CVE-2024-5407 : SALTOS RHINOS 3.0-1190 /PORTAL/SEARCH.HTM SEARCH CODE INJECTION
Description A vulnerability in RhinOS 3.0-1190 could allow PHP code injection through the “search” parameter in /portal/search.htm. This vulnerability could
CVE-2024-35395 : TOTOLINK CP900L 4.1.5CU.798_B20221228 /ETC/SHADOW.SAMPLE HARD-CODED PASSWORD
Description TOTOLINK CP900L v4.1.5cu.798_B20221228 was discovered to contain a hardcoded password vulnerability in /etc/shadow.sample, which allows attackers to log in
CVE-2024-5400 : OPENFIND MAIL2000 8.0 CGI OS COMMAND INJECTION
Description Openfind Mail2000 does not properly filter parameters of specific CGI. Remote attackers with regular privileges can exploit this vulnerability
CVE-2024-26289 : PMB UP TO 7.3.17/7.4.8/7.5.6-1 DESERIALIZATION
Description Deserialization of Untrusted Data vulnerability in PMB Services PMB allows Remote Code Inclusion.This issue affects PMB: from 7.5.1 before
Prophaze’s Comprehensive Approach to API Security in Modern Healthcare
Prophaze’s Comprehensive Approach to API Security in the Patient-Centric Digital Health Era In the realm of modern healthcare, where digital
CVE-2024-5296 : D-LINK D-VIEW 2.0.1.28 TOKENUTILS HARD-CODED KEY
Description D-Link D-View Use of Hard-coded Cryptographic Key Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on
CVE-2024-5201 : OPENTEXT DIMENSIONS RM UP TO 12.11.1.2/12.11.2.5 HTTP REQUEST PRIVILEGE ESCALATION
Description Privilege Escalation in OpenText Dimensions RM allows an authenticated user to escalate there privilege to the privilege of another
CVE-2024-4267 : PARISNEO LOLLMS-WEBUI UP TO 9.5 OPEN_FILE COMMAND INJECTION
Description A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the ‘open_file’ module, version 9.5. The vulnerability
CVE-2024-29849 : VEERAM BACKUP & REPLICATION PRIOR 11.0.1.1261 P20240304/12.1.2.172 ENTERPRISE MANAGER WEB INTERFACE IMPROPER AUTHENTICATION
Description Veeam Backup Enterprise Manager allows unauthenticated users to log in as any user to enterprise manager web interface. References
CVE-2024-36011 : LINUX KERNEL UP TO 6.6.30/6.8.9 BLUETOOTH HCI_LE_BIG_SYNC_ESTABLISHED_EVT NULL POINTER DEREFERENCE
Description In the Linux kernel, the following vulnerability has been resolved: Bluetooth: HCI: Fix potential null-ptr-deref Fix potential null-ptr-deref in
CVE-2024-21683 : ATLASSIAN CONFLUENCE DATA CENTER UP TO 8.9.0 PRIVILEGE ESCALATION
Description This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
CVE-2024-3927 : ELEMENT PACK ELEMENTOR ADDONS PLUGIN UP TO 5.6.3 ON WORDPRESS ACCESS CONTROL
Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is
CVE-2024-36053 : LINUXMINT MINTUPLOAD UP TO 4.2.0 SERVICE OS COMMAND INJECTION
Description In the mintupload package through 4.2.0 for Linux Mint, service-name mishandling leads to command injection via shell metacharacters in
CVE-2024-36080 : WESTERMO EDW-100 DEVICES UP TO 2024-05-03 HARD-CODED PASSWORD
Description Westermo EDW-100 devices through 2024-05-03 have a hidden root user account with a hardcoded password that cannot be changed.
What is Cross-Site Request Forgery (CSRF)?
Cross-Site Request Forgery (CSRF) is an attack method that tricks users into performing an unwanted action on a website they
CVE-2024-3319 : SAILPOINT IDENTITY SECURITY CLOUD TRANSFORM PREVIEW/IDENTITYPROFILE PREVIEW CODE INJECTION
Description An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed
CVE-2024-4984 : YOAST SEO PLUGIN UP TO 22.6 ON WORDPRESS DISPLAY_NAME CROSS SITE SCRIPTING
Description The Yoast SEO plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘display_name’ author meta in all
Navigating HTTP/2 Vulnerabilities: Continuation Floods and Rapid Resets
In the realm of web security, the evolution of protocols brings both advancements and vulnerabilities. The HTTP/2 protocol, known for
CVE-2024-32888 : AWS AMAZON-REDSHIFT-JDBC-DRIVER UP TO 2.1.0.27 SQL INJECTION
Description The Amazon JDBC Driver for Redshift is a Type 4 JDBC driver that provides database connectivity through the standard
CVE-2024-32002 : GIT SUBMODULE .GIT/ PATH TRAVERSAL
Description Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with
CVE-2024-31471 : ARUBA INSTANTOS/ARUBAOS CENTRAL COMMUNICATONS SERVICE COMMAND INJECTION
Description There is a command injection vulnerability in the underlying Central Communications service that could lead to unauthenticated remote code
CVE-2024-33006 : SAP NETWEAVER APPLICATION SERVER ABAP AND ABAP PLATFORM UNRESTRICTED UPLOAD
Description An unauthenticated attacker can upload a malicious file to the server which when accessed by a victim can allow
CVE-2024-27842 : APPLE MACOS UP TO 14.4 KERNEL LOCAL PRIVILEGE ESCALATION
Description The issue was addressed with improved checks. This issue is fixed in macOS Sonoma 14.5. An app may be
CVE-2024-28761 : IBM APP CONNECT ENTERPRISE UP TO 11.0.0.25/12.0.12.0 CROSS SITE SCRIPTING
Description IBM App Connect Enterprise 11.0.0.1 through 11.0.0.25 and 12.0.1.0 through 12.0.12.0 is vulnerable to HTML injection. A remote attacker