Blog

Back to all stories
Follow and Subscribe

Matthew Mathur

Senior Security Researcher
May 29

Active exploitation of unauthenticated stored XSS vulnerabilities in WordPress Plugins

We have observed active exploitation attempts targeting three high-severity CVEs: CVE-2024-2194, CVE-2023-6961, and CVE-2023-40000.
October 3, 2023

CVE-2023-30534: Insecure Deserialization in Cacti prior to 1.2.25

We have discovered two instances of insecure deserialization in Cacti versions prior to 1.2.25, tracked as CVE-2023-30534.
August 22, 2023

Back to Basics: Directory Traversal

In this post, we'll explore the application vulnerability directory traversal. What is it and how can you protect your apps from it?
August 3, 2023

Network Effect Threat Report: Uncovering the power of collective threat intelligence

Announcing the Network Effect Threat Report, Fastly’s threat intelligence report with insights based on unique data from April to June of 2023
July 11, 2023

Back to Basics: OS Command Injection

What is an OS Command Injection? In this blog, we'll explore the web application vulnerability, OS Command Injection, and how to prevent it.
June 9, 2023

CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability

What you need to know about CVE-2023-34362: Progress MOVEit Transfer SQL Injection Vulnerability
February 28, 2023

Anatomy of a Command Injection: CVE-2021-25296(7,8) with Metasploit Module & Nuclei Template

NagiosXI versions 5.5.6 to 5.7.5 are vulnerable to three different instances of command injection.

Ready to get started?

Get in touch or create an account.

Try Fastly freeTalk to an expert
Fastly
© Fastly 2024