Fortra Releases Security Advisories for FileCatalyst Workflow


Fortra has released security advisories addressing a critical vulnerability and a high severity vulnerability found in FileCatalyst Workflow.

FileCatalyst is an accelerated file transfer software solution that allows the transfer of large files over remote networks. CVE-2024-6632 is an SQL injection vulnerability with a CVSSv3 score of 7.2 (high), which if exploited could allow an unauthenticated attacker to modify or delete data in the application database, and create administrative users.

Read more…
Source: NHS Digital


Sign up for our Newsletter


Related:

  • Microsoft working on a fix for RoguePlanet, a flaw that grants full PC control

    June 18, 2026

    A publicly available exploit called RoguePlanet can give attackers the highest level of access on Windows systems. Microsoft has confirmed the vulnerability and says it’s working on a security update. RoguePlanet is tracked under CVE-2026-50656, where it’s described as a Microsoft Defender Elevation of Privilege (EoP) vulnerability. Read more… Source:  MalwareBytes Labs Sign up for the Cyber Security Review Newsletter The latest cyber ...

  • Cisco SD-WAN make-me-root bug under attack

    June 16, 2026

    Cisco today issued a fix for a Catalyst SD-WAN Manager bug that attackers have already spotted and exploited to get root privileges, according to both the networking vendor and the feds. The vulnerability, tracked as CVE-2026-20262, is in the web UI of Cisco Catalyst SD-WAN Manager, and exists because the software is not properly validating user-supplied input during ...

  • Hijacking Vertex AI Model Uploads for Cross-Tenant RCE

    June 16, 2026

    Palo Alto Unit42 discovered a vulnerability in the Google Cloud Vertex AI software development kit (SDK) for Python, and responsibly disclosed it to Google. Before Google’s fix, the vulnerability would have allowed an attacker operating entirely from their own Google Cloud project to hijack a victim’s model upload and poison it. By exploiting this flaw ...

  • Oracle warns of security bug that hackers abused to breach 100+ companies

    June 11, 2026

    Oracle warned its corporate customers that there is a critical-rated vulnerability in its PeopleSoft software, which is used by large companies to manage payroll and human resources, a day after a cybercrime group took credit for abusing the flaw as part of a mass-hacking campaign. The company published the security advisory on Thursday after the hacking group ShinyHunters ...

  • CISA gives US federal agencies three days to fix a VPN bug under attack by a ransomware gang

    June 9, 2026

    A ransomware group is actively exploiting an unpatched flaw in security tools used across the U.S. federal government, prompting the U.S. cybersecurity agency CISA to order all civilian agencies to remediate the vulnerability by end of day Wednesday. Cybersecurity firm Check Point Software said the bug affects several of its remote access tools, firewalls, and VPNs, which act as ...

  • Chrome’s zero-day Whac-A-Mole continues with fifth exploited bug of the year

    June 9, 2026

    Google has fixed its fifth actively exploited Chrome zero-day of 2026, and this one earned its finder a $55,000 bounty. The flaw, tracked as CVE-2026-11645, is an out-of-bounds memory access bug in Chrome’s V8 JavaScript engine. Google confirmed that the vulnerability is being exploited in the wild, but has disclosed little beyond the bare technical details. Read ...