Overview Recently, NSFOCUS CERT detected that Gitblit issued a security announcement and fixed the Gitblit authentication bypass vulnerability (CVE-2024-28080); Because Gitblit's SSH service has defects in the public key authentication process, unauthenticated attackers can use the client's public key to trigger signature verification failure and fall back to password-based authentication...
Categoria: Emergency Response
Microsoft’s August Security Update High-Risk Vulnerability Notice for Multiple Products
Overview On August 13, NSFOCUS CERT detected that Microsoft released the August Security Update patch, which fixed 111 security issues involving widely used products such as Windows, Microsoft Office, Microsoft SQL Server, Visual Studio, and Microsoft Exchange Server. These include high-risk vulnerability types such as privilege escalation and remote code...
Cursor Remote Code Execution Vulnerability (CVE-2025-54135)
Overview Recently, NSFOCUS CERT detected that Cursor issued a security bulletin and fixed the Cursor remote code execution vulnerability (CVE-2025-54135); Because Cursor allows files to be written to the workspace without user approval, when an external Model Control Protocol (MCP) server is configured through the Cursor user interface, an attacker...
WebSphere Application Server Remote Code Execution Vulnerability (CVE-2025-36038)
Overview Recently, NSFOCUS CERT detected that IBM issued a security bulletin to fix the WebSphere Application Server remote code execution vulnerability (CVE-2025-36038); Due to a flaw in WebSphere Application Server’ s validation of user-entered data, an unauthenticated attacker could execute arbitrary code on the target system by constructing malicious serialized...
Gogs Remote Command Execution Vulnerability (CVE-2024-56731)
Overview Recently, NSFOCUS CERT detected that Gogs issued a security bulletin and fixed the Gogs remote command execution vulnerability (CVE-2024-56731); Due to the incomplete CVE-2024-39931 fix, an authenticated attacker can delete files in the .git directory through symbolic links and execute arbitrary commands on the Gogs instance using the account...
Microsoft’s Security Update in June of High-Risk Vulnerability Notice for Multiple Products
Overview On June 11, NSFOCUS CERT detected that Microsoft released a security update patch for June, fixing 67 security issues involving widely used products such as Windows, Microsoft Office, Azure, and Microsoft Visual Studio, including high-risk vulnerability types such as privilege escalation and remote code execution. Of the vulnerabilities fixed...
