Multiple Cybersecurity Vulnerabilities Exposed, Including Palo Alto Expedition Tool and Google OAuth Flaw Affecting 4.2 Million Hosts

Recent cybersecurity reports indicate multiple vulnerabilities affecting various technologies. A proof of concept (PoC) exploit was released for a command injection vulnerability in the Palo Alto Expedition Tool. Additionally, a flaw in Google's OAuth system has left numerous users exposed, particularly through failed startup domains. In another development, vulnerabilities in four tunneling protocols have compromised 4.2 million internet hosts, including VPN servers and routers, allowing potential hijacking of devices and access to networks. The W3 Total Cache plugin for WordPress has also been identified as exposing hundreds of thousands of sites to attacks. Furthermore, critical vulnerabilities in the Rsync file-synchronizing tool were disclosed, posing risks of remote code execution and data leakage. Other vulnerabilities include a Microsoft Configuration Manager flaw allowing remote code execution, and a zero-day vulnerability in the Windows Common Log File System (CLFS) Driver, identified as CVE-2024-49138, for which PoC code has been released. Lastly, flaws in the Planet WGS-804HPT Industrial Switch could potentially be exploited to achieve remote code execution.