CensysSep 18, 2024
CVE-2024-38812 (CVSS 9.8) is a heap-overflow RCE affecting vCenter versions before 7.0 U3s and 8.0 U3b. Exploitation can lead to remote code execution and privilege escalation. Over 2,800 devices are exposed online. Patch immediately! #CensysRapidResponse https://censys.com/cve-2024-38812/
September 18, 2024 Advisory: VMware vCenter DCERPC Heap-Overflow RCE [CVE-2024-38812]

Censys
CensysAug 29, 2024
🚨 Moodle RCE Vulnerability (CVE-2024-43425) alert! Attackers can execute code via calculated questions. Update to 4.4.2, 4.3.6, 4.2.9, or 4.1.12 ASAP. 238,205 exposed Moodle instances detected by Censys. More info: https://censys.com/cve-2024-43425/ #CensysRapidResponse
August 29, 2024 Advisory: Moodle Calculated Questions RCE [CVE-2024-43425]

Censys
CensysAug 28, 2024
🚨 Advisory: Critical RCE vulnerability in Progress WhatsUp Gold (CVE-2024-4885) allows unauthenticated attackers to execute arbitrary code. Update to version 2023.1.3 immediately! #CensysRapidResponse https://censys.com/cve-2024-4885/
August 28, 2024 Advisory: Progress WhatsUp Gold GetFileWithoutZip Unauthenticated RCE [CVE-2024-4885]

Censys
CensysAug 13, 2024
🚨 Security Advisory: A critical RCE vulnerability (CVE-2024-37287, CVSS 9.9) in Elastic Kibana could allow attackers to execute arbitrary code via ML and Alerting connectors. Patch now to secure your instances! #CensysRapidResponse https://censys.com/cve-2024-37287/
August 13, 2024 Advisory: Elastic Kibana Prototype Taining RCE [CVE-2024-37287]

Censys
CensysAug 12, 2024
🚨 Microsoft has patched CVE-2024-38077, a critical RCE flaw in Windows Remote Desktop Licensing Service (CVSS 9.8). 79k instances exposed online. Apply patches immediately! #CVE #RCE #CensysRapidResponse https://censys.com/cve-2024-38077/
August 12, 2024 Advisory: Windows Remote Desktop Licensing Service RCE [CVE-2024-38077]

The vulnerabilities stem from heap overflow flaws in Windows Remote Desktop Licensing Service. An attacker could send a malicious message that are then executed on the server, allowing for remote code execution.

Censys
CensysJul 25, 2024
Progress Telerik Report Server insecure deserialization vulnerability (CVE-2024-6327) allows RCE, affecting versions before 2024 Q2. Upgrade to 10.1.24.709 ASAP to prevent remote code execution! #CVE #CensysRapidResponse https://censys.com/cve-2024-6327/
July 25, 2024 Advisory: Progress Telerik Report Server RCE [CVE-2024-6327]

Progress Telerik Report Server versions before 2024 Q2 are vulnerable to a insecure deserialization vulnerability that would allow remote code execution.

Censys
CensysJul 24, 2024
Two critical vulnerabilities in Apache HTTP Server (CVE-2024-40725 & CVE-2024-40898) could allow attackers to smuggle requests or bypass SSL client auth, leading to unauthorized access. Upgrade to version 2.4.62+ and review SSL configs ASAP! #ApacheHTTPServer #CVE #CensysRapidResponse https://censys.com/cve-2024-40725-40898/
July 23, 2024 Advisory: Vulnerability in Apache HTTP Server [CVE-2024-40725 & CVE-2024-40898]

Two vulnerabilities, CVE-2024-40725 and CVE-2024-40898, have been identified in Apache HTTP Server versions 2.4.0 to 2.4.61.

Censys