ALERTS VULNEREBILITY
HOME APT BOTNET CAMPAIGN CRIME CRYPTOCURRENCY EXPLOIT HACKING GROUP OPERATION PHISHING RANSOM SPAM VIRUS VULNEREBILITY
DATE | NAME | CATEGORY | SUBCATE | INFO |
6.9.24 | CVE-2024-5932 - GiveWP WordPress Plugin vulnerability | VULNEREBILITY | CVE-2024-5932 is a recently disclosed vulnerability affecting GiveWP plugin, which is a Donation and Fundraising Platform plugin for WordPress. The flaw allows for malicious injection within the vulnerable version of the plugin, up to 3.14.1. Successfully exploitation of this flaw might allow unauthenticated attackers to inject an arbitrary PHP Object which can further lead up to arbitrary code execution within the context of the vulnerable application. A patched version 3.14.2 of the plugin has been already released. | |
5.9.24 | CVE-2024-24809 & CVE-2024-31214 vulnerabilities affecting Traccar 5 | VULNEREBILITY | CVE-2024-24809 and CVE-2024-31214 are recently disclosed vulnerabilities affecting Traccar 5 which is an open-source GPS tracking system. The vulnerabilities are rated as CVSS score: 8.5 and CVSS score: 9.7 respectively. Successful exploitation in the affected product versions 5.1 through 5.12 could provide unauthenticated attackers with path traversal and unrestricted upload of arbitrary files. This exploitation could potentially lead to further compromise such as remote code execution on the affected instances. Product vendor has already released patch addressing the vulnerabilities in product version 6.0. | |
5.9.24 | CVE-2024-22319 - JNDI Injection Vulnerability in IBM Operational Decision Manager | VULNEREBILITY | CVE-2024-22319 is a critical (CVSS: 9.8) JNDI injection vulnerability in IBM Operational Decision Manager. IBM ODM is a comprehensive decision automation solution that helps organizations automate and optimize their decision-making processes. Attackers can exploit this flaw by injecting malicious code into an unchecked argument passed to a specific API through JNDI (Java Naming and Directory Interface). | |
5.9.24 | CVE-2024-7593 - Ivanti Virtual Traffic Manager (vTM) Authentication Bypass vulnerability | VULNEREBILITY | CVE-2024-7593 is a critical (CVSS score 9.8) XML authentication bypass vulnerability affecting Ivanti Virtual Traffic Manager (vTM). Successful exploitation of this flaw could allow the attackers to bypass authentication and create new administrative users. Such compromise could potentially lead later to arbitrary code execution within the context of the vulnerable application. Product vendor has already released patch addressing this vulnerability in the updated software versions. | |
31.8.24 | CVE-2024-38653 - XXE vulnerability in Ivanti Avalanche | VULNEREBILITY | CVE-2024-38653 is a high severity (CVSS score 7.5) XML External Entity (XXE) vulnerability affecting SmartDeviceServer in Ivanti Avalanche, which is an enterprise endpoint management solution allowing for centralized device management within an organization. A successful exploitation of this vulnerability could allow a remote unauthenticated attacker to read files on the vulnerable server. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. | |
29.8.24 | Critical vulnerability CVE-2023-22527 exploited for cryptomining activities | VULNEREBILITY | According to reports, the critical vulnerability CVE-2023-22527 is actively being exploited in the wild. This vulnerability is a severe OGNL injection flaw in Atlassian Confluence Data Center and Server. Threat actors are exploiting it for cryptojacking, transforming compromised systems into cryptomining networks. The attack vector includes deploying shell scripts and XMRig miners while maintaining persistence through cron jobs. | |
24.8.24 | CVE-2024-4885 - Progress Software WhatsUp Gold RCE vulnerability | VULNEREBILITY | CVE-2024-4885 is a recently disclosed critical (CVSS score 9.8) unauthenticated remote code vulnerability affecting Progress Software WhatsUp Gold, which is a network monitoring software. The exploitation of the bug might allow unauthenticated attackers to execute arbitrary commands with iisapppool/nmconsole privileges. | |
16.8.24 | CVE-2024-38856 - Apache OFBiz Pre-Authentication RCE vulnerability | VULNEREBILITY | CVE-2024-38856 is a recently disclosed critical (CVSS score 9.8) pre-authentication remote code execution vulnerability affecting Apache OFBiz versions up to 18.12.14. The vulnerability originates from a flaw in the override view functionality. Once exploited it allows unauthenticated attackers with remote code execution via crafted requests. The application vendor has released a patch addressing this vulnerability in product version 18.12.15 or newer. | |
16.8.24 | CVE-2024-40628/CVE-2024-40629 - JumpServer File Read and Upload vulnerabilities | VULNEREBILITY | CVE-2024-40628 and CVE-2024-40629 are recently disclosed file reading and uploading vulnerabilities affecting the JumpServer Ansible module. Successful exploitation of the flaw might allow low-privilege accounts with access to read/write files in the Celery container, posing both risk of sensitive information disclosure as well as potential arbitrary code execution within the context of the affected application. | |
29.7.24 | CVE-2024-40348 - Bazaar Directory Traversal vulnerability | ALERTS | VULNEREBILITY | CVE-2024-40348 is a recently disclosed directory traversal vulnerability affecting Bazaar (version 1.4.3) which is an open source version control software. Successful exploitation of the flaw might allow unauthenticated attackers to perform directory traversal on the vulnerable system, leading to unauthorized access to system directories and sensitive files. |
25.7.24 | CVE-2024-4879 - ServiceNow Jelly Template Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-4879 is a recently disclosed critical template injection vulnerability (CVSS score 9.3) affecting ServiceNow, which is a popular platform for digital business transformation. Successful exploitation of the flaw might allow the unauthenticated remote attackers to gain access and execute arbitrary code within the context of the Now Platform. The vulnerability has been already addressed in the patched software versions released by the application vendor. |
25.7.24 | Threat Actors continue to exploit CVE-2024-21412 | ALERTS | VULNEREBILITY | Threat actors continue to exploit CVE-2024-21412, a security bypass vulnerability in Microsoft Windows SmartScreen that was reported and patched in February 2024. |
18.7.24 | CVE-2024-36401: Vulnerability in OSGeo GeoServer GeoTools | ALERTS | VULNEREBILITY | CVE-2024-36401 (CVSS score: 9.8) is a vulnerability in OSGeo GeoServer GeoTools, with evidence of active exploitation. GeoServer is an open-source software server written in Java that allows users to share and edit geospatial data. |
16.7.24 | CVE-2024-36991 - Path Traversal vulnerability in Splunk Enterprise | ALERTS | VULNEREBILITY | CVE-2024-36991 (CVSS: 7.5 High) is a path traversal vulnerability in Splunk Enterprise, a big data platform that simplifies the task of collecting and managing massive volumes of machine-generated data, helping organizations derive insights from this data. |
11.7.24 | Ghostscript (CVE-2024-29510) | ALERTS | VULNEREBILITY | Symantec is aware of a remote code execution vulnerability (CVE-2024-29510) in the "Ghostscript" document conversion toolkit used on Linux systems. |
5.7.24 | CVE-2024-37051 - JetBrains IntelliJ IDEs vulnerability | ALERTS | VULNEREBILITY | CVE-2024-37051 is a recently disclosed critical vulnerability impacting Jetbrains IntelliJ integrated development environment (IDE) apps. |
4.7.24 | CosmicSting (CVE-2024-34102) - XXE vulnerability is targeting Adobe Commerce and Magento | ALERTS | VULNEREBILITY | CVE-2024-34102 is a critical (CVSS: 9.8) XML External Entity Reference (XXE) vulnerability in Adobe commerce and Magento, which are popular E-commerce platforms. This issue arises from improper handling of nested deserialization that could result in arbitrary code execution. |
4.7.24 | CVE-2024-29849 - Veeam Backup Enterprise Manager authentication bypass vulnerability | ALERTS | VULNEREBILITY | CVE-2024-29849 is a recently disclosed critical authentication bypass vulnerability (CVSS score 9.8) affecting Veeam Backup Enterprise Manager. Successful exploitation of the flaw might allow the attackers for authentication bypass leading to arbitrary code execution within the context of the vulnerable application. Next to several mitigation steps provided by the vendor, the vulnerability has already been addressed in a released software update version 12.1.2.172. |
4.7.24 | CVE-2024-36104 - Path Traversal vulnerability in Apache OFBiz | ALERTS | VULNEREBILITY | CVE-2024-36104 is a Path traversal vulnerability in Apache OFBiz, which is a comprehensive suite of business applications. Due to improper restrictions on special characters (such as;, %2e) in HTTP request URLs, threat actors can construct malicious requests to exploit this vulnerability. |
3.7.24 | RegreSSHion (CVE-2024-6387) | ALERTS | VULNEREBILITY | Symantec is aware of the "regreSSHion" vulnerability (CVE-2024-6387), which is a critical remote code execution (RCE) flaw in OpenSSH. According to recent reports, this issue is a regression, meaning it reappeared after being previously patched and relates back to CVE-2006-5051. |
3.7.24 | Protection Highlight: CVE-2024-4577 PHP-CGI Argument Injection Vulnerability | ALERTS | VULNEREBILITY | PHP is a general-purpose server scripting language and a powerful scripting tool for making dynamic and interactive Web pages. CVE-2024-4577 is a high-severity (CVSS: 9.8) argument injection vulnerability affecting PHP when running in CGI mode. The vulnerability is a result of a lapse in the implementation of PHP on Windows, especially associated with the Best-Fit feature of encoding conversion. |
3.7.24 | CVE-2024-31982 - XWiki RCE vulnerability | ALERTS | VULNEREBILITY | CVE-2024-31982 is a recently disclosed remote code execution (RCE) vulnerability affecting XWiki, which is a popular open-source and Java-based wiki platform. The flaw could potentially allow the attackers for remote execution of arbitrary code through the database search function. The compromise could lead to data breach as well as the take over of the vulnerable XWiki instance. The vulnerability has been patched in the released updated product versions 14.10.20, 15.5.4 and 15.10-rc-1. |
| 28.6.24 | CVE-2024-4358 & CVE-2024-1800 - vulnerabilities in Telerik Report Server | ALERTS | VULNEREBILITY | CVE-2024-4358 and CVE-2024-1800 are two recently disclosed vulnerabilities affecting the Telerik Report Server. CVE-2024-4358 is an authentication bypass vulnerability which if exploited might lead to remote code execution within the context of the vulnerable application. CVE-2024-1800 is an insecure deserialization vulnerability and its exploitation might also allow the attackers to execute arbitrary code on the vulnerable instances. Both vulnerabilities have been patched by the vendor in product version 2024 Q2. |
| 26.6.24 | CVE-2024-23692 - Rejetto HTTP File Server Server Side Template Injection vulnerability | ALERTS | VULNEREBILITY | CVE-2024-23692 is a recently disclosed critical template injection vulnerability affecting Rejetto HTTP File Server (HFS) version 2.3m. Rejetto HFS is a web-based file sharing solution allowing sending and receiving files over HTTP. If successfully exploited, the flaw might allow unauthenticated attackers to execute arbitrary commands on the affected servers by sending a specially crafted HTTP requests. The exploitation can lead to system compromise, data exfiltration and malware infections, among others. |
| 26.6.24 | CVE-2024-29824 - SQL Injection Vulnerability in Ivanti Endpoint Manager | ALERTS | VULNEREBILITY | CVE-2024-29824 is a critical SQL Injection vulnerability in Core server of Ivanti Endpoint Manager, which is an enterprise endpoint management solution that allows for centralized management of devices within an organization. A successful exploitation of this vulnerability could allow an unauthenticated attacker within the same network to execute arbitrary code. The CVSS score of this vulnerability is 9.8. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
| 26.6.24 | Apache HTTP Server CVE-2021-41773 vulnerability under active exploitation | ALERTS | VULNEREBILITY | CVE-2021-41773 is a critical (CVSS score 7.5) path traversal and file disclosure vulnerability affecting Apache HTTP Server. If successfully exploited, this vulnerability enables unauthorized access of sensitive information. In certain configurations of Apache HTTP Server, exploiting this vulnerability can also lead to remote code execution. Symantec's network protection technology, Intrusion Prevention System (IPS) has picked up scans based on threat landscape monitoring, which indicate an uptick in exploitation of this vulnerability. Though the vulnerability is somewhat old, attackers are hoping to cash in on delayed patch deployment by organizations. |
| 17.6.24 | CVE-2024-28995 - SolarWinds Serv-U Directory Traversal vulnerability | ALERTS | VULNEREBILITY | CVE-2024-28995 is a recently disclosed Directory Traversal vulnerability affecting Serv-U managed file transfer (MFT) server solution. If successfully exploited the flaw could allow attackers with read access to sensitive information on the vulnerable host machine. While there have been no reports of in-the-wild exploitation, the vendor has already addressed the reported vulnerability in the product version 15.4.2 Hotfix 2. |
| 14.6.24 | ALERTS | VULNEREBILITY | As part of June's patch Tuesday, Microsoft has patched a critical (CVSS score 9.8) Message Queuing (MSMQ) vulnerability CVE-2024-30080. By sending specially crafted malicious MSMQ packets to the vulnerable servers and thus exploiting the vulnerability, the attackers might achieve remote code execution and take over the unpatched server. The reported flaw affects various Windows operating systems starting from Windows Server 2008 and Windows 10. | |
| 14.6.24 | CVE-2024-4701 - Netflix Genie job orchestration engine vulnerability | ALERTS | VULNEREBILITY | CVE-2024-4701 is a recently disclosed critical (CVSS score 9.9) path traversal vulnerability affecting Netflix' Genie job orchestration engine for big data applications. If successfully exploited the vulnerability might allow remote attackers arbitrary code execution within the vulnerable applications as well as sensitive information exposure. The vulnerability has been already patched in Genie OSS version 4.3.18. |
| 14.6.24 | CVE-2024-2194 - WP Statistics Plugin XSS vulnerability | ALERTS | VULNEREBILITY | CVE-2024-2194 is a recently disclosed stored cross-site scripting vulnerability affecting WP Statistics plugin for WordPress in versions up to 14.5. If successfully exploited the vulnerability might allow unauthenticated attackers to inject arbitrary web scripts in pages. Those arbitrary scripts are then executed whenever a user accesses an injected page. The vulnerability has been reported as being actively exploited in the wild. |
| 12.6.24 | TellYouThePass ransomware exploiting CVE-2024-4577 Argument Injection Vulnerability in PHP | ALERTS | VULNEREBILITY | CVE-2024-4577 - is a high-severity (CVSS: 9.8) argument injection vulnerability in PHP, which is a popular scripting tool. This vulnerability affects PHP when it runs in CGI mode. A successful exploitation of this vulnerability could allow an unauthenticated attacker to execute arbitrary code on the vulnerable PHP server, leading to complete system compromise and deliver malware including ransomware. |
6.6.24 | CVE-2024-32113 - Path Traversal vulnerability in Apache OFBiz | ALERTS | VULNEREBILITY | CVE-2024-32113 is a recently disclosed path traversal vulnerability affecting Apache OFBiz, which is an open source enterprise resource planning (ERP) system. If successfully exploited the vulnerability might lead to remote code execution in the context of the affected service account. The vulnerability has been patched in Apache OFBiz product version 18.12.13 or above. |
6.6.24 | CVE-2024-24919 - Check Point Security Gateway Information Disclosure Vulnerability | ALERTS | VULNEREBILITY | CVE-2024-24919 is an information disclosure vulnerability in Check Point Security Gateway. Check Point Security Gateway is an integrated software solution that connects corporate networks, branch offices, and business partners via a secure channel. Successful exploitation of this vulnerability may allow an attacker to access certain information on internet-connected Gateways, which have been configured with IPSec VPN, remote access VPN, or mobile access software blade. Symantec's network protection technology, Intrusion Prevention System (IPS), blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
6.6.24 | CVE-2024–27348 - Remote Code Execution vulnerability in Apache HugeGraph Server | ALERTS | VULNEREBILITY | Recently, a critical remote code execution (RCE) vulnerability has been discovered in Apache HugeGraph-Server, identified as CVE-2024-27348 (CVSS: 9.8). Apache HugeGraph-Server is an open-source graph database that provides a scalable and high-performance solution for managing and analyzing large-scale graph data. It is commonly used in Java8 and Java11 environments. The vulnerability affects versions 1.0.0 to 1.3.0 in Java8 and Java11. This vulnerability allows an attacker to execute arbitrary commands on the server. If successfully exploited, the impact of this vulnerability can be severe, as it can allow unauthorized access to attackers to gain full control over the server, data manipulation, and potential compromise of the entire system. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
30.5.24 | CVE-2024-32640 - SQL Injection vulnerability in Mura/Masa CMS | ALERTS | VULNEREBILITY | CVE-2024-32640 is a recently disclosed SQL injection vulnerability affecting Mura/Masa CMS, which is an open source enterprise content management system. If successfully exploited the vulnerability might allow unauthorized attackers to access sensitive data. The product vendor has already released a patch to remediate this vulnerability in software versions 7.4.6, 7.3.13 and 7.2.8. |
28.5.24 | CVE-2024-30268: XSS Vulnerability in Cacti | ALERTS | VULNEREBILITY | CVE-2024-30268 is a reflected cross-site scripting vulnerability in Cacti, a network monitoring and fault management framework. If successfully exploited, this vulnerability allows attackers to obtain the cookies of the administrator and fake their login using the cookies. The vulnerability has been fixed in versions 1.3.x DEV. Symantec's network protection technology, Intrusion Prevention System (IPS), blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
28.5.24 | CVE-2024-21793 and CVE-2024-26026 - two recent vulnerabilities affecting F5 BIG-IP Next Central Manager | ALERTS | VULNEREBILITY | CVE-2024-21793 and CVE-2024-26026 are two recently identified high severity vulnerabilities affecting the F5 BIG-IP Next Central Manager. Both flaws are code injection vulnerabilities and have been given the CVSS score of 7.5. If successfully exploited they might allow unauthenticated attackers to run malicious SQL statements through the BIG-IP Central Manager API. |
28.5.24 | CVE-2020-17519: Directory Traversal Vulnerability in Apache Flink | ALERTS | VULNEREBILITY | The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recently added a three-year-old directory traversal vulnerability (CVE-2020-17519) in Apache Flink to the Known Exploited Vulnerabilities Catalog. Apache Flink is an open-source batch-processing framework used for distributed processing of streaming data and is widely used in the field of big data. If successfully exploited, this vulnerability allows unauthenticated attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. |
25.5.24 | Path Traversal Vulnerability in Nexus Repository CVE-2024-4956 | ALERTS | VULNEREBILITY | CVE-2024-4956 is a path traversal vulnerability in Sonatype Nexus Repository 3. Nexus Repository is a widely used artifact repository manager. If successfully exploited, this vulnerability will allows unauthenticated remote attackers to access and download sensitive system files, application source code and configurations. The CVSS score of this vulnerability was 7.5. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
23.5.24 | CVE-2024-29895 - Command Injection Vulnerability in Cacti | ALERTS | VULNEREBILITY | CVE-2024-29895 is a critical (CVSS score 10) command injection vulnerability affecting Cacti, which is a network monitoring and fault management framework. If successfully exploited the vulnerability may allow unauthenticated remote attackers to execute arbitrary commands on the affected servers through URL manipulation. While the vulnerability has not yet been reported as being exploited in the wild, a Proof of Concept for it is publicly available. The product vendor has already released a patch to remediate this vulnerability. |
23.5.24 | CVE-2023-43208 - NextGen Healthcare Mirth Connect RCE vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2023-43208 is a Remote Code Execution (RCE) vulnerability disclosed in October last year. The vulnerability affects NextGen Healthcare Mirth Connect prior to version 4.4.1, which is an open-source data integration suite used by healthcare companies. If exploited the vulnerability may allow unauthenticated remote attackers to execute code on affected systems, leading to the compromise of critical healthcare data. The vulnerability has been reported as being exploited in the wild and has been added to the "Known Exploited Vulnerabilities Catalog" (KEV) by CISA. |
12.5.24 | CVE-2024-24506 - LimeSurvey Community Edition XSS vulnerability | ALERTS | VULNEREBILITY | CVE-2024-24506 is a recently disclosed Cross Site Scripting (XSS) vulnerability affecting LimeSurvey Community Edition version 5.3.32. The bug is caused by improper validation of user-supplied input of the Administrator email address field. If successfully exploited, the vulnerability might allow the remote attackers to insert and execute arbitrary code via the Administrator email address parameter. |
12.5.24 | CVE-2024-1313 - BOLA vulnerability in Grafana | ALERTS | VULNEREBILITY | CVE-2024-1313 is a recently disclosed Broken Object-Level Authorization (BOLA) vulnerability affecting Grafana, which is a open-source data visualization web application. Successfull exploitation of this vulnerability might potentially lead to unauthorized access and data leak from the vulnerable dashboards. The unprivileged attackers might be allowed to bypass authorization and also delete Grafana dashboard snapshots. Grafana vendor has already released a patch to address this vulnerability. |
| 9.5.24 | CVE-2024-27956 - WP-Automatic Plugin SQL Injection vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2024-27956 is a recently disclosed critical (CVSS score 9.8) SQL injection (SQLi) vulnerability in WP-Automatic plugin prior to version 3.92.1. Successfully exploitation of this vulnerability might allow the attackers to run arbitrary SQL queries, create new admin accounts or upload malicious files onto the compromise servers. This vulnerability has been reported as being actively exploited in the wild. |
| 9.5.24 | CVE-2024-2389 - Command Injection vulnerability affecting Progress Flowmon | ALERTS | VULNEREBILITY | CVE-2024-2389, a recently disclosed critical vulnerability with a CVSS score of 10, affects Progress Flowmon, a widely used network performance monitoring tool. If successfully exploited, the bug allows unauthenticated attackers to access the Flowmon web interface via crafted API requests. This compromise can lead further to arbitrary code execution on vulnerable systems. The proof-of-concept for this vulnerability has been released publicly and the vendor has already issued a patched version of the application. |
| 7.5.24 | CVE-2024-4040 - CrushFTP vulnerability exploited in the wild | ALERTS | VULNEREBILITY | CVE-2024-1852 is a recently disclosed injection vulnerability affecting CrushFTP versions before 10.7.1 and 11.1.0. Successful exploitation of this vulnerability could allow unauthenticated remote attackers to perform VFS Sandbox escape, bypass authentication, gain administrative privileges and potentially execute arbitrary remote code on the vulnerable servers. The vulnerability has been reported as being exploited in the wild and the vendor has already released patched version of the application. |
| 27.4.24 | Multiple vulnerabilities in OpenMetadata | ALERTS | VULNEREBILITY | OpenMetadata is an open source metadata platform that can be used for data discovery, cataloging and collaboration. According to a recent report, threat actors have been exploiting critical vulnerabilities including authentication bypass and SpEL Expression Injections in OpenMetadata in efforts leading to deployment of cryptomining software. The recently disclosed OpenMetadata vulnerabilities include CVE-2024-28253, CVE-2024-28254, CVE-2024-28255, CVE-2024-28847, and CVE-2024-28848 and affect product versions prior to 1.3.1. If successfully exploited, the discussed vulnerabilities might allow unauthenticated remote attackers to achieve remote code execution (RCE) on affected instances. |
| 18.4.24 | TP-Link Archer AX21 CVE-2023-1389 still being exploited by botnets | ALERTS | VULNEREBILITY | Last year an unauthenticated command injection vulnerability, CVE-2023-1389, was disclosed for the web management interface of the TP-Link Archer AX21 (AX1800) router. Despite this vulnerability being reported and remediated, numerous campaigns still exploit it. Recent attacks have been observed utilizing various botnets including Moobot, Miroi, AGoent, and Gafgyt. As botnets are known to target IoT vulnerabilities users should install the latest updates and follow manufacturer remediation steps. |
| 17.4.24 | CVE-2024-1852 - WordPress WP-Members Membership Plugin vulnerability | ALERTS | VULNEREBILITY | CVE-2024-1852 is a high severity cross-site scripting (XSS) vulnerability affecting WordPress WP-Members Membership Plugin. Successful exploitation of this vulnerability could allow unauthenticated attackers to inject arbitrary web scripts into vulnerable pages. If executed in the context of an administrator, the exploitation of this flaw could additionally lead to redirection of the site visitors to malicious URLs or further compromise. The vulnerability has been addressed in version 3.4.9.3 of the plugin. |
| 8.4.24 | CVE-2023-7102, New Zero-Day vulnerability in Barracuda's ESG Appliance exploited | ALERTS | VULNEREBILITY | A Chinese threat actor, UNC4841, has been reported exploiting a new zero-day vulnerability identified as CVE-2023-7102 in Barracuda Email Security Gateway (ESG) appliances. The threat actor utilized an Arbitrary Code Execution (ACE) vulnerability within a third-party Perl module called 'Spreadsheet ParseExcel' to deploy a specially crafted Excel email attachment targeting a limited number of ESG devices. Barracuda has observed new variants of SEASPY and SALTWATER malware being deployed on these ESG devices. |
| 8.4.24 | CVE-2023-41266 A path traversal vulnerability in Qlik Sense Enterprise under active exploitation | ALERTS | VULNEREBILITY | CVE-2023-41266 is a path traversal vulnerability affecting Qlik Sense Enterprise. If successfully exploited, this vulnerability allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. Symantec's network protection technology, Intrusion Prevention System (IPS) has picked up scans based on threat landscape monitoring, which indicate a recent uptick in exploitation of this vulnerability. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
| 8.4.24 | Old MS Office vulnerability CVE-2017-11882 still leveraged for Agent Tesla delivery | ALERTS | VULNEREBILITY | CVE-2017-11882 is an older vulnerability affecting the Equation Editor component in Microsoft Office. Successful exploitation of this flaw might allow attackers for remote code execution on the infected machines. Agent Tesla is a malware family observed to be still leveraging this old vulnerability in some of the recent campaigns. |
| 8.4.24 | Movable Type API CVE-2021-20837 vulnerability under active exploitation | ALERTS | VULNEREBILITY | CVE-2021-20837 is a critical (CVSS score 9.8) command injection vulnerability affecting Movable Type API. If successfully exploited, this vulnerability enables remote code execution. |
| 8.4.24 | Splunk Remote Code Execution (RCE) vulnerability CVE-2023-46214 | ALERTS | VULNEREBILITY | CVE-2023-46214 is a recently disclosed remote code execution (RCE) vulnerability affecting Splunk Enterprise platform. Due to a flaw in processing of user-supplied extensible stylesheet language transformations (XSLT), remote attackers might be able to upload malicious XSLT resulting in remote code execution on the affected Splunk instance. |
| 8.4.24 | Zimbra Collaboration XSS vulnerability CVE-2023-37580 | ALERTS | VULNEREBILITY | CVE-2023-37580 is a recently disclosed 0-day (CVSS score: 6.1) Cross-Site Scripting vulnerability affecting Zimbra Collaboration suite. Successful exploitation of the vulnerability may allow an attacker to compromise the confidentiality and integrity of the target system by means of malicious scripts injection. |
| 8.4.24 | CVE-2023-49070 Apache OFBiz RCE vulnerability | ALERTS | VULNEREBILITY | CVE-2023-49070 is a critical (CVSS score 9.8) pre-auth remote code execution vulnerability in Apache OFBiz. Successful exploitation of the vulnerability grants the attacker complete control over the server, allowing them to steal sensitive data, disrupt operations, or even launch further attacks against the organization’s network. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |
| 30.3.24 | CVE-2024-20767 - Adobe ColdFusion vulnerability | ALERTS | Vulnerebility | CVE-2024-20767 is a directory traversal vulnerability in Adobe ColdFusion, which is a development platform for building and deploying web and mobile applications. If successfully exploited, this vulnerability allows unauthenticated remote attackers to read arbitrary files on the system. Symantec's network protection technology, Intrusion Prevention System (IPS) blocks these vulnerability exploitation attempts to prevent further infection/damage to the system. |