CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters

CVE_2024_12718_Path_Escape_via_Python’s_tarfile_Extraction_Filters

A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the intended extraction directory. This issue affects systems running Python 3.12 and above when using tarfile.extract() or tarfile.extractall() with the filter parameter set to “data” or “tar”. Though the vulnerability does not allow direct code execution, […]

Linux Kernel SMB 0-Day Vulnerability CVE-2025-37899 Uncovered Using ChatGPT o3

Linux-Kernel-CVE-2025-37899

For the first time, a zero-day vulnerability in the Linux kernel has been discovered using a large language model, OpenAI’s o3. Discovered by security researcher Sean Heelan and assigned CVE-2025-37899, this vulnerability marks a milestone not just in cybersecurity but in the integration of AI into vulnerability research. It also raises serious questions about the […]

Upwind Accelerates Zero-Day Remediation with Runtime and Network-Aware SBOMs

A dependency update diagram for upgrading jackson-dataformat-yaml from version 2.13.4 to 2.15.0, showing affected packages and usage stats: 3 packages, 10 vulnerabilities, 57 images, 137 resources.

It was a regular Thursday when Lisa, a DevOps lead at a mid-sized fintech company, got an alert: Log4Shell, a zero-day vulnerability in Log4j, was being exploited. Confident in their security posture, she checked the SBOM. No Log4j. But as network anomalies piled up, a manual scan revealed the truth – Log4j was buried in […]

New CVE-2024-5591 Zero-Day Exploitation of Fortinet Firewalls 

A red background with a white bug icon symbolizes a critical vulnerability. The text reads: Critical Vulnerability Impacting FortiOS and FortiProxy Systems (CVE-2024-55591) with Upwind logo in the top-right corner.

On January 14, 2025, Fortinet announced a critical vulnerability impacting its FortiOS and FortiProxy systems, CVE-2024-55591 is an authentication  bypass zero-day vulnerability that has been actively exploited since mid-November 2024, enabling attackers to hijack Fortinet firewalls and compromise enterprise networks. Successful exploitation grants remote attackers super-admin privileges via malicious requests to the Node.js websocket module. Discovery […]

Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE

An illustration with a pink background featuring a white bug icon. Text reads: Apache Tomcat Vulnerability (CVE-2024-56337) Exposes Servers to RCE. The Upwind logo is in the top right corner.

Overview Apache has released a security update to address an important Apache Tomcat vulnerability (CVE-2024-56337) that could result in remote code execution (RCE) under certain conditions. This new CVE is closely tied to the earlier Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation (CVE-2024-50379), for which an incomplete mitigation was issued on December 17, […]

Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)

A pink background with concentric circles features a white bug icon in a circle and text below reading Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534). The word upwind appears in the top right corner.

A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]

Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations

A pink graphic shows a penguin inside a circle, symbolizing Linux, and an icon representing printing. The text reads Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations with the Upwind logo in the top right corner.

Remote Code Execution (RCE) in CUPS via ‘cups-browsed’ CUPS (Common Unix Printing System) is a popular printing system for Unix-like systems, with cups-browsed responsible for printer discovery and network browsing. A recent vulnerability in cups-browsed allows Remote Code Execution (RCE) through manipulated printer discovery responses. This vulnerability is caused by insufficient input validation on UDP […]

Critical 9.9 Linux Bug Exposes Containers, Hosts and Endpoints to Remote Code Execution (RCE) Exploits

A stylized image with a pink background features a penguin inside a circle, symbolizing Linux. Next to it is a printer icon. Text reads Critical 9.9 Linux (CUPS) Vulnerability followed by CVE identifiers. The top right corner has the Upwind logo.

Several critical Linux vulnerabilities have been declared, involving a bug in CUPS, the Common UNIX Printing System. All versions of Red Hat Enterprise Linux (RHEL) are among the Linux distributions affected, but not in default configuration.  There are four vulnerabilities that have been identified and allocated the following CVEs – CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. […]

Google Issues Emergency Patch for Chrome Zero-Day (CVE-2024-7965)

A vibrant red image with the Chrome browser logo in the center. Text at the bottom reads Chrome Zero-Day (CVE-2024-7965) and Upwind in the top right corner.

Overview On July 30, 2024, a critical zero-day vulnerability (CVE-2024-7965) was discovered in Google Chrome’s V8 JavaScript engine. Google swiftly responded with an emergency patch after confirming that this flaw was being actively exploited in the wild. On August 26, 2024, Google released a new Chrome version addressing this issue that all Chrome users should […]