ALERTS VULNEREBILITY
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE | NAME | CATEGORY | SUBCATE | INFO |
|
1.11.24 | CVE-2024-40711 - Veeam Backup and Replication deserialization vulnerability exploited by ransomware actors | ALERTS | VULNEREBILITY | CVE-2024-40711 is a recently disclosed critical (CVSS score 9.8) deserialization vulnerability affecting the Veeam Backup and Replication software in version 12.1.2.172 or older. If successfully exploited the flaw might provide unauthenticated attackers with remote code execution (RCE) on the vulnerable systems. The vulnerability has been reported as being exploited in the wild by the Akira and Fog ransomware threat groups. Following those reports, CVE-2024-40711 has also been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog. |
|
27.10.24 | Multiple vulnerabilities affecting Palo Alto Networks Expedition | ALERTS | VULNEREBILITY | Multiple vulnerabilities affecting Palo Alto Networks Expedition have been disclosed this month. The reported flaws (CVE-2024-9463, CVE-2024-9464, CVE-2024-9465, CVE-2024-9466, CVE-2024-9467) have been rated between CVSS 7.0 and CVSS 9.9 and include a mix of command injection, cross-site scripting (XSS), cleartext storage of sensitive information, missing authentication, and SQL injection vulnerabilities. If exploited they could allow the attackers to read database contents in addition to writing arbitrary files to temporary storage locations on the vulnerable system, among others. The vulnerabilities have already been addressed by the product vendor in the application version 1.2.96 or later. |
|
27.10.24 | CVE-2024-47575 - Fortinet FortiManager Missing Authentication vulnerability | ALERTS | VULNEREBILITY | CVE-2024-47575 is a Zero-day vulnerability affecting Fortinet FortiManager, that has been disclosed just this month. The vulnerability has been rated with a critical CVSS score of 9.8. If successfully exploited, it could allow remote unauthenticated attackers to execute arbitrary code via specially crafted requests. The flaw has been reported as being exploited in the wild attacks since at least June 2024. Following those reports, it has also been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog just this week. |
|
27.10.24 | CVE-2024-38094 - Microsoft SharePoint Deserialization vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2024-38094 is a deserialization vulnerability affecting Microsoft SharePoint, which was initially disclosed and patched back in July 2024. The flaw rated with a CVSS score of 7.2 arises from the product deserializing data without enough verification that the resulting data output will be valid. Successful exploitation of this flaw could allow the attackers to inject and execute arbitrary code withing the context of the vulnerable application. Following the public reports of this vulnerability being exploited in the wild, it has been added to the CISA's Known Exploited Vulnerabilities (KEV) catalog just this week. |
|
27.10.24 | CVE-2024-9680 - Mozilla Firefox Remote Code Execution vulnerability | ALERTS | VULNEREBILITY | CVE-2024-9680 is a recently disclosed Remote Code Execution (RCE) vulnerability affecting Mozilla Firefox and Thunderbird software. The vulnerability has been assigned a critical CVSS score of 9.8 and arises from a "use-after-free" flaw in the animation timeline component of the browser. Successful exploitation might allow the attackers to run arbitrary and potentially malicious code within the content process of the browser. The vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating reports of an active exploitation in the wild. The flaw has already been addressed in latest software versions released by Mozilla. |
|
27.10.24 | CVE-2024-28987 - SolarWinds Web Help Desk Hardcoded Credential vulnerability | ALERTS | VULNEREBILITY | CVE-2024-28987 is a recently disclosed hardcoded credential vulnerability affecting the SolarWinds Web Help Desk (WHD) software. The flaw is rated as critical (CVSS score 9.1 and if successfully exploited could allow remote unauthenticated attackers to access internal software functionality and modify data. The vulnerability has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating reports of an active exploitation in the wild. Software vendor has already released a patched version of the WHD application - 12.8.3 HF2 that addresses this vulnerability. |
|
27.10.24 | Microsoft Windows Kernel TOCTOU Race Condition Vulnerability (CVE-2024-30088) | ALERTS | VULNEREBILITY | CVE-2024-30088 is a Time-Of-Check Time-Of-Use (TOCTOU) race condition vulnerability in the Microsoft Windows Kernel. It arises when the state of a resource is modified between its validation (check) and actual use, allowing attackers to exploit the gap for privilege escalation. When successfully exploited, this vulnerability can enable attackers to execute code with elevated privileges on affected systems. It is now part of CISA's Known Exploited Vulnerabilities (KEV) catalog, indicating active exploitation in the wild. |
|
27.10.24 | CVE-2024-44849 - Qualitor Remote Code Execution (RCE) vulnerability | ALERTS | VULNEREBILITY | CVE-2024-44849 is a critical (CVSS: 9.8) Remote Code Execution (RCE) vulnerability in Qualitor, which is a platform for managing customer service processes and centralizing services. This exploit allows remote code execution (RCE) through an arbitrary file upload in Qualitor version before 8.24. If successfully exploited, this vulnerability might allow remote attackers to compromise the host system, potentially resulting in a complete system takeover. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
|
27.10.24 | CVE-2024-45519 - Remote Command Execution vulnerability in Zimbra Collaboration Suite | ALERTS | VULNEREBILITY | CVE-2024-45519 is a recently disclosed Remote Code Execution (RCE) vulnerability in Zimbra Collaboration Suite (ZCS) affecting versions before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1. The flaw stems from user input sanitation failure that if successfully exploited might allow the unauthenticated attackers to execute arbitrary code within the context of the vulnerable Zimbra installations. |
|
27.10.24 | CVE-2024-43363 - Cacti RCE vulnerability | ALERTS | VULNEREBILITY | CVE-2024-43363 is a remote code execution (RCE) vulnerability in Cacti, a network monitoring and fault management framework. Successful flaw exploitation happens via log poisoning on the vulnerable instances. This exploitation could ultimately allow the attackers for arbitrary command execution. The vulnerability has been fixed in product version 1.2.28 or higher. |
|
27.10.24 | CVE-2024-43573 - Microsoft Windows MSHTML Platform spoofing vulnerability | ALERTS | VULNEREBILITY | CVE-2024-43573 is a spoofing vulnerability that has been recently disclosed as part of the October 2024 Patch Tuesday. The vulnerability is affecting Microsoft Windows MSHTML Platform. Assigned with the CVSS score of 6.5 (Moderate) the flaw might allow attackers to execute arbitrary code within the context of the vulnerable application. CVE-2024-43573 has also been added to the "Known Exploited Vulnerabilities Catalog" by CISA, following reports of active exploitation in the wild. |
|
27.10.24 | CVE-2024-7954 - Remote Code Execution vulnerability in SPIP Porte Plume Plugin | ALERTS | VULNEREBILITY | CVE-2024-7954 is a critical (CVSS score 9.8) Remote Code Execution (RCE) vulnerability in porte_plume plugin used by SPIP versions prior to 4.30-alpha2, 4.2.13, and 4.1.16. SPIP is free software content management system (CMS) for publishing websites. The flaw might allow a remote, unauthenticated attacker to send a crafted HTTP request and execute arbitrary PHP code as the SPIP user. The attack can fully compromise the server to steal confidential information and pivot to the internal network. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
|
27.10.24 | CVE-2024-43572 - Microsoft Windows Management Console RCE vulnerability | ALERTS | VULNEREBILITY | CVE-2024-43572 is a Microsoft Windows Management Console remote code execution (RCE) vulnerability recently disclosed and patched as part of the October 2024 Patch Tuesday. The vulnerability is exploited through execution of specially crafted malicious Microsoft Saved Console (MSC) files. Successful exploitation of this flaw could allow attackers to run arbitrary code within the context of the application. CVE-2024-43572 has also been added to the "Known Exploited Vulnerabilities Catalog" by CISA, following reports of active exploitation in the wild. |
|
27.10.24 | Perfctl malware campaign exploiting RocketMQ vulnerability hits Linux Servers worldwide | ALERTS | VULNEREBILITY | A Perfctl malware campaign targeting millions of Linux servers worldwide has been observed. The campaign exploits the CVE-2023-33246 RocketMQ vulnerability. The malware employs rootkits for stealth and process masquerading along with TOR for command and control (C2) communication. As the final payload, it deploys a cryptominer alongside proxy hijacking software. Additionally, the malware utilizes temporary directories and modified system utilities to evade detection. |
|
27.10.24 | New Ivanti CSA vulnerabilities exploited in the wild | ALERTS | VULNEREBILITY | Ivanti has published a new security advisory regarding three recently disclosed Ivanti CSA (Cloud Services Application) vulnerabilities. The reported vulnerabilities are as follows. |
|
27.10.24 | K4Spreader and Hadooken Latest Attacks | ALERTS | VULNEREBILITY | Recent research identified an infection chain targeting Windows and Linux systems through Oracle WebLogic vulnerabilities (CVE-2017-10271 and CVE-2020-14883). The attacker used Python and Bash scripts to deploy K4Spreader malware, which delivered the Tsunami backdoor and a cryptominer. A PowerShell script was also attempted for Windows systems. Another research team reported a separate attack in which Hadooken malware exploited a configuration vulnerability in WebLogic servers, using shell and Python scripts to install a cryptominer and Tsunami malware. |
|
27.10.24 | CVE-2024-43461 - Windows MSHTML Platform Spoofing vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2024-43461 is a Windows MSHTML spoofing vulnerability recently disclosed as part of the September 2024 Patch Tuesday. Successful exploiting of this flaw might allow attackers to execute arbitrary code within the context of the application. This flaw has been reported as being exploited in zero-day attacks in conjunction with another MSHTML vulnerability from July - CVE-2024-38112. |
|
27.10.24 | CVE-2024-6670 - Progress WhatsUp Gold SQL Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-6670 is a recently disclosed SQL Injection vulnerability affecting Progress WhatsUp Gold, which is a well known network monitoring software. Successful exploitation of this flaw could allow an unauthenticated attacker to retrieve the user's encrypted passwords. The vulnerability has also been added to the "Known Exploited Vulnerabilities Catalog" by CISA, following reports of active exploitation in conjunction with another WhatsUp Gold vulnerability CVE-2024-6671. |
|
27.10.24 | Vulnerabilities in the Common UNIX Printing System (CUPS) | ALERTS | VULNEREBILITY | Symantec is aware of multiple vulnerabilities in the Common UNIX Printing System (CUPS) on UNIX-based systems, where an attacker could exploit certain configurations to gain unauthorized access and perform remote code execution (RCE), particularly by leveraging the cups-browsed service. |
28.9.24 | CVE-2024-8190 - Ivanti Cloud Service Appliance Command Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-8190 is a high severity (CVSS score 7.2) OS Command Injection vulnerability affecting Ivanti Cloud Services Appliance (CSA) versions 4.6 Patch 518 or older. If successfully exploited the flaw might allow a remote authenticated attacker for arbitrary code execution. |
11.9.24 | CVE-2024-45195: Remote Code Execution (RCE) vulnerability in Apache OFBiz | VULNEREBILITY | CVE-2024-45195 is a high-severity (CVSS: 7.5) Remote Code Execution (RCE) vulnerability in Apache OFBiz, a comprehensive suite of business applications. An attacker could likely exploit this vulnerability by framing a specially designed URL that bypasses authentication protocols. If successfully exploited, this vulnerability will allow remote attackers to execute malicious code on the server, potentially leading to complete system compromise. | |
11.9.24 | Ongoing exploitation of CVE-2024-36401 in OSGeo GeoServer GeoTools | VULNEREBILITY | Multiple campaigns are exploiting a recently disclosed security flaw in OSGeo GeoServer GeoTools. The vulnerability, identified as CVE-2024-36401 (with a CVSS score of 9.8), is a critical remote code execution bug that allows malicious actors to take control of affected instances. This flaw has been leveraged to deploy GOREVERSE, a reverse proxy server designed to connect with a command-and-control (C2) server for post-exploitation activities. | |
6.9.24 | CVE-2024-5932 - GiveWP WordPress Plugin vulnerability | VULNEREBILITY | CVE-2024-5932 is a recently disclosed vulnerability affecting GiveWP plugin, which is a Donation and Fundraising Platform plugin for WordPress. The flaw allows for malicious injection within the vulnerable version of the plugin, up to 3.14.1. Successfully exploitation of this flaw might allow unauthenticated attackers to inject an arbitrary PHP Object which can further lead up to arbitrary code execution within the context of the vulnerable application. A patched version 3.14.2 of the plugin has been already released. | |
5.9.24 | CVE-2024-24809 & CVE-2024-31214 vulnerabilities affecting Traccar 5 | VULNEREBILITY | CVE-2024-24809 and CVE-2024-31214 are recently disclosed vulnerabilities affecting Traccar 5 which is an open-source GPS tracking system. The vulnerabilities are rated as CVSS score: 8.5 and CVSS score: 9.7 respectively. Successful exploitation in the affected product versions 5.1 through 5.12 could provide unauthenticated attackers with path traversal and unrestricted upload of arbitrary files. This exploitation could potentially lead to further compromise such as remote code execution on the affected instances. Product vendor has already released patch addressing the vulnerabilities in product version 6.0. | |
5.9.24 | CVE-2024-22319 - JNDI Injection Vulnerability in IBM Operational Decision Manager | VULNEREBILITY | CVE-2024-22319 is a critical (CVSS: 9.8) JNDI injection vulnerability in IBM Operational Decision Manager. IBM ODM is a comprehensive decision automation solution that helps organizations automate and optimize their decision-making processes. Attackers can exploit this flaw by injecting malicious code into an unchecked argument passed to a specific API through JNDI (Java Naming and Directory Interface). | |
5.9.24 | CVE-2024-7593 - Ivanti Virtual Traffic Manager (vTM) Authentication Bypass vulnerability | VULNEREBILITY | CVE-2024-7593 is a critical (CVSS score 9.8) XML authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM). Successful exploitation of this flaw could allow the attackers to bypass authentication and create new administrative users. Such compromise could potentially lead later to arbitrary code execution within the context of the vulnerable application. Product vendor has already released patch addressing this vulnerability in the updated software versions. | |
31.8.24 | CVE-2024-38653 - XXE vulnerability in Ivanti Avalanche | VULNEREBILITY | CVE-2024-38653 is a high severity (CVSS score 7.5) XML External Entity (XXE) vulnerability affecting SmartDeviceServer in Ivanti Avalanche, which is an enterprise endpoint management solution allowing for centralized device management within an organization. A successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read files on the vulnerable server. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. | |
29.8.24 | Critical vulnerability CVE-2023-22527 exploited for cryptomining activities | VULNEREBILITY | According to reports, the critical vulnerability CVE-2023-22527 is actively being exploited in the wild. This vulnerability is a severe OGNL injection flaw in Atlassian Confluence Data Center and Server. Threat actors are exploiting it for cryptojacking, transforming compromised systems into cryptomining networks. The attack vector includes deploying shell scripts and XMRig miners while maintaining persistence through cron jobs. | |
24.8.24 | CVE-2024-4885 - Progress Software WhatsUp Gold RCE vulnerability | VULNEREBILITY | CVE-2024-4885 is a recently disclosed critical (CVSS score 9.8) unauthenticated remote code vulnerability affecting Progress Software WhatsUp Gold, which is a network monitoring software. The exploitation of the bug might allow unauthenticated attackers to execute arbitrary commands with iisapppool/nmconsole privileges. | |
16.8.24 | CVE-2024-38856 - Apache OFBiz Pre-Authentication RCE vulnerability | VULNEREBILITY | CVE-2024-38856 is a recently disclosed critical (CVSS score 9.8) pre-authentication remote code execution vulnerability affecting Apache OFBiz versions up to 18.12.14. The vulnerability originates from a flaw in the override view functionality. Once exploited it allows unauthenticated attackers with remote code execution via crafted requests. The application vendor has released a patch addressing this vulnerability in product version 18.12.15 or newer. | |
16.8.24 | CVE-2024-40628/CVE-2024-40629 - JumpServer File Read and Upload vulnerabilities | VULNEREBILITY | CVE-2024-40628 and CVE-2024-40629 are recently disclosed file reading and uploading vulnerabilities affecting the JumpServer Ansible module. Successful exploitation of the flaw might allow low-privilege accounts with access to read/write files in the Celery container, posing both risk of sensitive information disclosure as well as potential arbitrary code execution within the context of the affected application. | |
29.7.24 | CVE-2024-40348 - Bazaar Directory Traversal vulnerability | ALERTS | VULNEREBILITY | CVE-2024-40348 is a recently disclosed directory traversal vulnerability affecting Bazaar (version 1.4.3) which is an open source version control software. Successful exploitation of the flaw might allow unauthenticated attackers to perform directory traversal on the vulnerable system, leading to unauthorized access to system directories and sensitive files. |
25.7.24 | CVE-2024-4879 - ServiceNow Jelly Template Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-4879 is a recently disclosed critical template injection vulnerability (CVSS score 9.3) affecting ServiceNow, which is a popular platform for digital business transformation. Successful exploitation of the flaw might allow the unauthenticated remote attackers to gain access and execute arbitrary code within the context of the Now Platform. The vulnerability has been already addressed in the patched software versions released by the application vendor. |
25.7.24 | Threat Actors continue to exploit CVE-2024-21412 | ALERTS | VULNEREBILITY | Threat actors continue to exploit CVE-2024-21412, a security bypass vulnerability in Microsoft Windows SmartScreen that was reported and patched in February 2024. |
18.7.24 | CVE-2024-36401: Vulnerability in OSGeo GeoServer GeoTools | ALERTS | VULNEREBILITY | CVE-2024-36401 (CVSS score: 9.8) is a vulnerability in OSGeo GeoServer GeoTools, with evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. |
16.7.24 | CVE-2024-36991 - Path Traversal vulnerability in Splunk Enterprise | ALERTS | VULNEREBILITY | CVE-2024-36991 (CVSS: 7.5 High) is a path traversal vulnerability in Splunk Enterprise, a big data platform that simplifies the task of collecting and managing massive volumes of machine-generated data, helping organizations derive insights from this data. |
11.7.24 | Ghostscript (CVE-2024-29510) | ALERTS | VULNEREBILITY | Symantec is aware of a remote code execution vulnerability (CVE-2024-29510) in the "Ghostscript" document conversion toolkit used on Linux systems. |
5.7.24 | CVE-2024-37051 - JetBrains IntelliJ IDEs vulnerability | ALERTS | VULNEREBILITY | CVE-2024-37051 is a recently disclosed critical vulnerability impacting Jetbrains IntelliJ integrated development environment (IDE) apps. |
4.7.24 | CosmicSting (CVE-2024-34102) - XXE vulnerability is targeting Adobe Commerce and Magento | ALERTS | VULNEREBILITY | CVE-2024-34102 is a critical (CVSS: 9.8) XML External Entity Reference (XXE) vulnerability in Adobe commerce and Magento, which are popular E-commerce platforms. This issue arises from improper handling of nested deserialization that could result in arbitrary code execution. |
4.7.24 | CVE-2024-29849 - Veeam Backup Enterprise Manager authentication bypass vulnerability | ALERTS | VULNEREBILITY | CVE-2024-29849 is a recently disclosed critical authentication bypass vulnerability (CVSS score 9.8) affecting Veeam Backup Enterprise Manager. Successful exploitation of the flaw might allow the attackers for authentication bypass leading to arbitrary code execution within the context of the vulnerable application. Next to several mitigation steps provided by the vendor, the vulnerability has already been addressed in a released software update version 12.1.2.172. |
4.7.24 | CVE-2024-36104 - Path Traversal vulnerability in Apache OFBiz | ALERTS | VULNEREBILITY | CVE-2024-36104 is a Path traversal vulnerability in Apache OFBiz, which is a comprehensive suite of business applications. Due to improper restrictions on special characters (such as;, %2e) in HTTP request URLs, threat actors can construct malicious requests to exploit this vulnerability. |
3.7.24 | RegreSSHion (CVE-2024-6387) | ALERTS | VULNEREBILITY | Symantec is aware of the "regreSSHion" vulnerability (CVE-2024-6387), which is a critical remote code execution (RCE) flaw in OpenSSH. According to recent reports, this issue is a regression, meaning it reappeared after being previously patched and relates back to CVE-2006-5051. |
3.7.24 | Protection Highlight: CVE-2024-4577 PHP-CGI Argument Injection Vulnerability | ALERTS | VULNEREBILITY | PHP is a general-purpose server scripting language and a powerful scripting tool for making dynamic and interactive Web pages. CVE-2024-4577 is a high-severity (CVSS: 9.8) argument injection vulnerability affecting PHP when running in CGI mode. The vulnerability is a result of a lapse in the implementation of PHP on Windows, especially associated with the Best-Fit feature of encoding conversion. |
3.7.24 | CVE-2024-31982 - XWiki RCE vulnerability | ALERTS | VULNEREBILITY | CVE-2024-31982 is a recently disclosed remote code execution (RCE) vulnerability affecting XWiki, which is a popular open-source and Java-based wiki platform. The flaw could potentially allow the attackers for remote execution of arbitrary code through the database search function. The compromise could lead to data breach as well as the take over of the vulnerable XWiki instance. The vulnerability has been patched in the released updated product versions 14.10.20, 15.5.4 and 15.10-rc-1. |
| 28.6.24 | CVE-2024-4358 & CVE-2024-1800 - vulnerabilities in Telerik Report Server | ALERTS | VULNEREBILITY | CVE-2024-4358 and CVE-2024-1800 are two recently disclosed vulnerabilities affecting the Telerik Report Server. CVE-2024-4358 is an authentication bypass vulnerability which if exploited might lead to remote code execution within the context of the vulnerable application. CVE-2024-1800 is an insecure deserialization vulnerability and its exploitation might also allow the attackers to execute arbitrary code on the vulnerable instances. Both vulnerabilities have been patched by the vendor in product version 2024 Q2. |
| 26.6.24 | CVE-2024-23692 - Rejetto HTTP File Server Server Side Template Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-23692 is a recently disclosed critical template injection vulnerability affecting Rejetto HTTP File Server (HFS) version 2.3m. Rejetto HFS is a web-based file sharing solution allowing sending and receiving files over HTTP. If successfully exploited, the flaw might allow unauthenticated attackers to execute arbitrary commands on the affected servers by sending a specially crafted HTTP requests. The exploitation can lead to system compromise, data exfiltration and malware infections, among others. |
| 26.6.24 | CVE-2024-29824 - SQL Injection Vulnerability in Ivanti Endpoint Manager | ALERTS | VULNEREBILITY | CVE-2024-29824 is a critical SQL Injection vulnerability in Core server of Ivanti Endpoint Manager, which is an enterprise endpoint management solution that allows for centralized management of devices within an organization. A successful exploitation of this vulnerability could allow an unauthenticated attacker within the same network to execute arbitrary code. The CVSS score of this vulnerability is 9.8. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
| 26.6.24 | Apache HTTP Server CVE-2021-41773 vulnerability under active exploitation | ALERTS | VULNEREBILITY | CVE-2021-41773 is a critical (CVSS score 7.5) path traversal and file disclosure vulnerability affecting Apache HTTP Server. If successfully exploited, this vulnerability enables unauthorized access of sensitive information. In certain configurations of Apache HTTP Server, exploiting this vulnerability can also lead to remote code execution. Symantec's network protection technology, Intrusion Prevention System (IPS) has picked up scans based on threat landscape monitoring, which indicate an uptick in exploitation of this vulnerability. Though the vulnerability is somewhat old, attackers are hoping to cash in on delayed patch deployment by organizations. |
| 17.6.24 | CVE-2024-28995 - SolarWinds Serv-U Directory Traversal vulnerability | ALERTS | VULNEREBILITY | CVE-2024-28995 is a recently disclosed Directory Traversal vulnerability affecting Serv-U managed file transfer (MFT) server solution. If successfully exploited the flaw could allow attackers with read access to sensitive information on the vulnerable host machine. While there have been no reports of in-the-wild exploitation, the vendor has already addressed the reported vulnerability in the product version 15.4.2 Hotfix 2. |
| 14.6.24 | ALERTS | VULNEREBILITY | As part of June's patch Tuesday, Microsoft has patched a critical (CVSS score 9.8) Message Queuing (MSMQ) vulnerability CVE-2024-30080. By sending specially crafted malicious MSMQ packets to the vulnerable servers and thus exploiting the vulnerability, the attackers might achieve remote code execution and take over the unpatched server. The reported flaw affects various Windows operating systems starting from Windows Server 2008 and Windows 10. | |
| 14.6.24 | CVE-2024-4701 - Netflix Genie job orchestration engine vulnerability | ALERTS | VULNEREBILITY | CVE-2024-4701 is a recently disclosed critical (CVSS score 9.9) path traversal vulnerability affecting Netflix' Genie job orchestration engine for big data applications. If successfully exploited the vulnerability might allow remote attackers arbitrary code execution within the vulnerable applications as well as sensitive information exposure. The vulnerability has been already patched in Genie OSS version 4.3.18. |
| 14.6.24 | CVE-2024-2194 - WP Statistics Plugin XSS vulnerability | ALERTS | VULNEREBILITY | CVE-2024-2194 is a recently disclosed stored cross-site scripting vulnerability affecting WP Statistics plugin for WordPress in versions up to 14.5. If successfully exploited the vulnerability might allow unauthenticated attackers to inject arbitrary web scripts in pages. Those arbitrary scripts are then executed whenever a user accesses an injected page. The vulnerability has been reported as being actively exploited in the wild. |
| 12.6.24 | TellYouThePass ransomware exploiting CVE-2024-4577 Argument Injection Vulnerability in PHP | ALERTS | VULNEREBILITY | CVE-2024-4577 - is a high-severity (CVSS: 9.8) argument injection vulnerability in PHP, which is a popular scripting tool. This vulnerability affects PHP when it runs in CGI mode. A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise and deliver malware including ransomware. |
6.6.24 | CVE-2024-32113 - Path Traversal vulnerability in Apache OFBiz | ALERTS | VULNEREBILITY | CVE-2024-32113 is a recently disclosed path traversal vulnerability affecting Apache OFBiz, which is an open source enterprise resource planning (ERP) system. If successfully exploited the vulnerability might lead to remote code execution in the context of the affected service account. The vulnerability has been patched in Apache OFBiz product version 18.12.13 or above. |
6.6.24 | CVE-2024-24919 - Check Point Security Gateway Information Disclosure Vulnerability | ALERTS | VULNEREBILITY | CVE-2024-24919 is an information disclosure vulnerability in Check Point Security Gateway. Check Point Security Gateway is an integrated software solution that connects corporate networks, branch offices, and business partners via a secure channel. Successful exploitation of this vulnerability may allow an attacker to access certain information on internet-connected Gateways, which have been configured with IPSec VPN, remote access VPN, or mobile access software blade. Symantec's network protection technology, Intrusion Prevention System (IPS), blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
6.6.24 | CVE-2024–27348 - Remote Code Execution vulnerability in Apache HugeGraph Server | ALERTS | VULNEREBILITY | Recently, a critical remote code execution (RCE) vulnerability has been discovered in Apache HugeGraph-Server, identified as CVE-2024-27348 (CVSS: 9.8). Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. The vulnerability affects versions 1.0.0 to 1.3.0 in Java8 and Java11. This vulnerability allows an attacker to execute arbitrary commands on the server. If successfully exploited, the impact of this vulnerability can be severe, as it can allow unauthorized access to attackers to gain full control over the server, data manipulation, and potential compromise of the entire system. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
30.5.24 | CVE-2024-32640 - SQL Injection vulnerability in Mura/Masa CMS | ALERTS | VULNEREBILITY | CVE-2024-32640 is a recently disclosed SQL injection vulnerability affecting Mura/Masa CMS, which is an open source enterprise content management system. If successfully exploited the vulnerability might allow unauthorized attackers to access sensitive data. The product vendor has already released a patch to remediate this vulnerability in software versions 7.4.6, 7.3.13 and 7.2.8. |
28.5.24 | CVE-2024-30268: XSS Vulnerability in Cacti | ALERTS | VULNEREBILITY | CVE-2024-30268 is a reflected cross-site scripting vulnerability in Cacti, a network monitoring and fault management framework. If successfully exploited, this vulnerability allows attackers to obtain the cookies of the administrator and fake their login using the cookies. The vulnerability has been fixed in versions 1.3.x DEV. Symantec's network protection technology, Intrusion Prevention System (IPS), blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
28.5.24 | CVE-2024-21793 and CVE-2024-26026 - two recent vulnerabilities affecting F5 BIG-IP Next Central Manager | ALERTS | VULNEREBILITY | CVE-2024-21793 and CVE-2024-26026 are two recently identified high severity vulnerabilities affecting the F5 BIG-IP Next Central Manager. Both flaws are code injection vulnerabilities and have been given the CVSS score of 7.5. If successfully exploited they might allow unauthenticated attackers to run malicious SQL statements through the BIG-IP Central Manager API. |
28.5.24 | CVE-2020-17519: Directory Traversal Vulnerability in Apache Flink | ALERTS | VULNEREBILITY | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a three-year-old directory traversal vulnerability (CVE-2020-17519) in Apache Flink to the Known Exploited Vulnerabilities Catalog. Apache Flink is an open-source batch-processing framework used for distributed processing of streaming data and is widely used in the field of big data. If successfully exploited, this vulnerability allows unauthenticated attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. |
25.5.24 | Path Traversal Vulnerability in Nexus Repository CVE-2024-4956 | ALERTS | VULNEREBILITY | CVE-2024-4956 is a path traversal vulnerability in Sonatype Nexus Repository 3. Nexus Repository is a widely used artifact repository manager. If successfully exploited, this vulnerability will allows unauthenticated remote attackers to access and download sensitive system files, application source code and configurations. The CVSS score of this vulnerability was 7.5. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
23.5.24 | CVE-2024-29895 - Command Injection Vulnerability in Cacti | ALERTS | VULNEREBILITY | CVE-2024-29895 is a critical (CVSS score 10) command injection vulnerability affecting Cacti, which is a network monitoring and fault management framework. If successfully exploited the vulnerability may allow unauthenticated remote attackers to execute arbitrary commands on the affected servers through URL manipulation. While the vulnerability has not yet been reported as being exploited in the wild, a Proof of Concept for it is publicly available. The product vendor has already released a patch to remediate this vulnerability. |
23.5.24 | CVE-2023-43208 - NextGen Healthcare Mirth Connect RCE vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2023-43208 is a Remote Code Execution (RCE) vulnerability disclosed in October last year. The vulnerability affects NextGen Healthcare Mirth Connect prior to version 4.4.1, which is an open-source data integration suite used by healthcare companies. If exploited the vulnerability may allow unauthenticated remote attackers to execute code on affected systems, leading to the compromise of critical healthcare data. The vulnerability has been reported as being exploited in the wild and has been added to the "Known Exploited Vulnerabilities Catalog" (KEV) by CISA. |
12.5.24 | CVE-2024-24506 - LimeSurvey Community Edition XSS vulnerability | ALERTS | VULNEREBILITY | CVE-2024-24506 is a recently disclosed Cross Site Scripting (XSS) vulnerability affecting LimeSurvey Community Edition version 5.3.32. The bug is caused by improper validation of user-supplied input of the Administrator email address field. If successfully exploited, the vulnerability might allow the remote attackers to insert and execute arbitrary code via the Administrator email address parameter. |
12.5.24 | CVE-2024-1313 - BOLA vulnerability in Grafana | ALERTS | VULNEREBILITY | CVE-2024-1313 is a recently disclosed Broken Object-Level Authorization (BOLA) vulnerability affecting Grafana, which is a open-source data visualization web application. Successfull exploitation of this vulnerability might potentially lead to unauthorized access and data leak from the vulnerable dashboards. The unprivileged attackers might be allowed to bypass authorization and also delete Grafana dashboard snapshots. Grafana vendor has already released a patch to address this vulnerability. |
| 9.5.24 | CVE-2024-27956 - WP-Automatic Plugin SQL Injection vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2024-27956 is a recently disclosed critical (CVSS score 9.8) SQL injection (SQLi) vulnerability in WP-Automatic plugin prior to version 3.92.1. Successfully exploitation of this vulnerability might allow the attackers to run arbitrary SQL queries, create new admin accounts or upload malicious files onto the compromise servers. This vulnerability has been reported as being actively exploited in the wild. |
| 9.5.24 | CVE-2024-2389 - Command Injection vulnerability affecting Progress Flowmon | ALERTS | VULNEREBILITY | CVE-2024-2389, a recently disclosed critical vulnerability with a CVSS score of 10, affects Progress Flowmon, a widely used network performance monitoring tool. If successfully exploited, the bug allows unauthenticated attackers to access the Flowmon web interface via crafted API requests. This compromise can lead further to arbitrary code execution on vulnerable systems. The proof-of-concept for this vulnerability has been released publicly and the vendor has already issued a patched version of the application. |
| 7.5.24 | CVE-2024-4040 - CrushFTP vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2024-1852 is a recently disclosed injection vulnerability affecting CrushFTP versions before 10.7.1 and 11.1.0. Successful exploitation of this vulnerability could allow unauthenticated remote attackers to perform VFS Sandbox escape, bypass authentication, gain administrative privileges and potentially execute arbitrary remote code on the vulnerable servers. The vulnerability has been reported as being exploited in the wild and the vendor has already released patched version of the application. |
| 27.4.24 | Multiple vulnerabilities in OpenMetadata | ALERTS | VULNEREBILITY | OpenMetadata is an open source metadata platform that can be used for data discovery, cataloging and collaboration. According to a recent report, threat actors have been exploiting critical vulnerabilities including authentication bypass and SpEL Expression Injections in OpenMetadata in efforts leading to deployment of cryptomining software. The recently disclosed OpenMetadata vulnerabilities include CVE-2024-28253, CVE-2024-28254, CVE-2024-28255, CVE-2024-28847, and CVE-2024-28848 and affect product versions prior to 1.3.1. If successfully exploited, the discussed vulnerabilities might allow unauthenticated remote attackers to achieve remote code execution (RCE) on affected instances. |
| 18.4.24 | TP-Link Archer AX21 CVE-2023-1389 still being exploited by botnets | ALERTS | VULNEREBILITY | Last year an unauthenticated command injection vulnerability, CVE-2023-1389, was disclosed for the web management interface of the TP-Link Archer AX21 (AX1800) router. Despite this vulnerability being reported and remediated, numerous campaigns still exploit it. Recent attacks have been observed utilizing various botnets including Moobot, Miroi, AGoent, and Gafgyt. As botnets are known to target IoT vulnerabilities users should install the latest updates and follow manufacturer remediation steps. |
| 17.4.24 | CVE-2024-1852 - WordPress WP-Members Membership Plugin vulnerability | ALERTS | VULNEREBILITY | CVE-2024-1852 is a high severity cross-site scripting (XSS) vulnerability affecting WordPress WP-Members Membership Plugin. Successful exploitation of this vulnerability could allow unauthenticated attackers to inject arbitrary web scripts into vulnerable pages. If executed in the context of an administrator, the exploitation of this flaw could additionally lead to redirection of the site visitors to malicious URLs or further compromise. The vulnerability has been addressed in version 3.4.9.3 of the plugin. |
| 8.4.24 | CVE-2023-7102, New Zero-Day vulnerability in Barracuda's ESG Appliance exploited | ALERTS | VULNEREBILITY | A Chinese threat actor, UNC4841, has been reported exploiting a new zero-day vulnerability identified as CVE-2023-7102 in Barracuda Email Security Gateway (ESG) appliances. The threat actor utilized an Arbitrary Code Execution (ACE) vulnerability within a third-party Perl module called 'Spreadsheet ParseExcel' to deploy a specially crafted Excel email attachment targeting a limited number of ESG devices. Barracuda has observed new variants of SEASPY and SALTWATER malware being deployed on these ESG devices. |
| 8.4.24 | CVE-2023-41266 A path traversal vulnerability in Qlik Sense Enterprise under active exploitation | ALERTS | VULNEREBILITY | CVE-2023-41266 is a path traversal vulnerability affecting Qlik Sense Enterprise. If successfully exploited, this vulnerability allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. Symantec's network protection technology, Intrusion Prevention System (IPS) has picked up scans based on threat landscape monitoring, which indicate a recent uptick in exploitation of this vulnerability. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
| 8.4.24 | Old MS Office vulnerability CVE-2017-11882 still leveraged for Agent Tesla delivery | ALERTS | VULNEREBILITY | CVE-2017-11882 is an older vulnerability affecting the Equation Editor component in Microsoft Office. Successful exploitation of this flaw might allow attackers for remote code execution on the infected machines. Agent Tesla is a malware family observed to be still leveraging this old vulnerability in some of the recent campaigns. |
| 8.4.24 | Movable Type API CVE-2021-20837 vulnerability under active exploitation | ALERTS | VULNEREBILITY | CVE-2021-20837 is a critical (CVSS score 9.8) command injection vulnerability affecting Movable Type API. If successfully exploited, this vulnerability enables remote code execution. |
| 8.4.24 | Splunk Remote Code Execution (RCE) vulnerability CVE-2023-46214 | ALERTS | VULNEREBILITY | CVE-2023-46214 is a recently disclosed remote code execution (RCE) vulnerability affecting Splunk Enterprise platform. Due to a flaw in processing of user-supplied extensible stylesheet language transformations (XSLT), remote attackers might be able to upload malicious XSLT resulting in remote code execution on the affected Splunk instance. |
| 8.4.24 | Zimbra Collaboration XSS vulnerability CVE-2023-37580 | ALERTS | VULNEREBILITY | CVE-2023-37580 is a recently disclosed 0-day (CVSS score: 6.1) Cross-Site Scripting vulnerability affecting Zimbra Collaboration suite. Successful exploitation of the vulnerability may allow an attacker to compromise the confidentiality and integrity of the target system by means of malicious scripts injection. |
| 8.4.24 | CVE-2023-49070 Apache OFBiz RCE vulnerability | ALERTS | VULNEREBILITY | CVE-2023-49070 is a critical (CVSS score 9.8) pre-auth remote code execution vulnerability in Apache OFBiz. Successful exploitation of the vulnerability grants the attacker complete control over the server, allowing them to steal sensitive data, disrupt operations, or even launch further attacks against the organization’s network. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
| 30.3.24 | CVE-2024-20767 - Adobe ColdFusion vulnerability | ALERTS | VULNEREBILITY | CVE-2024-20767 is a directory traversal vulnerability in Adobe ColdFusion, which is a development platform for building and deploying web and mobile applications. If successfully exploited, this vulnerability allows unauthenticated remote attackers to read arbitrary files on the system. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |