CVE-2024-12718: Path Escape via Python’s tarfile Extraction Filters

A newly disclosed vulnerability in Python’s standard library, CVE-2024-12718, allows attackers to modify file metadata or file permissions outside the intended extraction directory. This issue affects systems running Python 3.12 and above when using tarfile.extract() or tarfile.extractall() with the filter parameter set to “data” or “tar”. Though the vulnerability does not allow direct code execution, […]
Linux Kernel SMB 0-Day Vulnerability CVE-2025-37899 Uncovered Using ChatGPT o3

For the first time, a zero-day vulnerability in the Linux kernel has been discovered using a large language model, OpenAI’s o3. Discovered by security researcher Sean Heelan and assigned CVE-2025-37899, this vulnerability marks a milestone not just in cybersecurity but in the integration of AI into vulnerability research. It also raises serious questions about the […]
Upwind Accelerates Zero-Day Remediation with Runtime and Network-Aware SBOMs

It was a regular Thursday when Lisa, a DevOps lead at a mid-sized fintech company, got an alert: Log4Shell, a zero-day vulnerability in Log4j, was being exploited. Confident in their security posture, she checked the SBOM. No Log4j. But as network anomalies piled up, a manual scan revealed the truth – Log4j was buried in […]
New CVE-2024-5591 Zero-Day Exploitation of Fortinet Firewalls

On January 14, 2025, Fortinet announced a critical vulnerability impacting its FortiOS and FortiProxy systems, CVE-2024-55591 is an authentication bypass zero-day vulnerability that has been actively exploited since mid-November 2024, enabling attackers to hijack Fortinet firewalls and compromise enterprise networks. Successful exploitation grants remote attackers super-admin privileges via malicious requests to the Node.js websocket module. Discovery […]
Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE

Overview Apache has released a security update to address an important Apache Tomcat vulnerability (CVE-2024-56337) that could result in remote code execution (RCE) under certain conditions. This new CVE is closely tied to the earlier Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability during JSP compilation (CVE-2024-50379), for which an incomplete mitigation was issued on December 17, […]
Critical RCE Vulnerability in jsonpath-plus (CVE-2024-21534)

A critical Remote Code Execution (RCE) vulnerability identified as CVE-2024-21534 has been discovered in versions of the jsonpath-plus package before 10.0.0. This vulnerability allows attackers to execute arbitrary code on affected systems by exploiting improper input sanitization and the unsafe default usage of the vm module in Node.js. jsonpath-plus is a JavaScript implementation of JSONPath […]
Analyzing the Latest CUPS RCE Vulnerability: Threats and Mitigations

Remote Code Execution (RCE) in CUPS via ‘cups-browsed’ CUPS (Common Unix Printing System) is a popular printing system for Unix-like systems, with cups-browsed responsible for printer discovery and network browsing. A recent vulnerability in cups-browsed allows Remote Code Execution (RCE) through manipulated printer discovery responses. This vulnerability is caused by insufficient input validation on UDP […]
Critical 9.9 Linux Bug Exposes Containers, Hosts and Endpoints to Remote Code Execution (RCE) Exploits

Several critical Linux vulnerabilities have been declared, involving a bug in CUPS, the Common UNIX Printing System. All versions of Red Hat Enterprise Linux (RHEL) are among the Linux distributions affected, but not in default configuration. There are four vulnerabilities that have been identified and allocated the following CVEs – CVE-2024-47076, CVE-2024-47175, CVE-2024-47176 and CVE-2024-47177. […]
Google Issues Emergency Patch for Chrome Zero-Day (CVE-2024-7965)

Overview On July 30, 2024, a critical zero-day vulnerability (CVE-2024-7965) was discovered in Google Chrome’s V8 JavaScript engine. Google swiftly responded with an emergency patch after confirming that this flaw was being actively exploited in the wild. On August 26, 2024, Google released a new Chrome version addressing this issue that all Chrome users should […]
Identify Emerging Vulnerabilities & Threats in Your Environment With Upwind’s Security Feed

We are excited to announce the release of the Upwind Security Feed – a native feed accessible from directly within the Upwind platform, providing you with constantly updated information about new and emerging attacks, zero days, and security trends that are relevant to your environment and should be investigated further. The Upwind Security Research team […]