The affected tool is R-SeeNet, which is designed to help network administrators monitor their Advantech routers. Talos researchers discovered that R-SeeNet is affected by seven vulnerabilities, a majority of which have been assigned a critical severity rating. An attacker can exploit the vulnerabilities to execute arbitrary JavaScript code in the targeted user’s browser by getting…

WooCommerce is a popular open-source eCommerce plugin for WordPress, with more than 5 million installations to date, making it an attractive target for cybercriminals. On Thursday, WooCommerce said that on July 13 it received a report of a critical vulnerability in the plugin, urging users to update their installations as soon as possible, but without…

The 18 new advisories prepared by Siemens for the July 2021 Patch Tuesday cover nearly 80 vulnerabilities impacting the company’s products. Some of the vulnerabilities have already been patched by Siemens, while others are in the process of being fixed. Workarounds and/or mitigations are also available. An advisory for JT2Go and Teamcenter Visualization covers the…

The Mountain View, Calif.-based Adobe urged Windows and macOS users to treat the PDF Reader patch with the utmost priority, because the flaws expose machines to remote code execution and privilege escalation attacks. The Acrobat and Reader update patches at least 19 documented vulnerabilities, all carrying the “critical” or “important” security ratings. ”Successful exploitation could…

Advisories describing the vulnerabilities were published this month by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Mitsubishi Electric. SecurityWeek has also obtained additional information from people involved in the discovery and disclosure of these flaws. One advisory describes a critical vulnerability that exposes the affected control systems to unauthenticated XML external entity injection…

The issue has been a public embarrassment for Microsoft over the last two weeks as security researchers used social media to highlight major problems with Redmond’s mitigation guidance and the effectiveness of its out-of-band update. “We’re aware of claims and are investigating, but at this time we are not aware of any bypasses,” Microsoft said…