A vulnerability in the Yuzo Related Posts WordPress plugin, used by 60,000 websites, is being exploited in the wild.
Yet another WordPress plugin, Yellow Pencil Visual Theme Customizer, is being exploited in the wild after two software vulnerabilities were discovered.
Original release date: April 12, 2019 The CERT Coordination Center (CERT/CC) has released information on a vulnerability affecting multiple Virtual Private Network (VPN) applications. An attacker could exploit this vulnerability to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review CERT/CC’s Vulnerability Note VU#192371 for more information and refer to vendors for appropriate updates, when available. This product is provided subject to this Notification and this Privacy & Use policy.
A high-severity flaw in the Verizon Fios Quantum Gateway, used in millions of U.S. homes, could allow for command injection.
During its regularly scheduled April security update, Adobe overall issued 43 patches, including ones for 24 critical vulnerabilities in eight of its products.
Overall Intel patched four vulnerabilities, including high-severity flaws in its Media SDK and Intel NUC mini PC.
Original release date: April 09, 2019 Microsoft has released updates to address multiple vulnerabilities in Microsoft software. A remote attacker could exploit some of these vulnerabilities to take control of an affected system. The Cybersecurity and Infrastructure Security Agency (CISA) encourages users and administrators to review Microsoft’s April 2019 Security Update Summary and Deployment Information and apply the necessary updates. This product is provided subject to this Notification and this Privacy & Use policy.
Consumer router models allowed authenticated users to take unrestricted remote control over TL-WR940N and TL-WR941ND routers.
Original release date: April 08, 2019 The US-CERT Cyber Security Bulletin provides a summary of new vulnerabilities that have been recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) / United States Computer Emergency Readiness Team (US-CERT). For modified or updated entries, please visit the NVD, which contains historical vulnerability information. The vulnerabilities …
Read More »
Cisco repatched its RV320 and RV325 routers against two high-severity vulnerabilities, but at the same time reported two new medium-severity bugs with no fixes.