Google has addressed a high-severity inappropriate implementation vulnerability in Chrome's V8 JavaScript engine, tracked as CVE-2024-7965, which is the 10th actively exploited zero-day in the browser so far this year.
Open-source GPS tracking server Traccar has been impacted with a high-severity path traversal vulnerability, tracked as CVE-2024-24809, and a critical unrestricted file upload flaw, tracked as CVE-2024-31214, which could be leveraged to facilitate remote code execution without authorization.
More than 17,500 vulnerabilities have been reported between January and June, which is 11% higher than the first six months of 2023, over 45% of which were either high or critical severity, according to the Flashpoint Cyber Threat Intelligence Index.
Information leaked by the database included names, addresses, phone numbers, email addresses, partial credit card details, and HIPAA patient consent forms from health providers, restaurant chains, schools, homeowners, religious entities, and casinos as early as 2012.
Intrusions aimed at Versa Director versions earlier than 22.1.4 involved the utilization of a custom zero-day-linked web shell facilitating the compromise of credentials that could be leveraged for further network infiltration.
The security flaw, tracked as CVE-2024-28987, received a 9.1 severity rating in the Common Vulnerability Scoring System. The security blunder affects Web Help Desk 12.8.3 HF1 and its previous versions, and users are encouraged to manually install the 12.8.3 HF2 to potentially remove the baked-in creds.
The vulnerability, tagged as CVE-2021-44228, was first reported in November 2021 and led to a global scramble to implement patches. Despite these efforts, the flaw remains a persistent threat due to complex software dependencies that hinder comprehensive patching.