CVE-2024-8523 : LMXCMS UP TO 1.4 SQL COMMAND EXECUTION MODULE ADMIN.PHP FORMATDATA DATA CODE INJECTION
Description A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the
CVE-2024-40711 : VEEAM BACKUP & REPLICATION UP TO 12.1.2.172 REMOTE CODE EXECUTION
Description A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). References
CVE-2024-8480 : IMAGE OPTIMIZER, RESIZER AND CDN PLUGIN UP TO 7.2.7 ON WORDPRESS SIRV_SAVE_PREVENTED_SIZES AUTHORIZATION
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due
What Is GraphQL API And How To Secure Them?
GraphQL API security is critical to protecting your application from threats and vulnerabilities. GraphQL, with its simple and efficient data
CVE-2024-23365 : QUALCOMM SNAPDRAGON AUTO UP TO WSA8845H MINKSOCKET LISTENER THREAD USE AFTER FREE
Description Memory corruption while releasing shared resources in MinkSocket listener thread. References https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html For More Information CVERecord
CVE-2024-5053 : TECHJEWEL CONTACT FORM PLUGIN UP TO 5.1.18 ON WORDPRESS MAILCHIMP API KEY VERIFYREQUEST IMPROPER AUTHORIZATION
Description The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for
CVE-2024-8368 : CODE-PROJECTS HOSPITAL MANAGEMENT SYSTEM 1.0 LOGIN INDEX.PHP USERNAME SQL INJECTION
Description A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this
CVE-2024-39747 : IBM STERLING CONNECT DIRECT WEB SERVICES 6.0/6.1/6.2/6.3 DEFAULT CREDENTIALS
Description IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. References https://www.ibm.com/support/pages/node/7166947
CVE-2024-5879 : HUBSPOT PLUGIN UP TO 11.1.22 ON WORDPRESS HUBSPOT MEETING WIDGET CROSS SITE SCRIPTING
Description The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site
CVE-2024-45037 : AWS AWS-CDK UP TO 2.148.0 AUTHORIZATION
Description The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it
CVE-2024-41622 : D-LINK DIR-846W A1 FW100A43 /HNAP1/ TOMOGRAPHY_PING_ADDRESS OS COMMAND INJECTION
Description D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in
CVE-2024-42490 : GOAUTHENTIK API ENDPOINT IMPROPER AUTHORIZATION
Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main
CVE-2024-42497 : MATTERMOST UP TO 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 SYSTEMS MANAGER ROLE ACCESS CONTROL
Description Mattermost versions 9.9.x
CVE-2024-7384 : ACYBA ACYMAILING PLUGIN UP TO 9.7.2 ON WORDPRESS ACYM_EXTRACTARCHIVE UNRESTRICTED UPLOAD
Description The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to
CVE-2024-21690 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER UP TO 8.9.5 CROSS-SITE REQUEST FORGERY
Description This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0,
CVE-2024-41674 : CKAN UP TO 2.10.4 PACKAGE_SEARCH INFORMATION EXPOSURE
Description CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues
CVE-2024-42362 : APACHE HERTZBEAT UP TO 1.5.X /API/MONITORS/IMPORT DESERIALIZATION
Description Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in
CVE-2024-43403 : KANISTERIO KANISTER UP TO 0.110.0 CREATE/PATCH/UDPATE PRIVILEGES MANAGEMENT
Description Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with
CVE-2024-42363 : ZENDESK SAMSON UP TO 3384 ROLEVERIFICATIONSCONTROLLER ROLE DESERIALIZATION
Description Prior to 3385, the user-controlled role parameter enters the application in the Kubernetes::RoleVerificationsController. The role parameter flows into the
CVE-2024-43406 : LF-EDGE EKUIPER UP TO 1.14.1 SQL INJECTION
Description LF Edge eKuiper is a lightweight IoT data analytics and stream processing engine running on resource-constraint edge devices. A
CVE-2024-41909 : APACHE MINA SSHD UP TO 2.11.0 TERRAPIN INTEGRITY CHECK
Description Like many other SSH implementations, Apache MINA SSHD suffered from the issue that is more widely known as CVE-2023-48795.
CVE-2024-38530 : GUNET OPENECLASS UP TO 3.15 H5P MODULE UNRESTRICTED UPLOAD
Description The Open eClass platform (formerly known as GUnet eClass) is a complete Course Management System. An arbitrary file upload
How To Protect Your APIs From DDoS Attacks
In today’s digital age, application programming interfaces (APIs) play an important role in enabling applications to interact with each other.
CVE-2024-42408 : DORSETT CONTROLS INFOSCAN 1.32/1.33/1.35 CLIENT DOWNLOAD PAGE PATH TRAVERSAL
Description The InfoScan client download page can be intercepted with a proxy, to expose filenames located on the system, which