SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals
SEC595Cyber Defense
SANS Community Benefits
Connect, learn, and share with other cybersecurity professionals
VOLUME 24ISSUE 43
The Consensus Security Vulnerability Alert
Jump to:
Untitled
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Apple Updates Everything
Published: 2024-10-28.
Last Updated: 2024-10-28 20:34:12 UTC
by Johannes Ullrich (Version: 1)
Today, Apple released updates for all of its operating systems. These updates include new AI features. For iOS 18 users, the only upgrade path is iOS 18.1, which includes the AI features. Same for users of macOS 15 Sequoia. For older operating systems versions (iOS 17, macOS 13, and 14), patches are made available, addressing only the security issues.
None of the vulnerabilities is marked as already exploited. The update fixes several lock screen bypass issues and cross-application/sandbox escape issues. Overall, I didn't spot a "mast patch now" issue. Many of the lock screen bypass issues can often be eliminated.
Apple patched a total of 67 vulnerabilities.
Breakdown of vulnerabilities by operating system ...
Read the complete entry:
https://isc.sans.edu/diary/Apple+Updates+Everything/31390/
Development Features Enabled in Production
Published: 2024-10-24.
Last Updated: 2024-10-24 17:06:30 UTC
by Johannes Ullrich (Version: 1)
We do keep seeing attackers "poking around" looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an attacker with inside to the application. In their simplest form, these features provide detailed configuration information. More severe cases may leak credentials or even provide full remote code execution access.
Here are some I noted today ...
Read the complete entry:
https://isc.sans.edu/diary/Development+Features+Enabled+in+Prodcution/31380/
Untitled
Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials (2024.10.28)
Two currently (old) exploited Ivanti vulnerabilities (2024.10.27)
https://isc.sans.edu/diary/Two+currently+old+exploited+Ivanti+vulnerabilities/31384/
Recent CVEs
The list is assembled by pulling recent vulnerabilities from NIST NVD, Microsoft, Twitter mentions of vulnerabilities, ISC Diaries and Podcast, and the CISA list of known exploited vulnerabilities. There are also some unscored, but significant, vulnerabilities at the end. This includes vulnerabilities that have not been added to the NVD yet.
CVE-2024-38821 - Spring WebFlux applications with Spring Security authorization rules on static resources can be bypassed when certain conditions are met.
Product: Spring WebFlux
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38821
ISC Podcast: https://isc.sans.edu/podcastdetail/9202
NVD References: https://spring.io/security/cve-2024-38821
CVE-2024-37383 - Roundcube Webmail before 1.5.7 and 1.6.x before 1.6.7 allows XSS via SVG animate attributes.
Product: Roundcube Webmail
CVSS Score: 0
** KEV since 2024-10-24 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37383
ISC Podcast: https://isc.sans.edu/podcastdetail/9192
CVE-2024-47575 - FortiManager versions 7.6.0, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14, 6.2.0 through 6.2.12, Fortinet FortiManager Cloud versions 7.4.1 through 7.4.4, 7.2.1 through 7.2.7, and 7.0.1 through 7.0.13, 6.4.1 through 6.4.7 are vulnerable to a missing authentication flaw that allows an attacker to execute arbitrary code or commands via specially crafted requests.
Product: Fortinet FortiManager
CVSS Score: 9.8
** KEV since 2024-10-23 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47575
NVD References: https://fortiguard.fortinet.com/psirt/FG-IR-24-423
CVE-2024-10327 - Okta Verify for iOS versions 9.25.1 and 9.27.0 allows push notification responses to override user selection, potentially compromising authentication.
Product: Okta Verify
CVSS Score: 8.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10327
ISC Podcast: https://isc.sans.edu/podcastdetail/9198
NVD References:
- https://help.okta.com/en-us/content/topics/releasenotes/okta-verify-release-notes.htm#panel2
- https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/
CVE-2024-40867 - iOS and iPadOS were vulnerable to a custom URL scheme handling issue, allowing remote attackers to escape the Web Content sandbox, which is fixed in versions 18.1.
Product: Apple iOS and iPadOS
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40867
ISC Diary: https://isc.sans.edu/diary/31390
NVD References: https://support.apple.com/en-us/121563
CVE-2024-44256 - macOS Ventura and macOS Sonoma versions 13.7.1 and 14.7.1 fix an issue where an app could potentially break out of its sandbox due to improved input sanitization.
Product: Apple macOS Ventura and macOS Sonoma
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44256
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
CVE-2023-46805 - Ivanti Connect Secure and Policy Secure Authentication Bypass Vulnerability
Product: Ivanti Policy_Secure 22.6
CVSS Score: 0
** KEV since 2024-01-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2023-46805
ISC Diary: https://isc.sans.edu/diary/31384
CVE-2024-21887 - Ivanti Connect Secure and Policy Secure Command Injection Vulnerability
Product: Ivanti Policy_Secure 22.6
CVSS Score: 0
** KEV since 2024-01-10 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-21887
ISC Diary: https://isc.sans.edu/diary/31384
CVE-2024-20481 - Cisco's Remote Access VPN (RAVPN) service in ASA Software and FTD Software is vulnerable to a DoS attack through resource exhaustion caused by sending a large number of VPN authentication requests.
Product: Remote Access VPN (RAVPN) service of Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software
CVSS Score: 5.8 AtRiskScore 35
** KEV since 2024-10-24 **
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20481
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-bf-dos-vDZhLqrW
CVE-2024-20329 - Cisco ASA Software is vulnerable to a flaw in the SSH subsystem that could enable an authenticated attacker to execute commands as root.
Product: Cisco Adaptive Security Appliance (ASA) Software
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20329
NVD References:
- https://sec.cloudapps.cisco.com/security/center/viewErp.x?alertId=ERP-75300
CVE-2024-20412 - Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 Series is vulnerable to unauthorized access due to static credentials.
Product: Cisco Firepower Threat Defense (FTD) Software
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20412
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ftd-statcred-dFC8tXT5
CVE-2024-20424 - Cisco Secure Firewall Management Center (FMC) Software is vulnerable to authenticated remote attackers executing arbitrary commands as root due to insufficient input validation in its web-based management interface.
Product: Cisco Secure Firewall Management Center (FMC) Software
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-20424
NVD References: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7
CVE-2024-38002 - Liferay Portal and Liferay DXP versions 7.3.2 through 7.4.3.111 have a vulnerability that lets remote authenticated users modify workflow definitions and execute arbitrary code (RCE) via the headless API.
Product: Liferay Portal
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38002
NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-38002
CVE-2024-8980 - The Script Console in Liferay Portal versions 7.0.0 through 7.4.3.101, and Liferay DXP versions 2023.Q3.1 through 2023.Q3.4, is vulnerable to Cross-Site Request Forgery (CSRF) attacks, enabling remote attackers to execute arbitrary Groovy script via a crafted URL or XSS vulnerability.
Product: Liferay Portal
CVSS Score: 9.6
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8980
NVD References: https://liferay.dev/portal/security/known-vulnerabilities/-/asset_publisher/jekt/content/CVE-2024-8980
CVE-2024-43177 - IBM Concert 1.0.0 and 1.0.1 vulnerable to attacks that rely on the use of cookies without the SameSite attribute.
Product: IBM Concert
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43177
NVD References: https://www.ibm.com/support/pages/node/7173596
CVE-2024-46538 - Pfsense v2.5.2 contains an XSS vulnerability in interfaces_groups_edit.php that permits execution of arbitrary web scripts or HTML by injecting a crafted payload into the $pconfig variable.
Product: Pfsense
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46538
NVD References:
- https://github.com/physicszq/web_issue/blob/main/pfsense/interfaces_groups_edit_file.md_xss.md
CVE-2024-46902 - Trend Micro Deep Discovery Inspector versions 5.8 and above has a vulnerability that could disclose sensitive information if an attacker gains admin user rights on the target system.
Product: Trend Micro Deep Discovery Inspector
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46902
NVD References:
CVE-2024-48904 - Trend Micro Cloud Edge is vulnerable to command injection, enabling remote execution of arbitrary code without authentication.
Product: Trend Micro Cloud Edge
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48904
NVD References:
CVE-2024-26519 - Casa Systems NTC-221 version 2.0.99.0 and earlier allow remote attackers to execute arbitrary code through a crafted payload to the /www/cgi-bin/nas.cgi component.
Product: Casa Systems NTC-221
CVSS Score: 9.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-26519
NVD References: https://cybercx.com.au/blog/zero-day-rce-in-netcomm-ntc-221-industrial-iot-m2m-lte-4g-router/
CVE-2024-40493 - Keith Cullen FreeCoAP 1.0 is vulnerable to a Null Pointer Dereference in the `coap_client_exchange_blockwise2` function, potentially leading to denial of service and arbitrary code execution through a crafted CoAP packet.
Product: Keith Cullen FreeCoAP
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40493
NVD References:
- https://gist.github.com/dqp10515/fe80005e2fb58ed8ada178ac017e4ad4
CVE-2024-40494 - FreeCoAP is vulnerable to a buffer overflow in coap_msg.c, enabling remote attackers to execute arbitrary code or trigger a denial of service by sending a specially crafted packet.
Product: FreeCoAP coap_msg.c
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-40494
NVD References:
- https://gist.github.com/dqp10515/e9d7d663cb89187bfe7b39bb3aeb0113
- https://github.com/dqp10515/security/tree/main/FreeCoAP_bug
CVE-2024-41717 - Kieback & Peter's DDC4000 series is susceptible to a path traversal vulnerability, enabling unauthenticated attackers to view system files.
Product: Kieback & Peter DDC4000 series
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41717
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05
CVE-2024-43698 - Kieback & Peter's DDC4000 series is vulnerable to unauthenticated attackers gaining full admin rights due to weak credentials.
Product: Kieback & Peter DDC4000 series
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-43698
NVD References: https://www.cisa.gov/news-events/ics-advisories/icsa-24-291-05
CVE-2024-44812 - Online Complaint Site v.1.0 is vulnerable to SQL injection, allowing a remote attacker to escalate privileges by manipulating the username and password parameters in the /admin.index.php component.
Product: Janobe Online Complaint Site
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44812
NVD References:
CVE-2024-44812 - PoC
CVE-2024-46483 - Xlight FTP Server <3.9.4.3 is vulnerable to an integer overflow in its SFTP server, allowing for a heap overflow with attacker-controlled content.
Product: Xlight FTP Server
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46483
NVD References: https://github.com/kn32/cve-2024-46483
CVE-2024-9947 - The ProfilePress Pro plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site.
Product: ProfilePress Pro plugin for WordPress
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9947
NVD References:
CVE-2024-47901 - InterMesh 7177 Hybrid 2.0 Subscriber and InterMesh 7707 Fire Subscriber are vulnerable to code execution through unfiltered input parameters in specific GET requests, potentially allowing remote attackers to execute arbitrary code with root privileges.
Product: Siemens InterMesh 7177 Hybrid
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47901
NVD References: https://cert-portal.siemens.com/productcert/html/ssa-333468.html
CVE-2024-49652 - ReneeCussack 3D Work In Progress allows attackers to upload a malicious web shell to a web server due to unrestricted file type upload vulnerability.
Product: ReneeCussack 3D Work In Progress
Active Installations: unknown
CVSS Score: 9.9
CVE-2024-49653 - Portfolleo allows for unrestricted upload of files with dangerous types, allowing attackers to upload a web shell to a web server.
Product: James Eggers Portfolleo
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49653
NVD References: https://patchstack.com/database/vulnerability/portfolleo/wordpress-portfolleo-plugin-1-2-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-49658 - Woocommerce Custom Profile Picture allows for unrestricted upload of dangerous files, potentially leading to the upload of a web shell on the web server.
Product: Ecomerciar Woocommerce Custom Profile Picture
Active Installations: unknown
CVSS Score: 9.9
CVE-2024-49668 - Verbalize WP allows unrestricted upload of dangerous files, potentially enabling attackers to upload a web shell to the server.
Product: Admin Verbalize WPActive Installations: unknownCVSS Score: 10.0NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49668NVD References: https://patchstack.com/database/vulnerability/verbalize-wp/wordpress-verbalize-wp-plugin-1-0-arbitrary-file-upload-vulnerability?_s_id=cveCVE-2024-49669 - INK Official allows for the unrestricted upload of dangerous file types, potentially enabling the upload of web shells to web servers, impacting versions from n/a through 4.1.2.Product: Alexander De Ridder INK OfficialActive Installations: unknownCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49669NVD References: https://patchstack.com/database/vulnerability/ink-official/wordpress-ink-official-plugin-4-1-2-arbitrary-file-upload-vulnerability?_s_id=cveCVE-2024-49671 - AI Image Generator for Your Content & Featured Images – AI Postpix allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to a web server.Product: Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI PostpixActive Installations: unknownCVSS Score: 9.9NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49671NVD References: https://patchstack.com/database/vulnerability/ai-postpix/wordpress-ai-postpix-plugin-1-1-8-arbitrary-file-upload-vulnerability?_s_id=cveCVE-2024-48538 - Neye3C v4.5.2.0 has incorrect access control, allowing attackers to access sensitive information through the firmware update and download processes.Product: Neye3CCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48538NVD References: - http://neye3c.com- http://www.netdvr.cn/page6- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.gooclient.anycam.neye3ctwo/com.gooclient.anycam.neye3ctwo.mdCVE-2024-48539 - Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.Product: Neye3CCVSS Score: 9.8 NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48539NVD References: - http://neye3c.com- http://www.netdvr.cn/page6- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.gooclient.anycam.neye3ctwo/com.gooclient.anycam.neye3ctwo_key.mdCVE-2024-10335 - SourceCodester Garbage Collection Management System 1.0 is vulnerable to a critical SQL injection flaw in the login.php file, allowing remote attackers to manipulate the username/password argument.Product: SourceCodester Garbage Collection Management SystemCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10335NVD References: https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.mdCVE-2024-10336 - SourceCodeHero Clothes Recommendation System 1.0 is vulnerable to a critical SQL injection in the Admin Login Page component's /admin/index.php file, allowing remote attackers to manipulate the argument t1 for unauthorized access.Product: SourceCodeHero Clothes Recommendation System Project CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10336CVE-2024-48548 - Cloud Smart Lock v2.0.1 has a leaked URL in its APK file that allows attackers to bind physical devices through API calls using a bruteforce attack.Product: Cloud Smart Lock v2.0.1CVSS Score: 9.3NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48548NVD References: - https://cloudsmartlock.com/m/app.html- https://github.com/HankJames/Vul-Reports/blob/main/FirmwareLeakage/com.seamooncloud.cloudsmartlock/com.seamooncloud.cloudsmartlock.mdCVE-2024-46478 - HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.Product: HTMLDOC v1.9.18CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46478NVD References: - https://github.com/michaelrsweet/htmldoc/commit/683bec548e642cf4a17e003fb34f6bbaf2d27b98- https://github.com/michaelrsweet/htmldoc/issues/529CVE-2024-48143 - Digitory Multi Channel Integrated POS v1.0 lacks rate limiting in its OTP validation component, enabling attackers to flood the ordering system with excessive food orders.Product: Digitory Multi Channel Integrated POSCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48143NVD References: - https://digitory.com/multi-channel-integrated-pos/- https://github.com/soursec/CVEs/tree/main/CVE-2024-48143CVE-2024-48144 - Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 has a prompt injection vulnerability that enables attackers to access and steal all chat data between users and the AI assistant.Product: Fusion Chat Chat AI Assistant Ask Me AnythingCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48144NVD References: - https://apps.microsoft.com/detail/9n3ff8j3d7zr?hl=en-US&gl=US- https://github.com/soursec/CVEs/tree/main/CVE-2024-48144CVE-2024-48145 - Netangular Technologies ChatNet AI Version v1.0 is vulnerable to prompt injection, enabling attackers to access and steal all chat data exchanged with the AI assistant.Product: Netangular Technologies ChatNet AICVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48145NVD References: - https://apps.microsoft.com/deta…
CVE-2024-49671 - AI Image Generator for Your Content & Featured Images – AI Postpix allows unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to a web server.
Product: Dogu Pekgoz AI Image Generator for Your Content & Featured Images – AI Postpix
Active Installations: unknown
CVSS Score: 9.9
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49671
NVD References: https://patchstack.com/database/vulnerability/ai-postpix/wordpress-ai-postpix-plugin-1-1-8-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-48538 - Neye3C v4.5.2.0 has incorrect access control, allowing attackers to access sensitive information through the firmware update and download processes.
CVE-2024-48539 - Neye3C v4.5.2.0 was discovered to contain a hardcoded encryption key in the firmware update mechanism.
CVE-2024-10335 - SourceCodester Garbage Collection Management System 1.0 is vulnerable to a critical SQL injection flaw in the login.php file, allowing remote attackers to manipulate the username/password argument.
Product: SourceCodester Garbage Collection Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10335
NVD References: https://github.com/tang-0717/VUL/blob/main/Garbage-Collection-Management-System-01.md
CVE-2024-10336 - SourceCodeHero Clothes Recommendation System 1.0 is vulnerable to a critical SQL injection in the Admin Login Page component's /admin/index.php file, allowing remote attackers to manipulate the argument t1 for unauthorized access.
Product: SourceCodeHero Clothes Recommendation System Project
CVSS Score: 9.8
CVE-2024-48548 - Cloud Smart Lock v2.0.1 has a leaked URL in its APK file that allows attackers to bind physical devices through API calls using a bruteforce attack.
Product: Cloud Smart Lock v2.0.1
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48548
NVD References:
CVE-2024-46478 - HTMLDOC v1.9.18 contains a buffer overflow in parse_pre function,ps-pdf.cxx:5681.
Product: HTMLDOC v1.9.18
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-46478
NVD References:
- https://github.com/michaelrsweet/htmldoc/commit/683bec548e642cf4a17e003fb34f6bbaf2d27b98
CVE-2024-48143 - Digitory Multi Channel Integrated POS v1.0 lacks rate limiting in its OTP validation component, enabling attackers to flood the ordering system with excessive food orders.
Product: Digitory Multi Channel Integrated POS
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48143
NVD References:
CVE-2024-48144 - Fusion Chat Chat AI Assistant Ask Me Anything v1.2.4.0 has a prompt injection vulnerability that enables attackers to access and steal all chat data between users and the AI assistant.
Product: Fusion Chat Chat AI Assistant Ask Me Anything
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48144
NVD References:
- https://apps.microsoft.com/detail/9n3ff8j3d7zr?hl=en-US&gl=US
CVE-2024-48145 - Netangular Technologies ChatNet AI Version v1.0 is vulnerable to prompt injection, enabling attackers to access and steal all chat data exchanged with the AI assistant.
Product: Netangular Technologies ChatNet AI
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48145
NVD References:
- https://apps.microsoft.com/detail/9n3zxd05895t?hl=en-us&gl=US
CVE-2024-47883 - The OpenRefine fork of the MIT Simile Butterfly server is vulnerable to remote code execution and server-side request forgery prior to version 1.2.6.
Product: OpenRefine Butterfly
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47883
NVD References:
- https://github.com/OpenRefine/simile-butterfly/commit/537f64bfa72746f8b21d4bda461fad843435319c
- https://github.com/OpenRefine/simile-butterfly/security/advisories/GHSA-3p8v-w8mr-m3x8
CVE-2024-7763 - WhatsUp Gold versions released before 2024.0.0 have an Authentication Bypass issue that enables attackers to access encrypted user credentials.
Product: WhatsUp Gold
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7763
NVD References:
- https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-August-2024
CVE-2024-41617 - Money Manager EX WebApp (web-money-manager-ex) 1.2.2 is vulnerable to Incorrect Access Control, allowing unauthenticated attackers to upload and potentially execute arbitrary files.
Product: Money Manager EX WebApp
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41617
NVD References:
- https://github.com/moneymanagerex/web-money-manager-ex/issues/51
- https://github.com/moneymanagerex/web-money-manager-ex/releases/tag/v1.2.3
CVE-2024-41618 - Money Manager EX WebApp (web-money-manager-ex) 1.2.2 has an SQL Injection vulnerability in the `transaction_delete_group` function due to improper sanitization of user input.
Product: Money Manager EX WebApp
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-41618
NVD References:
- https://github.com/moneymanagerex/web-money-manager-ex/issues/51
- https://github.com/moneymanagerex/web-money-manager-ex/releases/tag/v1.2.3
CVE-2024-9488 - The Comments – wpDiscuz plugin for WordPress is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as any existing user on the site up to version 7.6.24.
Product: Wordpress wpDiscuz plugin
Active Installations: 80,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9488
NVD References:
- https://plugins.trac.wordpress.org/browser/wpdiscuz/trunk/forms/wpdFormAttr/Login/SocialLogin.php
CVE-2024-47406 - Sharp and Toshiba Tec MFPs improperly process HTTP authentication requests, resulting in an authentication bypass vulnerability.
Product: Sharp Toshiba Tec
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47406
NVD References:
- https://global.sharp/products/copier/info/info_security_2024-10.html
CVE-2022-30355 & CVE-2022-30357 - OvalEdge 5.2.8.0 and earlier is susceptible to Account Takeover vulnerabilities requiring authentication via a POST request to /profile/updateProfile.
CVE-2022-30355 & CVE-2022-30357 - OvalEdge 5.2.8.0 and earlier is susceptible to Account Takeover vulnerabilities requiring authentication via a POST request to /profile/updateProfile.Product: OvalEdge Profile ManagerCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-30355NVD: https://nvd.nist.gov/vuln/detail/CVE-2022-30357NVD References: - https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30355- https://cve.offsecguy.com/ovaledge/vulnerabilities/account-takeover#cve-2022-30357CVE-2024-48204 - Hanzhou Haobo network management system 1.0 is vulnerable to SQL injection, enabling remote attackers to execute arbitrary code using a crafted script.Product: Hanzhou Haobo network management system 1.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48204NVD References: https://gist.github.com/NasYangh/161618e4552ca40ad1ac25b4d673bfcfCVE-2024-48579 - Best House rental management system project in php v.1.0 is vulnerable to SQL Injection through the username parameter in login requests, enabling remote attackers to execute arbitrary code.Product: Best House rental management system projectCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48579NVD References: https://github.com/baineoli/CVE/blob/main/2024/house%20rental%20management%20system%20-%20SQL%20Injection%20%28Admin%20Login%29.mdCVE-2024-48580 & CVE-2024-48581 - Best courier management system in php v.1.0 vulnerabilities allow remote attackers to execute arbitrary code.Product: BestProduct name: courier management system in php v.1.0 CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48580NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48581NVD References: https://github.com/baineoli/CVE/blob/main/2024/courier%20management%20system%20-%20SQL%20Injection%20%28Admin%20Login%29.mdCVE-2024-10386 - Rockwell Automation ThinManager® is vulnerable to authentication attacks that could result in database manipulation through crafted messages sent over the network.Product: Rockwell Automation ThinManager®CVSS Score: 9.8 AtRiskScore 30NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10386NVD References: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.htmlCVE-2024-37846 - MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.Product: MangoOS before 5.2.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37846NVD References: - https://github.com/herombey/Disclosures/blob/main/CVE-2024-37846-CSTI.pdf- https://github.com/herombey/Disclosures/tree/mainCVE-2024-37847 - MangoOS and Mango API versions before 5.1.4 and 4.5.5, respectively, are vulnerable to arbitrary file upload attacks that enable remote code execution.Product: MangoOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37847NVD References: - https://github.com/herombey/Disclosures/blob/main/CVE-2024-37847%20File%20Upload%20Path%20Traversal.pdf- https://github.com/herombey/Disclosures/tree/mainCVE-2024-48218, CVE-2024-48222, CVE-2024-48223, CVE-2024-48226, CVE-2024-48229, & CVE-2024-48230 - Funadmin v5.0.2 has multiple SQL injection vulnerabilities in /curd/table/list.Product: Funadmin v5.0.2CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48218NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48222NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48223NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48226NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48229NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48230NVD References: - https://github.com/funadmin/funadmin/issues/21- https://github.com/funadmin/funadmin/issues/22- https://github.com/funadmin/funadmin/issues/23- https://github.com/funadmin/funadmin/issues/26- https://github.com/funadmin/funadmin/issues/28- https://github.com/funadmin/funadmin/issues/30CVE-2024-48225 - Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.Product: Funspot FunadminCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48225NVD References: https://github.com/funadmin/funadmin/issues/25CVE-2024-47821 - pyLoad Download Manager allows for remote code execution on versions prior to 0.5.0b3.dev87 by uploading an executable file to the `/scripts` folder and triggering a specific action.Product: pyLoad Download ManagerCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47821NVD References: https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53gCVE-2024-9930 - The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass up to version 0.2.3.2, allowing unauthenticated attackers to log in as any existing user on the site.Product: HocWP Team Extensions by HocWP Team pluginActive Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CV…
CVE-2024-48204 - Hanzhou Haobo network management system 1.0 is vulnerable to SQL injection, enabling remote attackers to execute arbitrary code using a crafted script.
Product: Hanzhou Haobo network management system 1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48204
NVD References: https://gist.github.com/NasYangh/161618e4552ca40ad1ac25b4d673bfcf
CVE-2024-48579 - Best House rental management system project in php v.1.0 is vulnerable to SQL Injection through the username parameter in login requests, enabling remote attackers to execute arbitrary code.
Product: Best House rental management system project
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48579
NVD References: https://github.com/baineoli/CVE/blob/main/2024/house%20rental%20management%20system%20-%20SQL%20Injection%20%28Admin%20Login%29.md
CVE-2024-48580 & CVE-2024-48581 - Best courier management system in php v.1.0 vulnerabilities allow remote attackers to execute arbitrary code.
Product: Best
Product name: courier management system in php v.1.0
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48580
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48581
NVD References: https://github.com/baineoli/CVE/blob/main/2024/courier%20management%20system%20-%20SQL%20Injection%20%28Admin%20Login%29.md
CVE-2024-10386 - Rockwell Automation ThinManager® is vulnerable to authentication attacks that could result in database manipulation through crafted messages sent over the network.
Product: Rockwell Automation ThinManager®
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10386
NVD References: https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1708.html
CVE-2024-37846 - MangoOS before 5.2.0 was discovered to contain a Client-Side Template Injection (CSTI) vulnerability via the Platform Management Edit page.
Product: MangoOS before 5.2.0CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37846NVD References: - https://github.com/herombey/Disclosures/blob/main/CVE-2024-37846-CSTI.pdf- https://github.com/herombey/Disclosures/tree/mainCVE-2024-37847 - MangoOS and Mango API versions before 5.1.4 and 4.5.5, respectively, are vulnerable to arbitrary file upload attacks that enable remote code execution.Product: MangoOSCVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-37847NVD References: - https://github.com/herombey/Disclosures/blob/main/CVE-2024-37847%20File%20Upload%20Path%20Traversal.pdf- https://github.com/herombey/Disclosures/tree/mainCVE-2024-48218, CVE-2024-48222, CVE-2024-48223, CVE-2024-48226, CVE-2024-48229, & CVE-2024-48230 - Funadmin v5.0.2 has multiple SQL injection vulnerabilities in /curd/table/list.Product: Funadmin v5.0.2CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48218NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48222NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48223NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48226NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48229NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48230NVD References: - https://github.com/funadmin/funadmin/issues/21- https://github.com/funadmin/funadmin/issues/22- https://github.com/funadmin/funadmin/issues/23- https://github.com/funadmin/funadmin/issues/26- https://github.com/funadmin/funadmin/issues/28- https://github.com/funadmin/funadmin/issues/30CVE-2024-48225 - Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.Product: Funspot FunadminCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48225NVD References: https://github.com/funadmin/funadmin/issues/25CVE-2024-47821 - pyLoad Download Manager allows for remote code execution on versions prior to 0.5.0b3.dev87 by uploading an executable file to the `/scripts` folder and triggering a specific action.Product: pyLoad Download ManagerCVSS Score: 9.1NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47821NVD References: https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53gCVE-2024-9930 - The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass up to version 0.2.3.2, allowing unauthenticated attackers to log in as any existing user on the site.Product: HocWP Team Extensions by HocWP Team pluginActive Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9930NVD References: - https://plugins.trac.wordpress.org/browser/sb-core/trunk/ext/account.php?rev=2715527#L374- https://www.wordfence.com/threat-intel/vulnerabilities/id/ca3775db-0722-4090-924e-81e38d5dce97?source=cveCVE-2024-9931 - The Wux Blog Editor plugin for WordPress up to version 3.0.0 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as the first administrator user.Product: WordPress Wux Blog Editor pluginActive Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9931NVD References: - https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675- https://www.wordfence.com/threat-intel/vulnerabilities/id/494ef738-c900-4d00-8739-3b261586d4ff?source=cveCVE-2024-9932 - The Wux Blog Editor plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code.Product: WordPress Wux Blog Editor pluginActive Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9932NVD References: - https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675- https://www.wordfence.com/threat-intel/vulnerabilities/id/c2c0ab2d-1ba9-4a0a-b1fa-bacebe1034eb?source=cveCVE-2024-9933 - The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to 3.9.6, allowing unauthenticated attackers to log in as the administrator user.Product: WatchTowerHQ WordPress pluginActive Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.CVSS Score: 9.8NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9933NVD References: - https://plugins.trac.wordpress.org/browser/watchtowerhq/tags/3.9.6/src/Password_Less_Access.php#L56- https://www.wordfence.com/threat-intel/vulnerabilities/id/50349086-e7b0-4f73-8722-1367cc05180e?source=cveCVE-2024-9501 - The WP Social Login and Register Social Counter plugin for WordPress allows unauthenticated attackers to log in as any existing user on the site due to an auth…
CVE-2024-37847 - MangoOS and Mango API versions before 5.1.4 and 4.5.5, respectively, are vulnerable to arbitrary file upload attacks that enable remote code execution.
CVE-2024-48218, CVE-2024-48222, CVE-2024-48223, CVE-2024-48226, CVE-2024-48229, & CVE-2024-48230 - Funadmin v5.0.2 has multiple SQL injection vulnerabilities in /curd/table/list.
Product: Funadmin v5.0.2
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48218
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48222
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48223
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48226
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48229
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48230
NVD References:
- https://github.com/funadmin/funadmin/issues/21
- https://github.com/funadmin/funadmin/issues/22
- https://github.com/funadmin/funadmin/issues/23
- https://github.com/funadmin/funadmin/issues/26
CVE-2024-48225 - Funadmin v5.0.2 has an arbitrary file deletion vulnerability in /curd/index/delfile.
Product: Funspot Funadmin
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-48225
NVD References: https://github.com/funadmin/funadmin/issues/25
CVE-2024-47821 - pyLoad Download Manager allows for remote code execution on versions prior to 0.5.0b3.dev87 by uploading an executable file to the `/scripts` folder and triggering a specific action.
Product: pyLoad Download Manager
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-47821
NVD References: https://github.com/pyload/pyload/security/advisories/GHSA-w7hq-f2pj-c53g
CVE-2024-9930 - The Extensions by HocWP Team plugin for WordPress is vulnerable to authentication bypass up to version 0.2.3.2, allowing unauthenticated attackers to log in as any existing user on the site.
Product: HocWP Team Extensions by HocWP Team plugin
Active Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9930
NVD References:
- https://plugins.trac.wordpress.org/browser/sb-core/trunk/ext/account.php?rev=2715527#L374
CVE-2024-9931 - The Wux Blog Editor plugin for WordPress up to version 3.0.0 is vulnerable to authentication bypass, allowing unauthenticated attackers to log in as the first administrator user.
Product: WordPress Wux Blog Editor plugin
Active Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9931
NVD References:
- https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675
CVE-2024-9932 - The Wux Blog Editor plugin for WordPress allows unauthenticated attackers to upload arbitrary files and potentially execute remote code.
Product: WordPress Wux Blog Editor plugin
Active Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9932
NVD References:
- https://plugins.trac.wordpress.org/browser/wux-blog-editor/tags/3.0.0/External_Post_Editor.php#L675
CVE-2024-9933 - The WatchTowerHQ plugin for WordPress is vulnerable to authentication bypass in versions up to 3.9.6, allowing unauthenticated attackers to log in as the administrator user.
Product: WatchTowerHQ WordPress plugin
Active Installations: This plugin has been closed as of October 25, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9933
NVD References:
- https://plugins.trac.wordpress.org/browser/watchtowerhq/tags/3.9.6/src/Password_Less_Access.php#L56
CVE-2024-9501 - The WP Social Login and Register Social Counter plugin for WordPress allows unauthenticated attackers to log in as any existing user on the site due to an authentication bypass vulnerability.
Product: Wordpress WP Social Login and Register Social Counter plugin
Active Installations: 20,000+
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9501
NVD References:
- https://plugins.trac.wordpress.org/browser/wp-social/tags/3.0.6/inc/admin-create-user.php#L205
CVE-2024-10413 - SourceCodester Online Hotel Reservation System 1.0 allows for remote attackers to launch an exploit through the manipulation of the argument image in the file /guest/update.php, resulting in unrestricted file upload.
Product: Janobe Online Hotel Reservation System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10413
NVD References: https://github.com/K1nako0/tmp_vuln11/blob/main/README.md
CVE-2024-10418 - Blood Bank Management System 1.0 is vulnerable to a critical sql injection in the file /file/infoAdd.php, allowing remote attackers to exploit the bg argument.
Product: Fabianros Blood Bank Management System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10418
NVD References: https://gist.github.com/higordiego/25a103a1fe84c4db4530e68d2f998d11
CVE-2024-10420 - SourceCodester Attendance and Payroll System 1.0 is vulnerable to remote unrestricted file upload due to manipulation of the image argument in update.php.
Product: Nurhodelta17 Attendance And Payroll System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10420
NVD References: https://github.com/K1nako0/tmp_vuln12/blob/main/README.md
CVE-2024-10421 & CVE-2024-10422 - SourceCodester Attendance and Payroll System 1.0 critical SQL injection vulnerabilities
Product: Nurhodelta17 Attendance And Payroll System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10421
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10422
NVD References: https://github.com/K1nako0/tmp_vuln13/blob/main/README.md
NVD References: https://github.com/K1nako0/tmp_vuln14/blob/main/README.md
CVE-2024-10423, CVE-2024-10424, & CVE-2024-10425 - Project Worlds Student Project Allocation System 1.0 is susceptible to critical SQL injection vulnerabilities
Product: Project Worlds Student Project Allocation System
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10423
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10424
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10425
NVD References:
CVE-2024-10440 - The eHDR CTMS from Sunnet is vulnerable to SQL Injection, enabling unauthenticated remote attackers to manipulate database contents.
Product: Sunnet eHDR CTMS
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10440
NVD References:
CVE-2024-50450 - RealMag777 WordPress Meta Data and Taxonomies Filter (MDTF) is vulnerable to improper control of code generation, allowing code injection from versions n/a through 1.3.3.4.
Product: Wordpress Meta Data And Taxonomies Filter
Active Installations: 1,000
CVSS Score: 9.8
CVE-2024-50477 - Stacks Mobile App Builder allows an authentication bypass through an alternate path or channel, affecting versions up to 5.2.3.
Product: Stacks Mobile App Builder
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-50486 - Acnoo Flutter API is vulnerable to Authentication Bypass through an alternate path or channel, impacting versions from n/a to 1.0.5.
Product: Acnoo Flutter API
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-50487 - MaanStore API is vulnerable to authentication bypass via an alternate path or channel, impacting versions from n/a through 1.0.1.
Product: MaanTheme MaanStore API
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50487
NVD References: https://patchstack.com/database/vulnerability/maanstore-api/wordpress-maanstore-api-plugin-1-0-1-account-takeover-vulnerability?_s_id=cve
CVE-2024-50489 - Realty Workstation is vulnerable to authentication bypass through an alternate path or channel, affecting versions from n/a through 1.0.45.
Product: Realty Workstation
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-50498 - WP Query Console is vulnerable to Code Injection due to improper control of code generation, impacting versions from n/a through 1.0.
Product: Lubus WP Query Console
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-50478 - Swoop 1-Click Login: Passwordless Authentication is vulnerable to an Authentication Bypass through its primary weakness.
Product: Swoop 1-Click Login
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-50479 - Mansur Ahamed Woocommerce Quote Calculator is vulnerable to Blind SQL Injection from versions n/a through 1.1.
Product: Mansur Ahamed Woocommerce Quote Calculator
Active Installations: unknown
CVSS Score: 9.3
CVE-2024-50483 - Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.
Product: Meetup
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50483
NVD References: https://patchstack.com/database/vulnerability/meetup/wordpress-meetup-plugin-0-1-broken-authentication-vulnerability?_s_id=cve
CVE-2024-50491 - Micah Blu RSVP ME is vulnerable to SQL Injection from n/a through 1.9.9.
Product: Micah Blu RSVP ME
Active Installations: unknown
CVSS Score: 9.3
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50491
NVD References: https://patchstack.com/database/vulnerability/rsvp-me/wordpress-rsvp-me-plugin-1-9-9-sql-injection-vulnerability?_s_id=cve
CVE-2024-50495 - WidgiLabs Plugin Propagator allows malicious upload of web shells due to unrestricted file uploads vulnerability.
Product: WidgiLabs Plugin Propagator
Active Installations: unknown
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50495
NVD References: https://patchstack.com/database/vulnerability/wp-propagator/wordpress-plugin-propagator-plugin-0-1-arbitrary-file-upload-vulnerability?_s_id=cve
CVE-2024-50496 - AR For WordPress is vulnerable to unrestricted file uploads of dangerous types, allowing an attacker to upload a web shell to a web server, affecting versions from n/a through 6.2.
Product: Web and Print Design AR For WordPress
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-44217 - iOS and iPadOS 18 fixed a permissions vulnerability by removing vulnerable code and adding additional checks, allowing password autofill to potentially fill passwords after failed authentication.
Product: Apple iOS
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44217
NVD References: https://support.apple.com/en-us/121250
CVE-2024-45656 - IBM Flexible Service Processor (FSP) has static credentials that can be exploited by network users to gain unauthorized service privileges.
Product: IBM Flexible Service Processor (FSP)
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-45656
NVD References: https://www.ibm.com/support/pages/node/7174183
CVE-2024-50480 - Azexo Marketing Automation by AZEXO allows attackers to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability.
Product: AZEXO Marketing Automation
Active Installations: unknown
CVSS Score: 9.9
CVE-2024-50482 - Woocommerce Product Design allows for the unrestricted upload of dangerous file types, potentially enabling attackers to upload web shells to a web server.
Product: Chetan Khandla Woocommerce Product Design
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-50484 - Multi Purpose Mail Form is vulnerable to file uploads that can allow attackers to upload a web shell onto a web server.
Product: mahlamusa Multi Purpose Mail Form
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-50493 - Automatic Translation: Unrestricted uploading of dangerous file types allows attackers to upload a web shell to the web server, affecting versions up to 1.0.4.
Product: masterhomepage Automatic Translation
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-50494 - Sudan Payment Gateway for WooCommerce allows for unrestricted upload of dangerous file types, which can lead to the uploading of a web shell onto a web server.
Product: Amin Omer Sudan Payment Gateway for WooCommerce
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-50473 - Ajar Productions Ajar in5 Embed allows the unrestricted upload of files with dangerous types, potentially enabling the upload of a web shell to a web server.
Product: Ajar Productions Ajar in5 Embed
Active Installations: unknown
CVSS Score: 10.0
CVE-2024-50475 - Missing Authorization vulnerability in Scott Gamon Signup Page allows Privilege Escalation.This issue affects Signup Page: from n/a through 1.0.
Product: Scott Gamon Signup Page
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-50476 - GRÜN spendino Spendenformular allows Privilege Escalation due to Missing Authorization vulnerability, affecting versions n/a through 1.0.1.
Product: GRÜN Software Group GmbH GRÜN spendino Spendenformular
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-50485 - Exam Matrix has an Incorrect Privilege Assignment vulnerability that allows Privilege Escalation from versions n/a through 1.5.
Product: Udit Rawat Exam Matrix
Active Installations: unknown
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-50485
NVD References: https://patchstack.com/database/vulnerability/exam-matrix/wordpress-exam-matrix-plugin-1-5-privilege-escalation-vulnerability?_s_id=cve
CVE-2024-50490 - PegaPoll allows unauthorized access to functionality not restricted by ACLs.
Product: Szabolcs Szecsenyi PegaPoll
Active Installations: unknown
CVSS Score: 9.8
CVE-2024-10467 - Firefox, Firefox ESR, and Thunderbird versions below 132 are vulnerable to memory safety bugs allowing potential arbitrary code execution.
Product: Mozilla Firefox
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10467
NVD References:
- https://www.mozilla.org/security/advisories/mfsa2024-55/
- https://www.mozilla.org/security/advisories/mfsa2024-56/
CVE-2024-10468 - Firefox and Thunderbird versions prior to 132 are vulnerable to potential race conditions in IndexedDB leading to memory corruption and exploitable crashes.
Product: Mozilla Firefox
CVSS Score: 9.8 AtRiskScore 30
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10468
NVD References:
- https://bugzilla.mozilla.org/show_bug.cgi?id=1914982
CVE-2024-10474 - Focus for iOS < 132 had a vulnerability that allowed internal links to use the app scheme for deeplinking, potentially bypassing URL safety checks.
Product: Focus for iOS
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-10474
NVD References:
CVE-2024-5982 - Gaizhenbiao/chuanhuchatgpt has a path traversal vulnerability due to unsanitized input handling in user upload, directory creation, and template loading features, enabling remote code execution, directory creation, and CSV file content leakage.
Product: Gaizhenbiao/chuanhuchatgpt
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-5982
NVD References:
- https://github.com/gaizhenbiao/chuanhuchatgpt/commit/952fc8c3cbacead858311747cddd4bedcb4721d7
- https://huntr.com/bounties/5d5c5356-e893-44d1-b5ca-642aa05d96bb
CVE-2024-7474 - lunary-ai/lunary version 1.3.2 is vulnerable to an Insecure Direct Object Reference (IDOR) flaw, enabling unauthorized access to external user data by manipulating the 'id' parameter in the request URL.
Product: lunary-ai lunary
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7474
NVD References:
- https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5
- https://huntr.com/bounties/95d8b993-3347-4ef5-a2b3-1f57219b7871
CVE-2024-7475 - Lunary version 1.3.2 is vulnerable to improper access control, allowing unauthorized users to update the SAML configuration and potentially manipulate authentication processes and steal user information.
Product: lunary-ai lunary
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-7475
NVD References:
- https://github.com/lunary-ai/lunary/commit/8f563c77d8614a72980113f530c7a9ec15a5f8d5
- https://huntr.com/bounties/78c824f7-3b6d-443d-bb76-0f8031c6c126
CVE-2024-49768 - Waitress is vulnerable to a remote client sending a request of exact length followed by a secondary request using HTTP pipelining, allowing a race condition that can be fixed by disabling channel_request_lookahead.
Product: Pylons Project Waitress
CVSS Score: 9.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-49768
NVD References:
- https://github.com/Pylons/waitress/commit/e4359018537af376cf24bd13616d861e2fb76f65
- https://github.com/Pylons/waitress/security/advisories/GHSA-9298-4cf8-g4wj
CVE-2024-8923 - ServiceNow has fixed an input validation vulnerability allowing remote code execution on the Now Platform.
Product: ServiceNow Now Platform
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-8923
NVD References: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070
CVE-2024-9988 - The Crypto plugin for WordPress allows unauthenticated attackers to log in as any existing user, including administrators, due to an authentication bypass vulnerability in versions up to 2.15.
Product: WordPress Crypto plugin
Active Installations: This plugin has been closed as of October 28, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9988
NVD References:
CVE-2024-9989 - The Crypto plugin for WordPress allows unauthenticated attackers to bypass authentication and log in as any existing user, including administrators, due to an arbitrary method call vulnerability in versions up to 2.15.
Product: WordPress Crypto plugin
Active Installations: This plugin has been closed as of October 28, 2024 and is not available for download. This closure is temporary, pending a full review.
CVSS Score: 9.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-9989
NVD References:
CVE-2024-51378 - CyberPanel (aka Cyber Panel) before 1c0c6cb allows remote attackers to bypass authentication and execute arbitrary commands.
Product: CyberPanel
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51378
NVD References:
- https://cwe.mitre.org/data/definitions/420.html
- https://cwe.mitre.org/data/definitions/78.html
- https://cyberpanel.net/KnowledgeBase/home/change-logs/
- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
- https://github.com/usmannasir/cyberpanel/commit/1c0c6cbcf71abe573da0b5fddfb9603e7477f683
- https://refr4g.github.io/posts/cyberpanel-command-injection-vulnerability/
CVE-2024-51567 - CyberPanel before 5b08cd6 allows remote attackers to execute arbitrary commands via /dataBases/upgrademysqlstatus by bypassing secMiddleware and using shell metacharacters in the statusfile property.
Product: CyberPanel
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51567
NVD References:
- https://cwe.mitre.org/data/definitions/420.html
- https://cwe.mitre.org/data/definitions/78.html
- https://cyberpanel.net/KnowledgeBase/home/change-logs/
- https://cyberpanel.net/blog/detials-and-fix-of-recent-security-issue-and-patch-of-cyberpanel
- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
- https://github.com/usmannasir/cyberpanel/commit/5b08cd6d53f4dbc2107ad9f555122ce8b0996515
CVE-2024-51568 - CyberPanel before version 2.3.5 is vulnerable to Command Injection and unauthenticated remote code execution through /filemanager/upload.
Product: CyberPanel
CVSS Score: 10.0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-51568
NVD References:
- https://cwe.mitre.org/data/definitions/78.html
- https://cyberpanel.net/KnowledgeBase/home/change-logs/
- https://cyberpanel.net/blog/cyberpanel-v2-3-5
- https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
CVE-2024-44122 - macOS Ventura 13.7.1, macOS Sequoia 15, and macOS Sonoma 14.7.1 are vulnerable to a logic issue that allows applications to break out of their sandbox.
Product: Apple macOS
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44122
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
- https://support.apple.com/en-us/121238
CVE-2024-44126 - macOS Ventura 13.7.1, macOS Sequoia 15, iOS 17.7 and iPadOS 17.7, macOS Sonoma 14.7, visionOS 2, iOS 18, and iPadOS 18 are all vulnerable to heap corruption when processing a maliciously crafted file, but the issue has been fixed with improved checks.
Product: Apple macOS, iOS, iPadOS, and visionOS
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44126
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
- https://support.apple.com/en-us/121238
- https://support.apple.com/en-us/121246
- https://support.apple.com/en-us/121247
- https://support.apple.com/en-us/121249
CVE-2024-44156 - macOS had a path deletion vulnerability that allowed apps to bypass Privacy preferences, fixed in versions 13.7.1 and 14.7.1.
Product: Apple macOS
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44156
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
CVE-2024-44159 - macOS had a path deletion vulnerability that allowed apps to bypass Privacy preferences, fixed in versions 13.7.1 and 14.7.1.
Product: Apple macOS
CVSS Score: 7.1
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44159
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
CVE-2024-44218 - iOS, iPadOS, macOS Sonoma are affected by a vulnerability that could result in heap corruption when processing a malicious file, fixed in versions including iOS 17.7.1 and iPadOS 17.7.1.
Product: Apple iOS, iPadOS, macOS Sonoma
CVSS Score: 7.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44218
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
- https://support.apple.com/en-us/121563
CVE-2024-44259 - iOS, iPadOS, and visionOS versions 17.7.1, 18.1, and 2.1 are susceptible to unauthorized downloading of malicious content due to a trust relationship misuse.
Product: Apple iOS, iPadOS, and visionOS
CVSS Score: 8.8
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44259
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
- https://support.apple.com/en-us/121563
- https://support.apple.com/en-us/121564
- https://support.apple.com/en-us/121566
CVE-2024-44277 - iOS, iPadOS, visionOS, and tvOS version 18.1 addressed an issue with improved memory handling, preventing an app from causing unexpected system termination or corrupting kernel memory.
Product: Apple iOS, iPadOS, visionOS, and tvOS
CVSS Score: 7.7
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44277
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
- https://support.apple.com/en-us/121563
CVE-2024-44289 - macOS Ventura and macOS Sonoma versions 13.7.1 and 14.7.1 address a privacy issue allowing apps to access sensitive location data.
Product: Apple macOS
CVSS Score: 7.5
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44289
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
CVE-2024-44295 - macOS Ventura and macOS Sonoma allows apps to modify protected parts of the file system due to insufficient entitlement checks.
Product: Apple macOS Ventura and macOS Sonoma
CVSS Score: 7.7
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-44295
ISC Diary: https://isc.sans.edu/diary/31390
NVD References:
CVE-2024-38812 - vCenter Server is vulnerable to a heap-overflow in the DCERPC protocol, allowing remote code execution by a malicious actor via a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38812
ISC Podcast: https://isc.sans.edu/podcastdetail/9192
CVE-2024-38813 - The vCenter Server is vulnerable to privilege escalation, allowing a malicious actor to gain root access through a specially crafted network packet.
Product: VMware vCenter Server
CVSS Score: 0
NVD: https://nvd.nist.gov/vuln/detail/CVE-2024-38813
ISC Podcast: https://isc.sans.edu/podcastdetail/9192
The following vulnerability needs a manual review:
CVE-2024-41992 - A command injection vulnerability has been identified in the Wi-Fi Test Suite, a tool developed by the WiFi Alliance, which has been found deployed on Arcadyan routers. This flaw allows an unauthenticated local attacker to exploit the Wi-Fi Test Suite by sending specially crafted packets, enabling the execution of arbitrary commands with root privileges on the affected routers. The CERT/CC recommends that vendors, who have included the Wi-Fi Test Suite, to update it to version >=9.0 or remove it entirely from production devices to reduce the risk of exploitation.
Product: WiFi Alliance Wi-Fi Test Suite
CVSS Score: N/A
NVD: N/A
ISC Podcast: https://isc.sans.edu/podcastdetail/9198
References:
- https://kb.cert.org/vuls/id/123336
- https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/
Sponsors
Vulcan Cyber
Are you exposed to one of the top-ten nastiest vulnerabilities of Q3? Download the Q3 2024 Vulnerability Watch report to find out. The report calls out vulns in Microsoft, OpenSSH, VMware and more, details exposure risk specifications, and provides practical mitigating actions for each. Stay one step ahead of the most-critical exposure risk.
SANS
Virtual Event: SANS 2024 Detection & Response Survey: Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response | November 20, 10:30 AM ET | Join SANS Certified Instructor Josh Lemon and guest speakers as they provide insights into the prevalence of organizations maintaining separate detection and response teams, shedding light on the reasons behind such decisions and their implications for overall security posture.
SANS
Virtual Event: SANS 2024 Detection & Response Survey: Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response | November 20, 10:30 AM ET | Join SANS Certified Instructor Josh Lemon and guest speakers as they provide insights into the prevalence of organizations maintaining separate detection and response teams, shedding light on the reasons behind such decisions and their implications for overall security posture.
SANS
Virtual Event: SANS 2024 Detection & Response Survey: Transforming Cybersecurity Operations: AI, Automation, and Integration in Detection and Response | November 20, 10:30 AM ET | Join SANS Certified Instructor Josh Lemon and guest speakers as they provide insights into the prevalence of organizations maintaining separate detection and response teams, shedding light on the reasons behind such decisions and their implications for overall security posture.