0dayNews — Vulnerability & Exploit News

Barracuda Told Customers to Replace Their Appliances, Not Just Patch Them. Here's Why. →

The WinRAR Bug That Hid a Malicious Script Behind a Fake Photo →

vCenter's Unrestricted-Upload Bug: A Reminder That Management Planes Shouldn't Face the Internet →

Spring4Shell: Why This One Needed Careful Triage, Not Panic →
Known Exploited Vulnerabilities
Palo Alto Networks PAN-OS GlobalProtect Command Injection Zero-Day
A command-injection vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS allows an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Exploited in the wild as a zero-day before a patch was available.
Ivanti Connect Secure / Policy Secure Authentication Bypass
An authentication-bypass vulnerability in the web component of Ivanti Connect Secure and Policy Secure gateways allows a remote attacker to access restricted resources without credentials. Chained with CVE-2024-21887 for full remote code execution in real-world attacks.
Ivanti Connect Secure / Policy Secure Command Injection
A command-injection vulnerability in the web components of Ivanti Connect Secure and Policy Secure lets an authenticated administrator send specially crafted requests to execute arbitrary commands. Chained with CVE-2023-46805's auth bypass for unauthenticated RCE in the wild.
Cisco IOS XE Web UI Privilege Escalation Zero-Day
A privilege-escalation vulnerability in the Web UI feature of Cisco IOS XE Software allows a remote, unauthenticated attacker to create an account with privilege level 15 (full admin) access, enabling full device takeover. Exploited at mass scale against tens of thousands of devices.
Citrix Bleed — NetScaler ADC and Gateway Sensitive Information Disclosure
A buffer-overflow vulnerability in Citrix NetScaler ADC and NetScaler Gateway allows attackers to harvest valid session tokens from device memory, hijacking authenticated sessions and bypassing MFA entirely. Widely known as "Citrix Bleed."
Atlassian Confluence Data Center and Server Broken Access Control
A broken-access-control vulnerability in Atlassian Confluence Data Center and Server allows a remote, unauthenticated attacker to create unauthorized Confluence administrator accounts and gain full access to affected instances.
From the desk

The Confluence Bug That Went From Zero-Day to Mass Ransomware Precursor in Days
CVE-2022-26134 gave unauthenticated attackers remote code execution on any exposed Confluence instance — and became a go-to foothold for ransomware operators within days of disclosure.

FortiOS Auth Bypass: Why Fortinet Warned Select Customers Before Going Public
CVE-2022-40684 let attackers bypass authentication on FortiOS and FortiProxy management interfaces and plant persistent SSH keys — Fortinet quietly warned targeted customers before public disclosure.
F5 BIG-IP's Maximum-Severity Auth Bypass: What CVE-2022-1388 Actually Exposed
A critical authentication-bypass flaw in F5 BIG-IP's iControl REST API let unauthenticated attackers execute system commands on appliances that front an enormous share of enterprise application traffic.

Follina Explained: The MSDT Bug That Skipped the Macro Warning Entirely
CVE-2022-30190 let a Word document trigger arbitrary code execution through the Windows Support Diagnostic Tool — no macros, and in some configurations no explicit click required beyond opening the file.

The MSHTML Zero-Day That Turned a Word Document Into Full Code Execution
CVE-2021-40444 let attackers execute arbitrary code through a malicious Office document with no macros required — exploited in the wild before Microsoft's patch existed.

ProxyLogon: Inside the Exchange Server Attack Chain That Triggered an FBI Court Order
CVE-2021-26855 and three chained Exchange Server bugs gave attackers unauthenticated remote code execution — and led to a compromise event so widespread the FBI obtained a court order to remove webshells itself.
This week's SITREP
Week in Review: Five Zero-Days, One Pattern — Edge Devices Are the Front Line
This week's SITREP: Cisco IOS XE, Citrix Bleed, the Ivanti Connect Secure chain, PAN-OS GlobalProtect, and Outlook's MonikerLink bug — plus what's still active in the CISA KEV catalog and what to watch next.
