The Consensus Security Vulnerability Alert

Internet Storm Center Spotlight

Internet Storm Center Entries

Recent CVEs

CVE-2024-4947 - Google Chrome prior to version 125.0.6422.60 is vulnerable to a type confusion issue in V8, allowing remote attackers to execute arbitrary code via a specially crafted HTML page.

CVE-2024-4323 - Fluent Bit versions 2.0.7 thru 3.0.3 are vulnerable to memory corruption via the embedded http server, potentially leading to denial of service, information disclosure, or remote code execution.

CVE-2024-4671 - Google Chrome prior to 124.0.6367.201 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page due to a use after free vulnerability in Visuals.

CVE-2024-32002 - Git is susceptible to a vulnerability where repositories with submodules can be manipulated to execute malicious code during the cloning process.

CVE-2024-4761 - Google Chrome prior to version 124.0.6367.207 is vulnerable to an out of bounds write in V8, allowing a remote attacker to exploit it through a crafted HTML page.

CVE-2024-27130 - A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass Vulnerability

CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability

CVE-2024-4985 - GitHub Enterprise Server (GHES) was vulnerable to an authentication bypass issue with SAML single sign-on, allowing attackers to forge responses and gain admin privileges without authentication.

CVE-2023-47709 - IBM Security Guardium versions 11.3, 11.4, 11.5, and 12.0 are vulnerable to remote code execution by an authenticated attacker via a specially crafted request (IBM X-Force ID: 271524).

CVE-2024-0087 - NVIDIA Triton Inference Server for Linux allows users to set the logging location to an arbitrary file, potentially leading to code execution and other security risks.

CVE-2024-25641 - Cacti is vulnerable to an arbitrary file write exploit in versions prior to 1.2.27, allowing authenticated users to execute arbitrary PHP code via the "Package Import" feature.

CVE-2024-29895 - Cacti is vulnerable to a command injection issue on the 1.3.x DEV branch, allowing unauthenticated users to execute arbitrary commands on the server when PHP's `register_argc_argv` option is enabled.

CVE-2024-34340 - Cacti's vulnerability in `compat_password_verify` allows for a type juggling attack when comparing md5-hashed user input with the correct password in the database.

CVE-2024-28075 - The SolarWinds Access Rights Manager is vulnerable to Remote Code Execution, enabling authenticated users to exploit the service for malicious purposes.

CVE-2024-31377 - WP Photo Album Plus plugin allows for unrestricted upload of files with dangerous types, creating a security vulnerability in versions from n/a through 8.7.01.001.

CVE-2024-32700 - Kognetiks Chatbot for WordPress chatbot-chatgpt allows unrestricted upload of files with dangerous types.

CVE-2024-32735 - CyberPower PowerPanel Enterprise prior to v2.8.3 allows unauthenticated remote attackers to access PDNU REST APIs and compromise the application.

CVE-2024-32964 - Lobe Chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint.

CVE-2024-34070 - Froxlor server administration software prior to version 2.1.9 is vulnerable to stored blind XSS, allowing unauthenticated users to inject malicious scripts in the loginname parameter and potentially gain full control over the application.

CVE-2024-34359 - llama-cpp-python is vulnerable to remote code execution due to a server side template injection in the `Jinja2ChatFormatter` component.

CVE-2024-34411 - Thomas Scholl canvasio3D Light is vulnerable to unrestricted file uploads of dangerous types, impacting versions from n/a through 2.5.0.

CVE-2024-34416 - Pk Favicon Manager allows for unrestricted uploading of malicious files, posing a security risk from version n/a to 2.1.

CVE-2024-34440 - Jordy Meow AI Engine: ChatGPT Chatbot is vulnerable to unrestricted upload of dangerous file types, affecting versions n/a through 2.2.63.

CVE-2024-34555 - Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3.

CVE-2024-34706 - Valtimo exposes the user's access token to `api.form.io` via the `x-jwt-token` header, allowing attackers to retrieve personal information or execute requests on behalf of the logged-in user due to misconfiguration of the Form.io component.

CVE-2024-3070 - The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection through deserialization of untrusted input from the LastViewedPosts Cookie, potentially allowing unauthenticated attackers to inject a PHP Object and exploit the system.

CVE-2024-3263 - YMS VIS Pro is vulnerable to unauthorized access due to weak password policies and an improper credential generation method, but has been addressed through authentication mechanism changes and additional security measures.

CVE-2024-3806 - The Porto theme for WordPress is vulnerable to Local File Inclusion through the 'porto_ajax_posts' function, allowing unauthenticated attackers to execute arbitrary files and potentially access sensitive data.

CVE-2024-4413 - The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection up to version 4.11.1, allowing unauthenticated attackers to inject a PHP Object and potentially access sensitive data.

CVE-2024-4434 - The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to time-based SQL Injection in versions up to 4.2.6.5, allowing unauthenticated attackers to extract sensitive information from the database.

CVE-2024-4560 - The Kognetiks Chatbot for WordPress plugin is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially achieve remote code execution on affected servers.

CVE-2024-4701 - A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

CVE-2024-4824 - School ERP Pro+Responsive 1.0 is vulnerable to SQL injection through the '/SchoolERP/office_admin/' index, allowing remote attackers to access database information.

CVE-2024-4825 - Agentejo Cockpit CMS v0.5.5 is vulnerable to arbitrary file uploads via a post request in the '/media/api' parameter, allowing attackers to compromise the server's infrastructure.

CVE-2024-22267 - VMware Workstation and Fusion are susceptible to a use-after-free vulnerability in the vbluetooth device, enabling local administrative users on a virtual machine to execute code as the VMX process on the host.

CVE-2024-27939 - RUGGEDCOM CROSSBOW (All versions < V5.5) allows unauthenticated users to upload arbitrary files, leading to potential arbitrary code execution by attackers.

CVE-2024-30207 -   SIMATIC RTLS Locating Manager (All versions < V3.0.1.1) uses symmetric cryptography with a hard-coded key, which can be exploited by an unauthenticated remote attacker to compromise communication confidentiality, integrity, and system availability.

CVE-2024-30209 - SIMATIC RTLS Locating Manager versions prior to V3.0.1.1 are vulnerable to unauthorized eavesdropping and modification of transmitted resources due to lack of cryptographic protection.

CVE-2024-33499 - SIMATIC RTLS Locating Manager (6GT2780-0DA00, 6GT2780-0DA10, 6GT2780-0DA20, 6GT2780-0DA30, 6GT2780-1EA10, 6GT2780-1EA20, 6GT2780-1EA30) allows a privileged attacker to escalate their privileges due to incorrect user management component permissions.

CVE-2024-32740 - SIMATIC CN 4100 (All versions < V3.0) contains undocumented users and credentials which can be exploited by an attacker to compromise the device.

CVE-2024-32741 - SIMATIC CN 4100 (All versions < V3.0) contains hard coded passwords for `root` and `GRUB`, allowing attackers to gain root access with a cracked password hash.

CVE-2024-33006 - Server is vulnerable to remote code execution due to unauthenticated attacker uploading malicious file that can compromise system.

CVE-2024-34716 - PrestaShop is vulnerable to a cross-site scripting (XSS) issue in versions prior to 8.1.6, which allows an attacker to upload a malicious file through the front-office contact form and gain unauthorized access to the admin's session and security token.

CVE-2024-27107 - Weak account password in GE HealthCare EchoPAC products

CVE-2024-31466 - Aruba's CLI service is vulnerable to buffer overflow issues via specially crafted packets, potentially allowing unauthenticated remote code execution.

CVE-2024-31467 - Aruba's CLI service is vulnerable to buffer overflow issues via specially crafted packets, potentially allowing unauthenticated remote code execution.

CVE-2024-31468 - Aruba's Central Communications service is vulnerable to buffer overflow attacks via specially crafted packets sent to the PAPI UDP port, allowing for unauthenticated remote code execution as a privileged user.

CVE-2024-31469 - Aruba's Central Communications service is vulnerable to buffer overflow attacks via specially crafted packets sent to the PAPI UDP port, allowing for unauthenticated remote code execution as a privileged user.

CVE-2024-31470 - Aruba's SAE service is vulnerable to a buffer overflow flaw that allows unauthenticated remote attackers to execute arbitrary code on the underlying operating system.

CVE-2024-31471 - Aruba's Central Communications service is vulnerable to unauthenticated remote code execution through specially crafted packets sent to the PAPI UDP port (8211).

CVE-2024-31472 - Soft AP Daemon service has command injection vulnerabilities that allow unauthenticated remote code execution through specially crafted packets sent to the PAPI UDP port (8211), enabling arbitrary code execution as a privileged user on the underlying operating system.

CVE-2024-31473 - Aruba's deauthentication service is vulnerable to command injection, allowing unauthenticated remote code execution by sending malicious packets to the PAPI UDP port (8211).

CVE-2024-32888 - The Amazon JDBC Driver for Redshift is vulnerable to SQL injection when using the non-default connection property `preferQueryMode=simple` prior to version 2.1.0.28.

CVE-2024-4893 - DigiWin EasyFlow .NET is susceptible to SQL injection attacks due to inadequate input parameter validation, potentially leading to unauthorized database access and command execution by remote hackers.

CVE-2024-3319 - Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints allowed authenticated administrators to execute user-defined templates, leading to potential remote code execution vulnerabilities.

CVE-2024-32047 - CyberPower PowerPanel's hard-coded credentials in the production code could allow attackers to access the testing or production server.

CVE-2024-32053 - CyberPower PowerPanel platform is vulnerable to hardcoded credentials, allowing attackers to gain unauthorized access to services with elevated privileges.

CVE-2024-33625 - CyberPower PowerPanel business application code has a hard-coded JWT signing key, allowing attackers to forge tokens and bypass authentication.

CVE-2024-34025 - CyberPower PowerPanel's hard-coded authentication credentials allow attackers to bypass authentication and gain administrator privileges.

CVE-2024-4223 - The Tutor LMS plugin for WordPress allows unauthenticated attackers to access, modify, and delete data due to missing capability checks in versions up to 2.7.0.

CVE-2024-30314 - Dreamweaver Desktop versions 21.3 and earlier are vulnerable to an OS Command Injection flaw, allowing for remote code execution through user interaction.

CVE-2024-4826 - Simple PHP Shopping Cart version 0.9 is vulnerable to SQL injection, allowing attackers to extract database information through a manipulated SQL query in the category.php file.

CVE-2024-4991, CVE-2024-4992 - SiAdmin 1.1 SQL injection vulnerabilities

CVE-2024-35187 - Stalwart Mail Server is vulnerable to attackers gaining complete root access to the system prior to version 0.8.0, posing a risk to server admins and users with admin credentials.

CVE-2024-22476 - Intel(R) Neural Compressor software before version 2.5.0 allows unauthenticated users to potentially enable privilege escalation through remote access due to improper input validation.

CVE-2024-3551 - The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 1.3.0 through the 'data' parameter, allowing unauthenticated attackers to execute arbitrary PHP code on the server.

CVE-2023-23645 - MainWP Code Snippets Extension suffers from a Code Injection vulnerability in versions up to 4.0.2.

CVE-2023-25444 - JS Help Desk – Best Help Desk & Support Plugin allows for an Unrestricted Upload of File with Dangerous Type vulnerability, enabling the use of malicious files from version n/a through 2.7.7.

CVE-2023-25701 - Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.

CVE-2023-26009 - Houzez Login Register versions from n/a through 2.6.3 have an Improper Privilege Management vulnerability, leading to Privilege Escalation.

CVE-2023-26540 - Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.

CVE-2023-32244 - Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.

CVE-2023-32297 - LWS Affiliation allows PHP Local File Inclusion due to a Path Traversal vulnerability in versions n/a through 2.2.6.

CVE-2023-37999 - Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.

CVE-2024-31351 -   Copymatic - AI Content Writer & Generator allows unrestricted file uploads of dangerous types, posing a security threat from versions n/a through 1.6.

CVE-2023-51424 - Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.

CVE-2023-51476 - WP MLM Unilevel has an Improper Privilege Management vulnerability allowing Privilege Escalation from n/a through 4.0.

CVE-2023-51481 - Local Delivery Drivers for WooCommerce has an Improper Privilege Management vulnerability that allows Privilege Escalation from version n/a through 1.9.0.

CVE-2023-51483 - WP Frontend Profile in Glowlogix is vulnerable to Privilege Escalation through Improper Privilege Management from version n/a to 1.3.1.

CVE-2024-22157 - Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.

CVE-2024-24882 - Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2.

CVE-2024-27954 - WP Automatic allows Path Traversal and Server Side Request Forgery via Improper Limitation vulnerability from n/a through 3.92.0.

CVE-2024-30542 - Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.

CVE-2024-31231 - Sizam Design Rehub is vulnerable to a Path Traversal flaw, potentially enabling PHP Local File Inclusion up to version 19.6.1.

CVE-2024-31290 - CodeRevolution Demo My WordPress is vulnerable to Privilege Escalation due to Improper Privilege Management from n/a through 1.0.9.1.

CVE-2024-32511 - Simple Registration for WooCommerce is vulnerable to Privilege Escalation due to Improper Privilege Management.

CVE-2024-33552 - Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.

CVE-2024-33567 - UkrSolution Barcode Scanner with Inventory & Order Manager is vulnerable to Privilege Escalation due to improper privilege management in versions from n/a through 1.5.3.

CVE-2024-33644 - Customify Site Library is vulnerable to Code Injection from n/a through 0.0.9.

CVE-2024-22120 - Zabbix server allows command execution for scripts which can lead to SQL injection through the "clientip" field.

CVE-2024-32809 - ActiveDEMAND by JumpDEMAND Inc. allows unrestricted upload of malicious files, posing a dangerous security risk between versions n/a and 0.2.41.

CVE-2024-2771 - The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation allowing unauthenticated attackers to grant users with management permissions and delete manager accounts.

CVE-2024-3658 - The Build App Online plugin for WordPress up to version 1.0.21 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.

CVE-2024-36080 - Westermo EDW-100 devices have a hidden root user account with a hardcoded password that cannot be changed, posing a security risk until 2024-05-03.

CVE-2024-36081 - Westermo EDW-100 devices have a vulnerability that allows an unauthenticated user to download a configuration file containing a cleartext password.

CVE-2024-4442 - The Salon booking system plugin for WordPress up to version 9.8 is vulnerable to arbitrary file deletion, allowing attackers to potentially take over and execute remote code on the site.

CVE-2023-3939, CVE-2023-3941, CVE-2023-3943 - ZkTeco-based OEM devices: multiple vulnerabilities

cve-2024-22026 - poc/