SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Critical Vulnerability Uncovered: CVE-2025-0282 Puts Ivanti Systems at Risk
Ivanti has disclosed a critical vulnerability identified as CVE-2025-0282, affecting several of its products, including Ivanti Connect Secure, Policy Secure, and Neurons for ZTA gateways. With a CVSS Score of 9.0, this stack-based buffer overflow vulnerability allows remote, unauthenticated attacker...
CVE Research
How New Year Traffic Stresses Your Cloud Security (And What to Do About It)
The New Year is here — a time for fresh beginnings, renewed goals, and ambitious business plans. However, it’s also a period where cybercriminals remain active, exploiting vulnerabilities that arise during high-traffic events and transitions into the new calendar year.
CVE Research
Palo Alto PAN-OS Severe Vulnerability (CVE-2024-3393) Exploited
Palo Alto announced a critical security vulnerability affecting its PAN-OS software. PAN-OS is the operating system developed by Palo Alto Networks for its network security devices, which is used to provide advanced security features.The vulnerability tracked as CVE-2024-3393 can cause a denial of s...
CVE Research
Critical Dell SupportAssist Vulnerability (CVE-2024-52535) Exploited
Dell announced a critical security vulnerability affecting its SupportAssist software, widely used for system diagnostics and updates on Dell PCs. Identified as CVE-2024-52535, this flaw poses significant risks to cybersecurity experts and end-users.
CVE Research
Understanding DDoS Attacks: A Comprehensive Guide
Businesses and services rely heavily on online presence, the threat of cyberattacks looms large. Among these threats, Distributed Denial of Service (DDoS) attacks stand out due to their ability to paralyze websites and online services. A DDoS attack occurs when multiple compromised systems target a ...
CVE Research
Security Alert: Critical Remote Code Execution Vulnerability Discovered in Sophos Firewall
Sophos has addressed three security flaws in Sophos Firewall products that could enable remote, unauthenticated attackers to execute SQL injection and remote code execution, as well as gain privileged SSH access to affected devices.
CVE Research
Critical Security Fixes: Sophos Firewall Vulnerabilities CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729
Sophos addressed three critical vulnerabilities in its Firewall product: CVE-2024-12727, CVE-2024-12728, and CVE-2024-12729. These vulnerabilities posed significant security risks, including remote code execution and unauthorized system access.
CVE Research
CVE-2024-50379: Apache Tomcat Remote Code Execution Vulnerability
Apache Tomcat, one of the most widely used open-source application servers for running Java applications, has long been trusted by organizations around the world. However, as with all widely used software, vulnerabilities can pose significant risks if not addressed promptly.
CVE Research
CVE-2023-34990: Critical Path Traversal Flaw Found in Fortinet FortiWLM
On 12 May 2023, Horizon3 researcher Zach Hanley found an unauthenticated limited file read vulnerability in FortiWLM that he promptly disclosed to Fortinet. On 18 December 2024, it was given a name—CVE-2023-34990—and Fortinet released an advisory warning users of its severity.