Content Paint
Search
Sign in

vulnerabilities

Cybersecurity  | May 30, 2024
Turf wars? NIST to fix NVD backlog by September – insists it’s right agency to run vulnerability database
Turf wars? NIST to fix NVD backlog by September – insists it’s right agency to run vulnerability database

Update comes after CISA started enriching CVEs itself…

Cybersecurity  | May 22, 2024
Root, but no response: 6 pre-auth RCEs in VMware ignored
Root, but no response: 6 pre-auth RCEs in VMware ignored

"Six exploits, no configuration needed, no ports need to get opened; just straight-up RCEs, no fuss, no muss."

Ivanti  | May 02, 2024
Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing
Gird your loins, there’s a new pre-auth RCE in Ivanti boxes landing

"Code execution in 0 seconds (3 seconds to be more accurate), no limitation, no authentication..."

NVD  | Apr 18, 2024
As NVD flatlines, cybersecurity professionals call for urgent action
As NVD flatlines, cybersecurity professionals call for urgent action

Consortium plans “doomed” as rumours swirl over vulnerability database program borkage.

VPN  | Apr 17, 2024
PAN-OS vuln mitigation howler: “Disabling telemetry” no help
PAN-OS vuln mitigation howler: “Disabling telemetry” no help

POCs for CVSS 10 bug are out of the bag, tens of thousands are exposed, and telemetry mitigation didn't work.

VPN  | Apr 12, 2024
Palo Alto Networks: CVSS 10 bug in Pan-OS is being exploited in the wild
PAN-OS bug CVE-2024-3400

Patch? You'll need to wait until Sunday. Turn off telemetry (no, really; it's a mitigation!) and go to the pub. OK, maybe don't.

xz-utils  | Mar 30, 2024
xz-utils Github repository disabled as Linux maintainers assess blast radius of backdoor, earlier commits
xz-utils Github repository disabled as Linux maintainers assess blast radius of backdoor, earlier commits

Incident suggests a state actor exploiting overstretched maintainer of an "unpaid hobby project"

Ubuntu  | Mar 28, 2024
Password-leaking Ubuntu bug sat silent for 11 years
Password-leaking Ubuntu bug sat silent for 11 years

A newly-discovered Linux bug could allow for password leaks. Worse yet, it has sat undiscovered in the OS for the last 11 years

Fortinet  | Mar 13, 2024
Fortinet warns on critical SQL Injection bug after NCSC disclosure
Fortinet warns on critical SQL Injection bug after NCSC disclosure

More pre-auth RCE bugs in Fortinet appliances? Colour us shocked!

Interviews, Insight, Intelligence for Hungry Folks

© 2025 The Snack
©  2025 The Snack

Search the site
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Your link has expired. Please request a new one.
Great! You've successfully signed up.
Great! You've successfully signed up.
Welcome back! You've successfully signed in.
Success! You now have access to additional content.