Critical GitLab Bug Threatens Software Development Pipelines
The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance.
Stay informed on the latest CVE entries. Explore critical vulnerabilities and exposures to safeguard your systems from cyber threats and attacks.
Search across headline titles and summaries.
Background for this topic.
CVE is a global system of standardized identifiers for publicly known cybersecurity vulnerabilities. Each record, typically written as CVE-YYYY-NNNN, gives a vulnerability a stable reference and usually includes a description, affected products or versions, and links to advisories or fixes. The CVE Program coordinates the assignment and publication of records through authorized organizations, allowing researchers, vendors, security tools, and defenders to discuss the same flaw without relying on different names.
Practitioners use CVE identifiers to match vulnerabilities across asset inventories, scanners, patch advisories, and threat-intelligence reports. A CVE is an identity, not a severity score or proof that a system is exploitable: prioritization should also consider the affected configuration, exposure, available mitigations, exploit activity, and business impact. Delays in identifying vulnerable versions can leave internet-facing services or embedded components exposed, while incomplete product-to-CVE mapping can cause missed remediation. Security teams should verify the affected versions and vendor guidance before patching or applying workarounds.
The company is urging users running vulnerable versions to patch CVE-2024-5655 immediately, to avoid CI/CD malfeasance.
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques
A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed
Apple has released a firmware update for AirPods that could allow a malicious actor to gain access to the headphones in an unauthorized manner
The high-severity CVE-2024-5806 allows cyberattackers to authenticate to the file-transfer platform as any valid user, with accompanying privileges.
Cybersecurity researchers have detailed a now-patched security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platform that could be exploited to achieve remote code execution