May brought a fresh wave of security concerns as critical vulnerabilities in popular software were identified, including Apache, Gitlab, and Github. These vulnerabilities have the potential to enable attackers to compromise data, take over systems, and cause chaos within networks. Let’s delve into the top 5 CVEs that demand immediate attention to ensure security.

CVE-2024-27348: Unauthenticated Users Can Execute OS Commands in Apache HugeGraph-Server

CVE-2024-27348 poses a critical threat to Apache HugeGraph-Server, allowing for remote code execution (RCE). This vulnerability could empower attackers to seize control of systems running susceptible versions of the software.

Affected Software: Apache HugeGraph-Server versions prior to 1.3.0

Vulnerability: Unauthenticated RCE via Groovy injection

Impact: Potential system takeover by attackers

The vulnerability stems from inadequate user input sanitization, enabling attackers to inject Groovy code, a language used for executing commands on systems.

Mitigation: To address this vulnerability, it is crucial to upgrade to Apache HugeGraph-Server version 1.3.0 or later, as this release rectifies the flaw by enhancing user input sanitization. Additionally, staying vigilant about software updates, sourcing software from trusted providers, and reaching out to Apache HugeGraph-Server maintainers for further guidance can bolster defenses.

CVE-2024-24919: Check Point Security Gateway Information Disclosure Vulnerability

CVE-2024-24919 marks a high-severity information disclosure vulnerability impacting Check Point Security Gateway devices. Detected in May 2024, this vulnerability has already been exploited.