified advisories and zero-day disclosures.
Adobe ColdFusion contains a deserialization of untrusted data vulnerability that allows for code execution.
Ivanti Connect Secure (ICS) and Ivanti Policy Secure contain a command injection vulnerability (CVE-2024-21887) in web components, allowing authenticated administrators to execute arbitrary commands. This is frequently chained with CVE-2023-46805 for unauthenticated access.
Ivanti Connect Secure (ICS) and Ivanti Policy Secure gateways contain a critical authentication bypass vulnerability (CVE-2023-46805) in their web component. This allows unauthenticated remote attackers to access restricted resources, often used in conjunction with CVE-2024-21887 for full system compromise.
Microsoft SharePoint Server contains an unspecified vulnerability that allows an unauthenticated attacker, who has gained access to spoofed JWT authentication tokens, to use them for executing a network attack. This attack bypasses authentication, enabling the attacker to gain administrator privileges.
Ivanti Endpoint Manager Mobile (EPMM) and MobileIron Core contain an authentication bypass vulnerability that allows unauthorized users to access restricted functionality or resources of the application.
Atlassian Confluence Data Center and Server contain an unauthenticated OGNL template injection vulnerability that can lead to remote code execution.
Ivanti Connect Secure (ICS, formerly known as Pulse Connect Secure), Ivanti Policy Secure, and Ivanti Neurons contain a server-side request forgery (SSRF) vulnerability in the SAML component that allows an attacker to access certain restricted resources without authentication.
Ivanti Endpoint Manager Mobile (EPMM) contains an improper input validation vulnerability that allows a remotely authenticated user with administrative access to achieve remote code execution.