#windows

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region. "The group utilizes sophisticated tactics that include deploying a backdoor that leverages Microsoft Exchange servers for credentials theft, and exploiting vulnerabilities

TerraMaster TOS version 4.2.29 suffers from a remote code injection vulnerability leveraging a local file inclusion vulnerability.

SolarView Compact version 6.00 suffers from a PHP code injection vulnerability.

Openfire version 4.8.0 suffers from authentication bypass and code injection vulnerabilities.

MagnusBilling version 6.x suffers from a PHP code injection vulnerability.

Kafka UI version 0.7.1 suffers from a remote code injection vulnerability.

GL.iNet version 4.4.3 suffers from authentication bypass and code injection vulnerabilities.

Gibbon School Platform version 26.0.00 suffers from a PHP code injection vulnerability.

Craft CMS version 4.4.14 suffers from a PHP code injection vulnerability.

Chamilo version 1.11.18 suffers from a PHP code injection vulnerability.