The Consensus Security Vulnerability Alert

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html

Wireshark 4.2.5 Released

Published: 2024-05-18

Last Updated: 2024-05-18 14:25:51 UTC

by Didier Stevens (Version: 1)

Wireshark release 4.2.5 fixes 3 vulnerabilities (CVE-2024-4853, CVE-2024-4854 and CVE-2024-4855) and 19 bugs.

- https://www.wireshark.org/docs/relnotes/wireshark-4.2.5.html

- https://nvd.nist.gov/vuln/detail/CVE-2024-4853

- https://nvd.nist.gov/vuln/detail/CVE-2024-4854

- https://nvd.nist.gov/vuln/detail/CVE-2024-4855

https://isc.sans.edu/diary/Wireshark+425+Released/30934/

Another PDF Streams Example: Extracting JPEGs

Published: 2024-05-17

Last Updated: 2024-05-17 12:04:03 UTC

by Didier Stevens (Version: 1)

In my diary entry "Analyzing PDF Streams" I showed how to use my tools file-magic.py and myjson-filter.py together with my PDF analysis tool pdf-parser.py to analyze PDF streams en masse.

In this diary entry, I will show how file-magic.py can augment JSON data produced by pdf-parser.py with file-type information that an then be used by myjson-filter.py to filter out files you are interested in. As an example, I will extract all JPEGs from a PDF document.

First, let's produce statistics with pdf-parser.py's option -a ...

This confirms that there are many "Indirect objects with a stream" in this document.

Next, I let pdf-parser.py produce JSON output (--jsonoutput) with the content of the unfiltered streams, and I let file-magic.py consume this JSON output (--jsoninput) to try to identify the file type of each stream based on its content (since streams don't have a filename, there is no filename extension and we need to look at the content) ...

Read the full entry:

https://isc.sans.edu/diary/Another+PDF+Streams+Example+Extracting+JPEGs/30924/

NMAP Scanning without Scanning (Part 2) - The ipinfo API (2024.05.22)

https://isc.sans.edu/diary/NMAP+Scanning+without+Scanning+Part+2+The+ipinfo+API/30948/

Scanning without Scanning with NMAP (APIs FTW) (2024.05.21)

https://isc.sans.edu/diary/Scanning+without+Scanning+with+NMAP+APIs+FTW/30944/

Analyzing MSG Files (2024.05.20)

https://isc.sans.edu/diary/Analyzing+MSG+Files/30940/

Why yq? Adventures in XML (2024.05.16)

https://isc.sans.edu/diary/Why+yq+Adventures+in+XML/30930/

The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.

CVE-2024-4947 - Google Chrome prior to version 125.0.6422.60 is vulnerable to a type confusion issue in V8, allowing remote attackers to execute arbitrary code via a specially crafted HTML page.

Product: Google Chrome

CVSS Score: 0

** KEV since 2024-05-20 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4947

ISC Podcast: https://isc.sans.edu/podcastdetail/8990

NVD References:  

- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html

- https://issues.chromium.org/issues/340221135

CVE-2024-4323 - Fluent Bit versions 2.0.7 thru 3.0.3 are vulnerable to memory corruption via the embedded http server, potentially leading to denial of service, information disclosure, or remote code execution.

Product: Fluent Bit

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4323

ISC Podcast: https://isc.sans.edu/podcastdetail/8990

NVD References:

- https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04

- https://tenable.com/security/research/tra-2024-17

CVE-2024-4671 - Google Chrome prior to 124.0.6367.201 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page due to a use after free vulnerability in Visuals.

Product: Google Chrome

CVSS Score: 9.6

** KEV since 2024-05-13 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4671

NVD References:

- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html

- https://issues.chromium.org/issues/339266700

CVE-2024-32002 - Git is susceptible to a vulnerability where repositories with submodules can be manipulated to execute malicious code during the cloning process.

Product: Git

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32002

ISC Podcast: https://isc.sans.edu/podcastdetail/8990

NVD References:

- https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---recurse-submodulesltpathspecgt

- https://git-scm.com/docs/git-config#Documentation/git-config.txt-coresymlinks

- https://github.com/git/git/commit/97065761333fd62db1912d81b489db938d8c991d

- https://github.com/git/git/security/advisories/GHSA-8h77-4q3w-gfgv

CVE-2024-4761 - Google Chrome prior to version 124.0.6367.207 is vulnerable to an out of bounds write in V8, allowing a remote attacker to exploit it through a crafted HTML page.

Product: Google Chrome

CVSS Score: 8.8

** KEV since 2024-05-16 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4761

NVD References:

- https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_13.html

- https://issues.chromium.org/issues/339458194

CVE-2024-27130 - A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow users to execute code via a network. We have already fixed the vulnerability in the following version: QTS 5.1.7.2770 build 20240520 and later QuTS hero h5.1.7.2770 build 20240520 and later

Product: QNAP QTS and QuTS hero

CVSS Score: N/A

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27130

ISC Podcast: https://isc.sans.edu/podcastdetail/8988

NVD References: https://www.qnap.com/en/security-advisory/qsa-24-23

CVE-2024-30040 - Windows MSHTML Platform Security Feature Bypass Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 8.8

** KEV since 2024-05-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30040

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30040

CVE-2024-30051 - Windows DWM Core Library Elevation of Privilege Vulnerability

Product: Microsoft Windows 10 1507

CVSS Score: 7.8

** KEV since 2024-05-14 **

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30051

NVD References: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-30051

CVE-2024-4985 - GitHub Enterprise Server (GHES) was vulnerable to an authentication bypass issue with SAML single sign-on, allowing attackers to forge responses and gain admin privileges without authentication.

Product: GitHub Enterprise Server

CVSS Score: 0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4985

ISC Podcast: https://isc.sans.edu/podcastdetail/8992

NVD References:

- https://docs.github.com/en/enterprise-server@3.10/admin/release-notes#3.10.12

- https://docs.github.com/en/enterprise-server@3.11/admin/release-notes#3.11.10

- https://docs.github.com/en/enterprise-server@3.12/admin/release-notes#3.12.4

- https://docs.github.com/en/enterprise-server@3.9/admin/release-notes#3.9.15

CVE-2023-47709 - IBM Security Guardium versions 11.3, 11.4, 11.5, and 12.0 are vulnerable to remote code execution by an authenticated attacker via a specially crafted request (IBM X-Force ID: 271524).

Product: IBM Security Guardium

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-47709

NVD References:

- https://exchange.xforce.ibmcloud.com/vulnerabilities/271524

- https://www.ibm.com/support/pages/node/7150840

CVE-2024-0087 - NVIDIA Triton Inference Server for Linux allows users to set the logging location to an arbitrary file, potentially leading to code execution and other security risks.

Product: NVIDIA Triton Inference Server

CVSS Score: 9.0 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-0087

NVD References: https://nvidia.custhelp.com/app/answers/detail/a_id/5535

CVE-2024-25641 - Cacti is vulnerable to an arbitrary file write exploit in versions prior to 1.2.27, allowing authenticated users to execute arbitrary PHP code via the "Package Import" feature.

Product: Cacti

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-25641

NVD References:

- https://github.com/Cacti/cacti/commit/eff35b0ff26cc27c82d7880469ed6d5e3bef6210

- https://github.com/Cacti/cacti/security/advisories/GHSA-7cmj-g5qc-pj88

CVE-2024-29895 - Cacti is vulnerable to a command injection issue on the 1.3.x DEV branch, allowing unauthenticated users to execute arbitrary commands on the server when PHP's `register_argc_argv` option is enabled.

Product: Cacti

CVSS Score: 10.0 AtRiskScore 30

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-29895

NVD References:

- https://github.com/Cacti/cacti/blob/501712998589763d411a68d35e3cda98fd9cfd18/cmd_realtime.php#L119

- https://github.com/Cacti/cacti/commit/53e8014d1f082034e0646edc6286cde3800c683d

- https://github.com/Cacti/cacti/commit/99633903cad0de5ace636249de16f77e57a3c8fc

- https://github.com/Cacti/cacti/security/advisories/GHSA-cr28-x256-xf5m

CVE-2024-34340 - Cacti's vulnerability in `compat_password_verify` allows for a type juggling attack when comparing md5-hashed user input with the correct password in the database.

Product: Cacti

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34340

NVD References: https://github.com/Cacti/cacti/security/advisories/GHSA-37x7-mfjv-mm7m

CVE-2024-28075 - The SolarWinds Access Rights Manager is vulnerable to Remote Code Execution, enabling authenticated users to exploit the service for malicious purposes.

Product: SolarWinds Access Rights Manager

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-28075

NVD References:

- https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm

- https://documentation.solarwinds.com/en/success_center/arm/content/secure-your-arm-deployment.htm

- https://www.solarwinds.com/trust-center/security-advisories/CVE-2024-28075

CVE-2024-31377 - WP Photo Album Plus plugin allows for unrestricted upload of files with dangerous types, creating a security vulnerability in versions from n/a through 8.7.01.001.

Product: J.N. Breetvelt WP Photo Album Plus

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31377

NVD References: https://patchstack.com/database/vulnerability/wp-photo-album-plus/wordpress-wp-photo-album-plus-plugin-8-7-01-001-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-32700 - Kognetiks Chatbot for WordPress chatbot-chatgpt allows unrestricted upload of files with dangerous types.

Product: Kognetiks Chatbot for WordPress

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32700

NVD References: https://patchstack.com/database/vulnerability/chatbot-chatgpt/wordpress-kognetiks-chatbot-for-wordpress-plugin-2-0-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-32735 - CyberPower PowerPanel Enterprise prior to v2.8.3 allows unauthenticated remote attackers to access PDNU REST APIs and compromise the application.

Product: CyberPower PowerPanel Enterprise

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32735

NVD References:

- https://www.cyberpower.com/global/en/File/GetFileSampleByType?fileId=SU-18070002-07&fileSubType=FileReleaseNote

- https://www.tenable.com/security/research/tra-2024-14

CVE-2024-32964 - Lobe Chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint.

Product: Lobe AI Lobe Chat

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32964

NVD References:

- https://github.com/lobehub/lobe-chat/commit/465665a735556669ee30446c7ea9049a20cc7c37

- https://github.com/lobehub/lobe-chat/security/advisories/GHSA-mxhq-xw3g-rphc

CVE-2024-34070 - Froxlor server administration software prior to version 2.1.9 is vulnerable to stored blind XSS, allowing unauthenticated users to inject malicious scripts in the loginname parameter and potentially gain full control over the application.

Product: Froxlor Application

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34070

NVD References:

- https://github.com/froxlor/Froxlor/commit/a862307bce5cdfb1c208b835f3e8faddd23046e6

- https://github.com/froxlor/Froxlor/security/advisories/GHSA-x525-54hf-xr53

CVE-2024-34359 - llama-cpp-python is vulnerable to remote code execution due to a server side template injection in the `Jinja2ChatFormatter` component.

Product: llama-cpp-python

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34359

NVD References:

- https://github.com/abetlen/llama-cpp-python/commit/b454f40a9a1787b2b5659cd2cb00819d983185df

- https://github.com/abetlen/llama-cpp-python/security/advisories/GHSA-56xg-wfcc-g829

CVE-2024-34411 - Thomas Scholl canvasio3D Light is vulnerable to unrestricted file uploads of dangerous types, impacting versions from n/a through 2.5.0.

Product: Thomas Scholl canvasio3D Light

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34411

NVD References: https://patchstack.com/database/vulnerability/canvasio3d-light/wordpress-canvasio3d-light-plugin-2-5-0-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-34416 - Pk Favicon Manager allows for unrestricted uploading of malicious files, posing a security risk from version n/a to 2.1.

Product: Pk Favicon Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34416

NVD References: https://patchstack.com/database/vulnerability/phpsword-favicon-manager/wordpress-pk-favicon-manager-plugin-2-1-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-34440 - Jordy Meow AI Engine: ChatGPT Chatbot is vulnerable to unrestricted upload of dangerous file types, affecting versions n/a through 2.2.63.

Product: Jordy Meow AI Engine: ChatGPT Chatbot

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34440

NVD References: https://patchstack.com/database/vulnerability/ai-engine/wordpress-ai-engine-plugin-2-2-63-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-34555 - Unrestricted Upload of File with Dangerous Type vulnerability in URBAN BASE Z-Downloads.This issue affects Z-Downloads: from n/a through 1.11.3.

Product: URBAN BASE Z-Downloads

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34555

NVD References: https://patchstack.com/database/vulnerability/z-downloads/wordpress-z-downloads-plugin-1-11-3-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-34706 - Valtimo exposes the user's access token to `api.form.io` via the `x-jwt-token` header, allowing attackers to retrieve personal information or execute requests on behalf of the logged-in user due to misconfiguration of the Form.io component.

Product: Valtimo

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34706

NVD References:

- https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/1aaba5ef5750dafebbc7476fb08bf2375a25f19e

- https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/8c2dbf2a41180d2b0358d878290e4d37168f0fb6

- https://github.com/valtimo-platform/valtimo-frontend-libraries/commit/d65e05fd2784bd4a628778b34a5b79ce2f0cef8c

- https://github.com/valtimo-platform/valtimo-frontend-libraries/security/advisories/GHSA-xcp4-62vj-cq3r

CVE-2024-3070 - The Last Viewed Posts by WPBeginner plugin for WordPress is vulnerable to PHP Object Injection through deserialization of untrusted input from the LastViewedPosts Cookie, potentially allowing unauthenticated attackers to inject a PHP Object and exploit the system.

Product: WPBeginner Last Viewed Posts plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3070

NVD References:

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3062246%40last-viewed-posts&new=3062246%40last-viewed-posts&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/b6c5cc05-b147-46f6-aaa9-4c82aae1b544?source=cve

CVE-2024-3263 - YMS VIS Pro is vulnerable to unauthorized access due to weak password policies and an improper credential generation method, but has been addressed through authentication mechanism changes and additional security measures.

Product: YMS VIS Pro

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3263

NVD References:

- https://remediata.com/blog/cve-2024-3263-improper-authentication-in-yms-vis-pro/

- https://www.svps.sk/vis/

CVE-2024-3806 - The Porto theme for WordPress is vulnerable to Local File Inclusion through the 'porto_ajax_posts' function, allowing unauthenticated attackers to execute arbitrary files and potentially access sensitive data.

Product: WordPress Porto theme

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3806

NVD References:

- https://themeforest.net/item/porto-responsive-wordpress-ecommerce-theme/9207399

- https://www.wordfence.com/threat-intel/vulnerabilities/id/98ccc604-79c6-4be9-acb0-23fc82a31dfa?source=cve

CVE-2024-4413 - The Hotel Booking Lite plugin for WordPress is vulnerable to PHP Object Injection up to version 4.11.1, allowing unauthenticated attackers to inject a PHP Object and potentially access sensitive data.

Product: WordPress Hotel Booking Lite plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4413

NVD References:

- https://plugins.trac.wordpress.org/browser/motopress-hotel-booking-lite/trunk/includes/shortcodes/checkout-shortcode/step-checkout.php#L149

- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3084187%40motopress-hotel-booking-lite%2Ftrunk&old=3081058%40motopress-hotel-booking-lite%2Ftrunk&sfp_email=&sfph_mail=

- https://www.wordfence.com/threat-intel/vulnerabilities/id/1d7f1283-a274-49a2-8bec-da178771b13a?source=cve

CVE-2024-4434 - The LearnPress – WordPress LMS Plugin for WordPress is vulnerable to time-based SQL Injection in versions up to 4.2.6.5, allowing unauthenticated attackers to extract sensitive information from the database.

Product: WordPress LMS Plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4434

NVD References:

- https://inky-knuckle-2c2.notion.site/Unauthenticated-SQLI-in-Learnpress-plugin-Latest-Version-4-2-6-5-a86fe63bcc7b4c9988802688211817fd?pvs=25

- https://plugins.trac.wordpress.org/browser/learnpress/tags/4.2.6.5/inc/Databases/class-lp-course-db.php#L508

- https://plugins.trac.wordpress.org/changeset/3082204/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/2d64e1c6-1e25-4438-974d-b7da0979cc40?source=cve

CVE-2024-4560 - The Kognetiks Chatbot for WordPress plugin is vulnerable to arbitrary file uploads, allowing unauthenticated attackers to potentially achieve remote code execution on affected servers.

Product: Kognetiks Chatbot for WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4560

NVD References:

- https://plugins.trac.wordpress.org/browser/chatbot-chatgpt/trunk/includes/utilities/chatbot-file-upload.php#L17

- https://www.wordfence.com/threat-intel/vulnerabilities/id/7bc33a05-d462-492e-9ea5-cf37b887cc94?source=cve

CVE-2024-4701 - A path traversal issue potentially leading to remote code execution in Genie for all versions prior to 4.3.18

Product: Genie

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4701

NVD References: https://github.com/Netflix/security-bulletins/blob/master/advisories/nflx-2024-001.md

CVE-2024-4824 - School ERP Pro+Responsive 1.0 is vulnerable to SQL injection through the '/SchoolERP/office_admin/' index, allowing remote attackers to access database information.

Product: School ERP Pro+Responsive  School ERP Pro+Responsive 1.0

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4824

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-school-erp-proresponsive-arox-solution

CVE-2024-4825 - Agentejo Cockpit CMS v0.5.5 is vulnerable to arbitrary file uploads via a post request in the '/media/api' parameter, allowing attackers to compromise the server's infrastructure.

Product: Agentejo Cockpit CMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4825

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-upload-file-dangerous-type-vulnerability-cockpit-cms

CVE-2024-22267 - VMware Workstation and Fusion are susceptible to a use-after-free vulnerability in the vbluetooth device, enabling local administrative users on a virtual machine to execute code as the VMX process on the host.

Product: VMware Workstation and Fusion

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22267

NVD References: https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280

CVE-2024-27939 - RUGGEDCOM CROSSBOW (All versions < V5.5) allows unauthenticated users to upload arbitrary files, leading to potential arbitrary code execution by attackers.

Product: Siemens RUGGEDCOM CROSSBOW

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27939

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-916916.html

CVE-2024-30207 -  SIMATIC RTLS Locating Manager (All versions < V3.0.1.1) uses symmetric cryptography with a hard-coded key, which can be exploited by an unauthenticated remote attacker to compromise communication confidentiality, integrity, and system availability.

Product: Siemens AG SIMATIC RTLS Locating Manager

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30207

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-093430.html

CVE-2024-30209 - SIMATIC RTLS Locating Manager versions prior to V3.0.1.1 are vulnerable to unauthorized eavesdropping and modification of transmitted resources due to lack of cryptographic protection.

Product: Siemens SIMATIC RTLS Locating Manager

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30209

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-093430.html

CVE-2024-33499 - SIMATIC RTLS Locating Manager (6GT2780-0DA00, 6GT2780-0DA10, 6GT2780-0DA20, 6GT2780-0DA30, 6GT2780-1EA10, 6GT2780-1EA20, 6GT2780-1EA30) allows a privileged attacker to escalate their privileges due to incorrect user management component permissions.

Product: Siemens SIMATIC RTLS Locating Manager

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33499

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-093430.html

CVE-2024-32740 - SIMATIC CN 4100 (All versions < V3.0) contains undocumented users and credentials which can be exploited by an attacker to compromise the device.

Product: Siemens SIMATIC CN 4100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32740

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-273900.html

CVE-2024-32741 - SIMATIC CN 4100 (All versions < V3.0) contains hard coded passwords for `root` and `GRUB`, allowing attackers to gain root access with a cracked password hash.

Product: Siemens SIMATIC CN 4100

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32741

NVD References: https://cert-portal.siemens.com/productcert/html/ssa-273900.html

CVE-2024-33006 - Server is vulnerable to remote code execution due to unauthenticated attacker uploading malicious file that can compromise system.

Product: Not Enough Minions Secure File Upload Pro

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33006

NVD References:

- https://me.sap.com/notes/3448171

- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html

CVE-2024-34716 - PrestaShop is vulnerable to a cross-site scripting (XSS) issue in versions prior to 8.1.6, which allows an attacker to upload a malicious file through the front-office contact form and gain unauthorized access to the admin's session and security token.

Product: PrestaShop

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34716

NVD References:

- https://github.com/PrestaShop/PrestaShop/releases/tag/8.1.6

- https://github.com/PrestaShop/PrestaShop/security/advisories/GHSA-45vm-3j38-7p78

CVE-2024-27107 - Weak account password in GE HealthCare EchoPAC products

Product: GE HealthCare EchoPAC

CVSS Score: 9.6

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27107

NVD References: https://securityupdate.gehealthcare.com/

CVE-2024-31466 - Aruba's CLI service is vulnerable to buffer overflow issues via specially crafted packets, potentially allowing unauthenticated remote code execution.

Product: Aruba Access Point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31466

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31467 - Aruba's CLI service is vulnerable to buffer overflow issues via specially crafted packets, potentially allowing unauthenticated remote code execution.

Product: Aruba Access Point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31467

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31468 - Aruba's Central Communications service is vulnerable to buffer overflow attacks via specially crafted packets sent to the PAPI UDP port, allowing for unauthenticated remote code execution as a privileged user.

Product: Aruba Networks Central Communications Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31468

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31469 - Aruba's Central Communications service is vulnerable to buffer overflow attacks via specially crafted packets sent to the PAPI UDP port, allowing for unauthenticated remote code execution as a privileged user.

Product: Aruba Networks Central Communications Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31469

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31470 - Aruba's SAE service is vulnerable to a buffer overflow flaw that allows unauthenticated remote attackers to execute arbitrary code on the underlying operating system.

Product: Aruba's Access Point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31470

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31471 - Aruba's Central Communications service is vulnerable to unauthenticated remote code execution through specially crafted packets sent to the PAPI UDP port (8211).

Product: Aruba Central Communications Service

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31471

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31472 - Soft AP Daemon service has command injection vulnerabilities that allow unauthenticated remote code execution through specially crafted packets sent to the PAPI UDP port (8211), enabling arbitrary code execution as a privileged user on the underlying operating system.

Product: Aruba Networks Soft AP Daemon

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31472

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-31473 - Aruba's deauthentication service is vulnerable to command injection, allowing unauthenticated remote code execution by sending malicious packets to the PAPI UDP port (8211).

Product: Aruba Access Point

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31473

NVD References: https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2024-006.txt

CVE-2024-32888 - The Amazon JDBC Driver for Redshift is vulnerable to SQL injection when using the non-default connection property `preferQueryMode=simple` prior to version 2.1.0.28.

Product: Amazon JDBC Driver for Redshift

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32888

NVD References:

- https://github.com/aws/amazon-redshift-jdbc-driver/commit/0d354a5f26ca23f7cac4e800e3b8734220230319

- https://github.com/aws/amazon-redshift-jdbc-driver/commit/12a5e8ecfbb44c8154fc66041cca2e20ecd7b339

- https://github.com/aws/amazon-redshift-jdbc-driver/commit/bc93694201a291493778ce5369a72befeca5ba7d

- https://github.com/aws/amazon-redshift-jdbc-driver/security/advisories/GHSA-x3wm-hffr-chwm

-  https://github.com/pgjdbc/pgjdbc/security/advisories/GHSA-24rp-q3w6-vc56

CVE-2024-4893 - DigiWin EasyFlow .NET is susceptible to SQL injection attacks due to inadequate input parameter validation, potentially leading to unauthorized database access and command execution by remote hackers.

Product: DigiWin EasyFlow .NET

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4893

NVD References:

- https://www.twcert.org.tw/en/cp-139-7801-67d07-2.html

- https://www.twcert.org.tw/tw/cp-132-7800-843f1-1.html

CVE-2024-3319 - Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints allowed authenticated administrators to execute user-defined templates, leading to potential remote code execution vulnerabilities.

Product: Okta Identity Security Cloud (ISC) Transform.

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3319

NVD References: https://www.sailpoint.com/security-advisories/

CVE-2024-32047 - CyberPower PowerPanel's hard-coded credentials in the production code could allow attackers to access the testing or production server.

Product: CyberPower Systems PowerPanel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32047

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01

- https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads

CVE-2024-32053 - CyberPower PowerPanel platform is vulnerable to hardcoded credentials, allowing attackers to gain unauthorized access to services with elevated privileges.

Product: CyberPower PowerPanel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32053

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01

- https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads

CVE-2024-33625 - CyberPower PowerPanel business application code has a hard-coded JWT signing key, allowing attackers to forge tokens and bypass authentication.

Product: CyberPower PowerPanel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33625

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01

- https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads

CVE-2024-34025 - CyberPower PowerPanel's hard-coded authentication credentials allow attackers to bypass authentication and gain administrator privileges.

Product: CyberPower PowerPanel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-34025

NVD References:

- https://www.cisa.gov/news-events/ics-advisories/icsa-24-123-01

- https://www.cyberpower.com/global/en/product/sku/powerpanel_business_for_windows#downloads

CVE-2024-4223 - The Tutor LMS plugin for WordPress allows unauthenticated attackers to access, modify, and delete data due to missing capability checks in versions up to 2.7.0.

Product: WordPress Tutor LMS plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4223

NVD References:

- https://plugins.trac.wordpress.org/changeset/3086489/

- https://www.wordfence.com/threat-intel/vulnerabilities/id/ce4c4395-6d1a-4d5f-885f-383e5c44c0f8?source=cve

CVE-2024-30314 - Dreamweaver Desktop versions 21.3 and earlier are vulnerable to an OS Command Injection flaw, allowing for remote code execution through user interaction.

Product: Adobe Dreamweaver

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30314

NVD References: https://helpx.adobe.com/security/products/dreamweaver/apsb24-39.html

CVE-2024-4826 - Simple PHP Shopping Cart version 0.9 is vulnerable to SQL injection, allowing attackers to extract database information through a manipulated SQL query in the category.php file.

Product: Simple PHP Shopping Cart

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4826

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-simple-php-shopping-cart

CVE-2024-4991, CVE-2024-4992 - SiAdmin 1.1 SQL injection vulnerabilities

Product: SiAdmin 1.1

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4991

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4992

NVD References: https://www.incibe.es/en/incibe-cert/notices/aviso/multiple-vulnerabilities-siadmin

CVE-2024-35187 - Stalwart Mail Server is vulnerable to attackers gaining complete root access to the system prior to version 0.8.0, posing a risk to server admins and users with admin credentials.

Product: Stalwart Mail Server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-35187

NVD References: https://github.com/stalwartlabs/mail-server/security/advisories/GHSA-rwp5-f854-ppg6

CVE-2024-22476 - Intel(R) Neural Compressor software before version 2.5.0 allows unauthenticated users to potentially enable privilege escalation through remote access due to improper input validation.

Product: Intel Neural Compressor

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22476

NVD References: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01109.html

CVE-2024-3551 - The Penci Soledad Data Migrator plugin for WordPress is vulnerable to Local File Inclusion in all versions up to 1.3.0 through the 'data' parameter, allowing unauthenticated attackers to execute arbitrary PHP code on the server.

Product: Penci Soledad Data Migrator plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3551

NVD References:

- https://themeforest.net/item/soledad-multiconcept-blogmagazine-wp-theme/12945398

- https://www.wordfence.com/threat-intel/vulnerabilities/id/a4f8df3a-f247-4365-a9f6-6124065b4883?source=cve

CVE-2023-23645 - MainWP Code Snippets Extension suffers from a Code Injection vulnerability in versions up to 4.0.2.

Product: MainWP Code Snippets Extension

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-23645

NVD References: https://patchstack.com/database/vulnerability/mainwp-code-snippets-extension/wordpress-mainwp-code-snippets-extension-plugin-4-0-2-subscriber-arbitrary-php-code-injection-execution-vulnerability?_s_id=cve

CVE-2023-25444 - JS Help Desk – Best Help Desk & Support Plugin allows for an Unrestricted Upload of File with Dangerous Type vulnerability, enabling the use of malicious files from version n/a through 2.7.7.

Product: JS Help Desk – Best Help Desk & Support Plugin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25444

NVD References: https://patchstack.com/database/vulnerability/js-support-ticket/wordpress-js-help-desk-best-help-desk-support-plugin-plugin-2-7-7-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-25701 - Improper Privilege Management vulnerability in WhatArmy WatchTowerHQ allows Privilege Escalation.This issue affects WatchTowerHQ: from n/a through 3.6.16.

Product: WhatArmy WatchTowerHQ

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-25701

NVD References: https://patchstack.com/database/vulnerability/watchtowerhq/wordpress-watchtowerhq-plugin-3-6-16-privilege-escalation?_s_id=cve

CVE-2023-26009 - Houzez Login Register versions from n/a through 2.6.3 have an Improper Privilege Management vulnerability, leading to Privilege Escalation.

Product: favethemes Houzez Login Register

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26009

NVD References: https://patchstack.com/database/vulnerability/houzez-login-register/wordpress-houzez-login-register-plugin-2-6-3-privilege-escalation?_s_id=cve

CVE-2023-26540 - Improper Privilege Management vulnerability in Favethemes Houzez allows Privilege Escalation.This issue affects Houzez: from n/a through 2.7.1.

Product: Favethemes Houzez

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-26540

NVD References: https://patchstack.com/database/vulnerability/houzez/wordpress-houzez-theme-2-7-1-privilege-escalation?_s_id=cve

CVE-2023-32244 - Improper Privilege Management vulnerability in XTemos Woodmart Core allows Privilege Escalation.This issue affects Woodmart Core: from n/a through 1.0.36.

Product: XTemos Woodmart Core

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32244

NVD References: https://patchstack.com/database/vulnerability/woodmart-core/wordpress-woodmart-core-plugin-1-0-36-privilege-escalation?_s_id=cve

CVE-2023-32297 - LWS Affiliation allows PHP Local File Inclusion due to a Path Traversal vulnerability in versions n/a through 2.2.6.

Product: LWS Affiliation

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-32297

NVD References: https://patchstack.com/database/vulnerability/lws-affiliation/wordpress-lws-affiliation-plugin-2-2-6-local-file-inclusion-vulnerability?_s_id=cve

CVE-2023-37999 - Improper Privilege Management vulnerability in HasThemes HT Mega allows Privilege Escalation.This issue affects HT Mega: from n/a through 2.2.0.

Product: HasThemes HT Mega

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-37999

NVD References: https://patchstack.com/database/vulnerability/ht-mega-for-elementor/wordpress-ht-mega-absolute-addons-for-elementor-plugin-2-2-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-31351 -  Copymatic - AI Content Writer & Generator allows unrestricted file uploads of dangerous types, posing a security threat from versions n/a through 1.6.

Product: Copymatic AI Content Writer & Generator

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31351

NVD References: https://patchstack.com/database/vulnerability/copymatic/wordpress-copymatic-plugin-1-6-unauthenticated-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2023-51424 - Improper Privilege Management vulnerability in Saleswonder Team WebinarIgnition allows Privilege Escalation.This issue affects WebinarIgnition: from n/a through 3.05.0.

Product: Saleswonder WebinarIgnition

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51424

NVD References: https://patchstack.com/database/vulnerability/webinar-ignition/wordpress-webinarignition-plugin-3-05-0-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2023-51476 - WP MLM Unilevel has an Improper Privilege Management vulnerability allowing Privilege Escalation from n/a through 4.0.

Product: IOSS WP MLM Unilevel

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51476

NVD References: https://patchstack.com/database/vulnerability/wp-mlm/wordpress-wp-mlm-unilevel-plugin-4-0-unauthenticated-account-takeover-vulnerability?_s_id=cve

CVE-2023-51481 - Local Delivery Drivers for WooCommerce has an Improper Privilege Management vulnerability that allows Privilege Escalation from version n/a through 1.9.0.

Product: powerfulwp Local Delivery Drivers for WooCommerce

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51481

NVD References: https://patchstack.com/database/vulnerability/local-delivery-drivers-for-woocommerce/wordpress-local-delivery-drivers-for-woocommerce-plugin-1-9-0-unauthenticated-account-takeover-vulnerability?_s_id=cve

CVE-2023-51483 - WP Frontend Profile in Glowlogix is vulnerable to Privilege Escalation through Improper Privilege Management from version n/a to 1.3.1.

Product: Glowlogix WP Frontend Profile

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-51483

NVD References: https://patchstack.com/database/vulnerability/wp-front-end-profile/wordpress-wp-frontend-profile-plugin-1-3-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-22157 - Improper Privilege Management vulnerability in WebWizards SalesKing allows Privilege Escalation.This issue affects SalesKing: from n/a through 1.6.15.

Product: WebWizards SalesKing

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22157

NVD References: https://patchstack.com/database/vulnerability/salesking/wordpress-salesking-plugin-1-6-15-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-24882 - Improper Privilege Management vulnerability in Masteriyo LMS allows Privilege Escalation.This issue affects LMS: from n/a through 1.7.2.

Product: Masteriyo LMS

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-24882

NVD References: https://patchstack.com/database/vulnerability/learning-management-system/wordpress-lms-by-masteriyo-plugin-1-7-2-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-27954 - WP Automatic allows Path Traversal and Server Side Request Forgery via Improper Limitation vulnerability from n/a through 3.92.0.

Product: WP Automatic Automatic

CVSS Score: 9.3

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-27954

NVD References: https://patchstack.com/database/vulnerability/wp-automatic/wordpress-automatic-plugin-3-92-0-unauthenticated-arbitrary-file-download-and-ssrf-vulnerability?_s_id=cve

CVE-2024-30542 - Improper Privilege Management vulnerability in Wholesale WholesaleX allows Privilege Escalation.This issue affects WholesaleX: from n/a through 1.3.2.

Product:  WholesaleX

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-30542

NVD References: https://patchstack.com/database/vulnerability/wholesalex/wordpress-wholesalex-plugin-1-3-2-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-31231 - Sizam Design Rehub is vulnerable to a Path Traversal flaw, potentially enabling PHP Local File Inclusion up to version 19.6.1.

Product: Sizam Design Rehub

CVSS Score: 9.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31231

NVD References: https://patchstack.com/database/vulnerability/rehub-theme/wordpress-rehub-theme-19-6-1-unauthenticated-local-file-inclusion-vulnerability?_s_id=cve

CVE-2024-31290 - CodeRevolution Demo My WordPress is vulnerable to Privilege Escalation due to Improper Privilege Management from n/a through 1.0.9.1.

Product: CodeRevolution Demo My WordPress

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-31290

NVD References: https://patchstack.com/database/vulnerability/demo-my-wordpress/wordpress-demo-my-wordpress-plugin-1-0-9-1-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-32511 - Simple Registration for WooCommerce is vulnerable to Privilege Escalation due to Improper Privilege Management.

Product: Astoundify Simple Registration for WooCommerce

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32511

NVD References: https://patchstack.com/database/vulnerability/woocommerce-simple-registration/wordpress-simple-registration-for-woocommerce-plugin-1-5-6-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-33552 - Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8.

Product: 8theme XStore Core

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33552

NVD References: https://patchstack.com/database/vulnerability/et-core-plugin/wordpress-xstore-core-plugin-5-3-5-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-33567 - UkrSolution Barcode Scanner with Inventory & Order Manager is vulnerable to Privilege Escalation due to improper privilege management in versions from n/a through 1.5.3.

Product: UkrSolution Barcode Scanner with Inventory & Order Manager

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33567

NVD References: https://patchstack.com/database/vulnerability/barcode-scanner-lite-pos-to-manage-products-inventory-and-orders/wordpress-barcode-scanner-with-inventory-order-manager-plugin-1-5-3-unauthenticated-privilege-escalation-vulnerability?_s_id=cve

CVE-2024-33644 - Customify Site Library is vulnerable to Code Injection from n/a through 0.0.9.

Product: WPCustomify Customify Site Library

CVSS Score: 9.9

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-33644

NVD References: https://patchstack.com/database/vulnerability/customify-sites/wordpress-customify-site-library-plugin-0-0-9-remote-code-execution-rce-vulnerability?_s_id=cve

CVE-2024-22120 - Zabbix server allows command execution for scripts which can lead to SQL injection through the "clientip" field.

Product: Zabbix server

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-22120

NVD References: https://support.zabbix.com/browse/ZBX-24505

CVE-2024-32809 - ActiveDEMAND by JumpDEMAND Inc. allows unrestricted upload of malicious files, posing a dangerous security risk between versions n/a and 0.2.41.

Product: JumpDEMAND Inc. ActiveDEMAND

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-32809

NVD References: https://patchstack.com/database/vulnerability/activedemand/wordpress-activedemand-plugin-0-2-41-arbitrary-file-upload-vulnerability?_s_id=cve

CVE-2024-2771 - The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation allowing unauthenticated attackers to grant users with management permissions and delete manager accounts.

Product: Fluent Forms Contact Form Plugin by Fluent Forms

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-2771

NVD References:

- https://plugins.trac.wordpress.org/changeset/3088078/fluentform/trunk/app/Http/Policies/RoleManagerPolicy.php

- https://www.wordfence.com/threat-intel/vulnerabilities/id/071195d6-3452-4241-a8d3-92efc84e4850?source=cve

CVE-2024-3658 - The Build App Online plugin for WordPress up to version 1.0.21 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.

Product: WordPress Build App Online plugin

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-3658

NVD References:

- https://plugins.trac.wordpress.org/browser/build-app-online/tags/1.0.21/public/class-build-app-online-public.php#L814

- https://www.wordfence.com/threat-intel/vulnerabilities/id/65d423ad-da51-4616-860d-2b9354d44147?source=cve

CVE-2024-36080 - Westermo EDW-100 devices have a hidden root user account with a hardcoded password that cannot be changed, posing a security risk until 2024-05-03.

Product: Westermo EDW-100

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36080

NVD References: https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_EDW-100_24-05.pdf

CVE-2024-36081 - Westermo EDW-100 devices have a vulnerability that allows an unauthenticated user to download a configuration file containing a cleartext password.

Product: Westermo EDW-100 devices

CVSS Score: 9.8

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-36081

NVD References: https://www.westermo.com/-/media/Files/Cyber-security/westermo_sa_EDW-100_24-05.pdf

CVE-2024-4442 - The Salon booking system plugin for WordPress up to version 9.8 is vulnerable to arbitrary file deletion, allowing attackers to potentially take over and execute remote code on the site.

Product: WordPress Salon booking system plugin

CVSS Score: 9.1

NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-4442

NVD References:

- https://plugins.trac.wordpress.org/browser/salon-booking-system/tags/9.8/src/SLN/Action/Ajax/RemoveUploadedFile.php#L5

- https://plugins.trac.wordpress.org/changeset/3088196/salon-booking-system#file14

- https://www.wordfence.com/threat-intel/vulnerabilities/id/eaafeadd-f44c-49b1-b900-ef40800c629e?source=cve

CVE-2023-3939, CVE-2023-3941, CVE-2023-3943 - ZkTeco-based OEM devices: multiple vulnerabilities

Product: ZkTeco-based OEM devices

CVSS Score: 10.0

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3939

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3941

NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-3943

NVD References: https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-002.md

NVD References: https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-003.md

NVD References: https://github.com/klsecservices/Advisories/blob/master/K-ZkTeco-2023-006.md

This vulnerability requires manual review:

CVE-2024-22026

Product: Ivanti

CVSS Score N/A

NVD: N/A

ISC Podcast: https://isc.sans.edu/podcastdetail/8988

NVD References: https://www.helpnetsecurity.com/2024/05/20/cve-2024-22026-poc/