More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit.
Threat update
There has been active exploitation of a critical operating system (OS) command injection vulnerability, known as CVE-2017-3506, found in the Oracle WebLogic Server. The impact can be severe, ranging from financial loss to reputational damage.
Threat update
A new critical command injection vulnerability, CVE-2024-23108, was found in Fortinet's FortiSIEM solution. This vulnerability poses significant risks to organizations using the solution.
Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024.
Today, Palo Alto Networks warns that an unpatched critical command injection vulnerability in its PAN-OS firewall is being actively exploited in attacks.