CVE-2024-6387, dubbed regreSSHion, has been identified in the OpenSSH server. This vulnerability enables remote unauthenticated attackers to execute arbitrary code on the target server, presenting a severe risk to systems that utilize OpenSSH for secure communications.

LogoFail：The BMP, GIF, JPEG, PCX, and TGA parsing inventory contained in the BIOS UEFI system firmware is vulnerable. These libraries are used to parse personalized boot logo images loaded from EFI system partitions, which may cause local attackers with elevated privileges to trigger a denial of ser...

Eclypsium Research has discovered and reported 3 vulnerabilities（CVE-2022-40259、CVE-2022-40242、CVE-2022-2827） in AMI MegaRAC Baseboard Management Controller (BMC) software. We are referring to these vulnerabilities collectively as BMC&C. The BMC&C vulnerabilities range in severity from Medium to Cri...

A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is ...

Apache Log4j2 <=2.14.1 JNDI features used in configuration, log messages, and parameters do not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when messa...

The JSOF research lab has discovered a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. The 19 vulnerabilities, given the name Ripple20, affect hundreds of millions of devices (or more) and include multiple remote code execution vulnerabi...