Posted on October 31, 2023 in Services & System Applications
An authorization vulnerability exploitable by unauthenticated users has been discovered in Atlassian Confluence, and has been assigned a bug alert severity of 'very high'. Exploitation of the vulnerability can cause substanial data loss. Atlassian recommends removing installations from the Internet immediately if they cannot be patched.
Posted on October 04, 2023 in Services & System Applications
A privilege escalation flaw has been found, and is being actively exploited, in Atlassian Confluence, and has been assigned a bug alert severity of 'very high'. Atlassian recommends removing installations from the Internet immediately if they cannot be patched.
Posted on May 30, 2022 in End-User Applications
A remote code execution vulnerability, dubbed 'Follina', has been found in Microsoft Office via Microsoft Support Diagnostic Tool (MSDT). This issue can be exploited in the default configuration on Windows, and only requires the user be tricked into downloading a malicious file. There is no patch. This issue has been assigned a bug alert severity of 'high'.
Posted on March 29, 2022 in Software Frameworks, Libraries, and Components
An unconfirmed, but possible, remote code execution vulnerability is believed to exist in Spring, an extremely popular Java framework. This issue is likely easily exploited in common configurations. If confirmed, another notice will be sent out with a severity of 'critical'. While unconfirmed, the severity has been assigned 'high'.