The flaw (CVE-2024-0204) could enable remote, unauthenticated attackers to bypass authentication in order to create new users.
Threat actors exploited a critical-severity VMware flaw for almost two years before patches were released in October.
A path traversal zero day (CVE-2023-47246) in the SysAid on-premises product is under active attack by the ace Tempest threat group.
Further details for the vulnerability were not specified, but the bug is rated 9.1 out of 10 on the CVSS v3 scale, and Atlassian is underscoring its potential impact for customers.
The Winter Vivern APT group has been targeting a zero day XSS vulnerability in the Roundcube webmail server in recent weeks.