Cyber Security Research Blogs

Vulnerable Version versions before 1.6.0. Fixed Version fix version 1.6.0. Base Score 8.8 High                                                                   CVE-2024-42323 Vendor Description:- Apache HertzBeat is an open-source, real-time monitoringContinue readingHertzBeat SnakeYaml Deserialization – CVE-2024-42323

Vulnerable Version before 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 Fixed Version fix Versions 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10 Base Score 5.3 Medium                                                                   VendorContinue readingVite Development Server File Read Bypass – CVE-2025-30208

Vulnerable Version version 4.7.4 and 4.6.7 Fixed Version version 4.7.5, 4.6.8 Base Score 7.5 High                                                                         Vendor Description:- Openfire is an open-source XMPP (Jabber) serverContinue readingOpenfire Admin Console Auth Bypass – CVE-2023-32315

Vulnerable Version Prior to versions 14.2.25 and 15.2.3 Fixed Version Upgrade in 14.2.25 and 15.2.3 Base Score 9.1 Critical                                                                   Vendor Description:- Next.js is aContinue readingNext.js Middleware Authorization Bypass – CVE-2025-29927

Vulnerable Version versions 5.1.1 and below Fixed Version Upgrade in latest version Base Score 9.8 Critical                                                                   Vendor Description:- Apache RocketMQ is a distributed messagingContinue readingRocketMQ Arbitrary File Write Vulnerability – CVE-2023-37582

Vulnerable Version Rejetto HFS version 2.3m & earlier Fixed Version Upgrade to the latest version of HFS Base Score 9.8 critical                                                                         Vendor Description:- TheContinue readingRCE in Rejetto HFS Server 2.x – CVE-2024-23692

Vulnerable Version 2.0.0 to 2.3.37 (End-of-life)2.5.0 to 2.5.336.0.0 to 6.3.0.2 Fixed Version Struts 6.5.0 or greater Base Score 9.5 Critical                                                                   Vendor Description:- Apache StrutsContinue readingUpload Path Traversal in Apache Struts2 – CVE-2024-53677

Vulnerable Version versions 2.1.3 to 2.8.2 Fixed Version version 2.8.3 Base Score 9.8 Critical                                                                         Vendor Description:- The Ultimate Member plugin for WordPress is aContinue readingWordPress Ultimate Member SQL Injection – CVE-2024-1071

Vulnerable Version versions RocketMQ 5.x and 4.x Fixed Version version to 5.1.2 and 4.9.7 Base Score 9.8 Critical                                                                         Vendor Description:- Apache RocketMQ is aContinue readingRocketMQ Arbitrary File Write Vulnerability – CVE-2023-37582

Vulnerable Version Grafana version less than 11.0.5, 11.1.6, and 11.2.1 Fixed Version later version (11.0.5, 11.1.6, or 11.2.1) Base Score 9.4 Critical                                                                      Vendor Description:-Continue readingGRAFANA SQL EXPRESSIONS RCE – CVE-2024-9264