SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Critical Flaw in Cisco Smart Software Manager Allows Attackers to Control the Device
A critical vulnerability in the Cisco Smart Software Manager On-Prem (SSM On-prem) authentication system that allowed unauthenticated, remote attackers to change the password of any user, including that of administrators, has been fixed.
CVE Research
NIST Vulnerability Management
Cybersecurity is important. It’s a hard truth we all must accept. Cyber threats are constantly evolving, targeting individuals, businesses, and governments. As much as I hate to say it, protecting sensitive information and maintaining secure systems is crucial.
CVE Research
GeoServer Critical RCE Flaw Actively Exploited, Warns CISA
GeoServer, an open-source tool used to share and modify geospatial data, is under attack. CVE-2024-36401, which impacts the GeoTools plugin, has a severity rating of 9.8 and arises from the unsafe evaluation of property names as XPath expressions. The GeoTools library API exposes property and attrib...
CVE Research
Exim Mail Server Vulnerability: A Critical Threat Affecting Millions
A critical vulnerability (CVE-2024-39929) in the Exim mail transfer agent could enable attackers to deliver malicious attachments to users’ inboxes. The flaw, rated 9.1 out of 10 on the CVSS scale, affects versions up to 4.97.1 and has been fixed in version 4.98.
CVE Research
Ghostscript Vulnerability Actively Exploited in the Wild
A severe remote code execution (RCE) vulnerability in the widely used Ghostscript library is being actively exploited. This vulnerability, identified as CVE-2024-29510, affects Ghostscript versions 10.03.0 and earlier. Ghostscript, a document conversion tool, is commonly found on Linux systems and i...
