CVE-2024-4196 : AVAYA IP OFFICE UP TO 11.1.3.0 WEB CONTROL INPUT VALIDATION
Description An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution
CVE-2024-22385 : HITACHI STORAGE PROVIDER FOR VMWARE VCENTER UP TO 3.7.3 DEFAULT PERMISSION
Description Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific
CVE-2024-38319 : IBM SECURITY SOAR 51.0.2.0 CODE INJECTION
Description IBM Security SOAR 51.0.2.0 could allow an authenticated user to execute malicious code loaded from a specially crafted script.
CVE-2024-5443 : PARISNEO LOLLMS UP TO 9.7 EXTENSIONBUILDER.BUILD_EXTENSIONN PATH TRAVERSAL
Description CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension`
CVE-2024-34693 : APACHE SUPERSET UP TO 3.1.2/4.0.0 MARIADB CONNECTION INFORMATION DISCLOSURE
Description Improper Input Validation vulnerability in Apache Superset, allows for an authenticated attacker to create a MariaDB connection with local_infile
CVE-2024-6146 : ACTIONTEC WCB6200Q 1.2L.03.5 HTTP SERVER UH_GET_POSTDATA_WITHUPLOAD STACK-BASED OVERFLOW
Description Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code
CVE-2024-36978 : LINUX KERNEL UP TO 6.10-RC2 SCH_MULTIQ MULTIQ_TUNE OUT-OF-BOUNDS WRITE
Description In the Linux kernel, the following vulnerability has been resolved: net: sched: sch_multiq: fix possible OOB write in multiq_tune()
CVE-2024-36480 : RICOH STREAMLINE NX PC CLIENT UP TO 3.7.2 HARD-CODED CREDENTIALS
Description Use of hard-coded credentials issue exists in Ricoh Streamline NX PC Client ver.3.7.2 and earlier. If this vulnerability is
CVE-2024-37079 : VMWARE VCENTER SERVER/CLOUD FOUNDATION DCERPC HEP-BASED OVERFLOW
Description vCenter Server contains a heap-overflow vulnerability in the implementation of the DCERPC protocol. A malicious actor with network access
Addressing Vulnerabilities In NextGen Healthcare Mirth Connect With Prophaze
In today’s connected world, the healthcare industry increasingly relies on data integration platforms such as NextGen Healthcare Mirth Connect. These
CVE-2024-5469 : GITLAB COMMUNITY EDITION/ENTERPRISE EDITION UP TO 16.10.5/16.11.2 KAS RESOURCE CONSUMPTION
Description DoS in KAS in GitLab CE/EE affecting all versions from 16.10.0 prior to 16.10.6 and 16.11.0 prior to 16.11.3
CVE-2024-27172 : TOSHIBA TEC E-STUDIO MULTI-FUNCTION PERIPHERAL OS COMMAND INJECTION
Description Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference
CVE-2024-3079 : ASUS ZENWIFI XT8 UP TO 3.0.0.4 STACK-BASED OVERFLOW
Description Certain models of ASUS routers have buffer overflow vulnerabilities, allowing remote attackers with administrative privileges to execute arbitrary commands
CVE-2024-4315 : PARISNEO LOLLMS UP TO 9.7 SANITIZE_PATH_FROM_ENDPOINT FILENAME CONTROL
Description parisneo/lollms version 9.5 is vulnerable to Local File Inclusion (LFI) attacks due to insufficient path sanitization. The `sanitize_path_from_endpoint` function
CVE-2024-36454 : FSAS TECHNOLOGIES IPCOM EX2/IPCOM VE2 UP TO V01L07NF0201 PACKET UNINITIALIZED RESOURCE
Description Use of uninitialized resource issue exists in IPCOM EX2 Series (V01L0x Series) V01L07NF0201 and earlier, and IPCOM VE2 Series
CVE-2024-34762 : WPENGINE ADVANCED CUSTOM FIELDS PRO PLUGIN UP TO 6.2.9 ON WORDPRESS PATH TRAVERSAL
Description Vulnerability discovered by executing a planned security audit. Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’)
CVE-2024-35725 : LA-STUDIO ELEMENT KIT FOR ELEMENTOR PLUGIN UP TO 1.3.6 ON WORDPRESS AUTHORIZATION
Description Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a
CVE-2024-5389 : LUNARY-AI LUNARY UP TO 1.2.13 INSUFFICIENT GRANULARITY OF ACCESS CONTROL
Description In lunary-ai/lunary version 1.2.13, an insufficient granularity of access control vulnerability allows users to create, update, get, and delete
CVE-2024-37569 : MITEL 6869I UP TO 4.5.0.41/5.0.0.1018 PROVIS.HTML HOSTNAME OS COMMAND INJECTION
Description An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists
CVE-2024-4295 : ICEGRAM EXPRESS EMAIL SUBSCRIBERS PLUGIN UP TO 5.7.20 ON WORDPRESS HASH SQL INJECTION
Description The Email Subscribers by Icegram Express plugin for WordPress is vulnerable to SQL Injection via the ‘hash’ parameter in
CVE-2024-32976 : ENVOY UP TO 1.27.5/1.28.3/1.29.4/11.30.1 DECOMPRESSION INFINITE LOOP
Description Envoy is a cloud-native, open source edge and service proxy. Envoyproxy with a Brotli filter can get into an
CVE-2024-29972 : ZYXEL NAS326/NAS542 PRIOR 5.21 HTTP POST REQUEST REMOTE_HELP-CGI OS COMMAND INJECTION
Description ** UNSUPPORTED WHEN ASSIGNED ** The command injection vulnerability in the CGI program “remote_help-cgi” in Zyxel NAS326 firmware versions
CVE-2024-5590 : NETENTSEC NS-ASG APPLICATION SECURITY GATEWAY 6.3 JSON CONTENT UPLOADISCUSER.PHP MESSAGECONTENT SQL INJECTION
Description A vulnerability was found in Netentsec NS-ASG Application Security Gateway 6.3. It has been declared as critical. This vulnerability
CVE-2024-5311 : DIGIWIN EASYFLOW .NET UP TO 5.X/6.1X/6.6.15 INPUT SQL INJECTION
Description DigiWin EasyFlow .NET lacks validation for certain input parameters. An unauthenticated remote attacker can inject arbitrary SQL commands to