Security Bulletins

Security bulletin with exclamation point symbol in the middle of the screen

CVE-2024-50388: Critical OS Command Injection Vulnerability in QNAP HBS 3 Hybrid Backup Sync

October 30, 2024

On October 29, 2024, QNAP issued a security advisory regarding a critical OS command injection vulnerability, tracked as CVE-2024-50388. Discovered by researchers at the Pwn2Own

CVE-2024-47575: Critical Vulnerability in FortiNet FortiManager Under Active Exploitation

October 24, 2024

On October 23, 2024, Fortinet published an advisory disclosing an actively exploited vulnerability (CVE-2024-47575) affecting FortiManager and FortiManager Cloud. The critical-severity vulnerability can be exploited

Update: Broadcom Releases Fix for Incomplete Patch of Critical RCE Vulnerability in VMware vCenter Server and Cloud Foundation (CVE-2024-38812)

October 22, 2024

On October 21, 2024, Broadcom released updated fixes for the critical Remote Code Execution (RCE) vulnerability CVE-2024-38812 in vCenter Server and Cloud Foundation, as the

CVE-2024-28988: Critical Java Deserialization RCE Vulnerability Impacts SolarWinds Web Help Desk

October 18, 2024

On October 15, 2024, SolarWinds released a hotfix for CVE-2024-28988, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an

CVE-2024-9164: Critical Arbitrary Branch Pipeline Vulnerability in GitLab EE

October 10, 2024

On October 9, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab EE, identified as CVE-2024-9164. This flaw allows a remote

Microsoft Patch Tuesday – October 2024: Critical and Exploited Vulnerabilities

October 10, 2024

On October 7, 2024, Microsoft released its October security update, addressing 117 vulnerabilities. Arctic Wolf has highlighted four of these vulnerabilities, which were either classified

Security bulletin with an exclamation point in the middle of the screen

Rackspace Breach Linked to Zero-Day Vulnerability in ScienceLogic SL1’s Third-Party Utility

October 4, 2024

On September 24, 2024, Rackspace, a managed cloud computing company providing cloud hosting, dedicated servers, and multi-cloud solutions, reported an issue with their Rackspace Monitoring

Multiple Vulnerabilities Disclosed in Linux-based CUPS Printing Service

September 27, 2024

On September 26, 2024, a security researcher disclosed several vulnerabilities affecting Common UNIX Printing System (CUPS) within GNU/Linux distributions. CUPS is an open-source printing system

Critical RCE Vulnerabilities Impacting HPE Aruba Networking Access Points

September 26, 2024

On September 24, 2024, Hewlett Packard Enterprise (HPE), the parent company of Aruba Networks, released a security bulletin addressing three critical command injection vulnerabilities affecting

CVE-2024-38812: Critical RCE Vulnerability Fixed in VMware vCenter Server and Cloud Foundation

September 18, 2024

Update (10/22/2024): Broadcom has released updated fixes for this vulnerability as the initial patch from September did not fully resolve the issue. Please read our

CVE-2024-6678: GitLab Fixes Critical Pipeline Execution Vulnerability

September 12, 2024

On September 11, 2024, GitLab released patches for a critical vulnerability affecting various versions of GitLab CE/EE, identified as CVE-2024-6678. This flaw allows a remote

Microsoft’s September 2024 Patch Tuesday: Critical and Exploited Vulnerabilities Patched

September 11, 2024

On September 10, 2024, Microsoft released its September security update, addressing 79 vulnerabilities. Arctic Wolf has highlighted four vulnerabilities in this bulletin that Microsoft labeled

CVE-2024-29847: Ivanti Addresses Maximum Severity RCE Vulnerability in Endpoint Manager

September 10, 2024

On September 10, 2024, Ivanti released fixes for CVE-2024-29847, a maximum severity vulnerability in Ivanti Endpoint Manager (EPM). This flaw, found in the agent portal

Arctic Wolf Observes Akira Ransomware Campaign Targeting SonicWall SSLVPN Accounts

September 6, 2024

On August 22, 2024, a remote code execution vulnerability (CVE-2024-40766) was disclosed in SonicOS, affecting a selection of SonicWall firewall devices. At the time of

Critical Vulnerabilities Patched in Veeam Products

September 6, 2024

On September 4, 2024, Veeam released a security bulletin announcing that they have fixed several vulnerabilities affecting various Veeam products. Arctic Wolf has highlighted five

CVE-2024-20439 & CVE-2024-20440: Critical Cisco Smart Licensing Utility Vulnerabilities

September 5, 2024

On September 4, 2024, Cisco released fixes for two critical vulnerabilities in Cisco Smart Licensing Utility (CSLU), a tool used to manage licenses across Cisco

CVE-2024-7261: Critical OS Command Injection Vulnerability in Zyxel APs and Security Routers

September 5, 2024

On September 3, 2024, Zyxel released patches for a critical OS command injection vulnerability, identified as CVE-2024-7261, affecting Access Points (APs) and security routers. This

CVE-2024-6633: Critical Credential Vulnerability Affecting Fortra FileCatalyst Workflow

September 3, 2024

On August 27, 2024, Fortra published a security advisory regarding a critical credential vulnerability in FileCatalyst Workflow, identified as CVE-2024-6633. FileCatalyst Workflow is a managed

CVE-2024-40766: Critical Improper Access Control Vulnerability Impacting SonicOS

August 27, 2024

Update: As of September 6, 2024, we published an updated bulletin indicating potential exploitation of CVE-2024-40766 by affiliates of Akira ransomware. Please review the updated bulletin for more details.

CVE-2024-28986 & CVE-2024-28987: Follow-Up: New SolarWinds HotFix Addresses Critical Vulnerabilities in Web Help Desk

August 22, 2024

Updates Since Last Security Bulletin: CVE-2024-28986 was added to CISA’s Known Exploited Vulnerabilities Catalog. A second hotfix has been released to address a newly disclosed

CVE-2024-6800: Critical Authentication Bypass Vulnerability Affecting GitHub Enterprise Server

August 21, 2024

On August 20, 2024, GitHub released security fixes for a critical authentication bypass vulnerability in GitHub Enterprise Server, identified as CVE-2024-6800. GitHub Enterprise Server is

CVE-2024-28986: Critical RCE Vulnerability Impacting SolarWinds Web Help Desk

August 16, 2024

On August 13, 2024, SolarWinds released a hotfix for CVE-2024-28986, a critical Remote Code Execution (RCE) vulnerability affecting Web Help Desk (WHD). WHD is an

Microsoft Patch Tuesday August 2024 Several Critical Vulnerability and Actively Exploited Vulnerabilities

August 14, 2024

On August 13, 2024, Microsoft released their August 2024 security update, which addressed 90 vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted 15 in this

CVE-2024-7593 & CVE-2024-7569: Critical Vulnerabilities Impacting Ivanti Virtual Traffic Manager and Neurons for ITSM

August 13, 2024

On August 12, 2024, Ivanti announced a critical authentication bypass vulnerability in its Virtual Traffic Manager (vTM), identified as CVE-2024-7593. Ivanti Virtual Traffic Manager (vTM)

Security Bulletin with an exclamation point in the center of the image

Multiple Critical Vulnerabilities in SolarWinds Access Rights Manager Responsibly Disclosed to Vendor

July 31, 2024

On July 17, 2024, SolarWinds published a security advisory detailing multiple critical vulnerabilities in its Access Rights Manager (ARM) software. These vulnerabilities were responsibly disclosed

Security Bulletin text on the screen with a wolf in the background

CVE-2024-6327: Critical RCE Vulnerability in Progress Telerik Report Server

July 29, 2024

On July 24, 2024, Progress published a knowledge base article disclosing a critical vulnerability (CVE-2024-6327) impacting Telerik Report Server, a product by Progress designed for

CVE-2024-20401 and CVE-2024-20419: Critical Vulnerabilities in Cisco Secure Email and Cisco Smart Software Manager On-Prem

July 23, 2024

On July 17, 2024, Cisco publicly disclosed critical vulnerabilities in Cisco Secure Email Gateway (SEG) and Cisco Smart Software Manager On-Prem (SSM), identified as CVE-2024-20401

CVE-2024-4879, CVE-2024-5178, CVE-2024-5217: ServiceNow MID Server Vulnerabilities Resulting in Unauthorized Code Execution

July 17, 2024

On July 10, 2024, ServiceNow disclosed a series of critical vulnerabilities impacting their platform, identified as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217. These vulnerabilities were responsibly disclosed

CVE-2024-6385: Critical Unauthorized Pipeline Job Vulnerability in GitLab

July 12, 2024

On July 10, 2024, GitLab issued an advisory regarding a critical vulnerability (CVE-2024-6385) in GitLab CE/EE that had been reported to them through a bug

Critical Vulnerability and Actively Exploited Vulnerabilities in Microsoft’s July 2024 Patch Tuesday Update

July 10, 2024

On July 9, 2024, Microsoft published their July 2024 security update, consisting of 139 newly disclosed vulnerabilities. Among these vulnerabilities, Arctic Wolf has highlighted seven

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.
Privacy Notice	Terms of Use	Cookie Policy	Accessibility Statement	Information Security	Sustainability Statement	Cookies Settings

Platform

Concierge

Journey

Reduce Attack Frequency

Reduce Attack Severity

Transfer Risk

Get Started

Why Arctic Wolf

Expertise by Topic

Expertise by Industry

Resource Centre

Trending Resources

NIS2 aims to make the EU as a whole more resilient to cyber threats and strengthen cooperation between Member States on cybersecurity.

The Arctic Wolf State of Cybersecurity: 2025 Trends Report serves as an opportunity for decision makers to share their experiences over the past 12 months and their perspectives on some of the most important issues shaping the IT and security landscape.

The Arctic Wolf Threat Report draws upon the first-hand experience of our security experts, augmented by research from our threat intelligence team.

CVE-2026-0300 — Critical Buffer Overflow in PAN-OS User-ID Authentication Portal

Beyond the Bug: Why Cybersecurity Still Matters Even If AI Improves Secure Development

Microsoft Patch Tuesday: April 2026

Company

Careers

Press

Arctic Wolf Networks 8939 Columbine Rd Eden Prairie, MN 55347

1.888.272.8429

© 2026 Arctic Wolf Networks Inc. All Rights Reserved.

Arctic Wolf Networks
8939 Columbine Rd
Eden Prairie, MN 55347