CVE-2024-27115 : SIMPLE ONLINE PLANNING SO PLANNING PRIOR 1.52.02 UNRESTRICTED UPLOAD
Description A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability,
CVE-2024-45327 : FORTINET FORTISOAR UP TO 7.0.3/7.2.2/7.3.2/7.4.3 CHANGE PASSWORD ENDPOINT EXCESSIVE AUTHENTICATION
Description An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through
CVE-2024-43690 : GALLAGHER COMMAND CENTRE SERVER INCLUSION OF FUNCTIONALITY FROM UNTRUSTED CONTROL SPHERE
Description Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to
CVE-2024-8503 : VICIDIAL 2.14-917A SQL INJECTION
Description An unauthenticated attacker can leverage a time-based SQL injection vulnerability in VICIdial to enumerate database records. By default, VICIdial
What Is The Role Of API Gateways In API Security?
API gateways play a key role in today’s digital security, acting as an essential safety net to protect APIs from
CVE-2024-40681 : IBM MQ OPERATOR 2.0.26/3.2.4 QUEUE MANAGER PRIVILEGES ASSIGNMENT
Description IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security
CVE-2024-8523 : LMXCMS UP TO 1.4 SQL COMMAND EXECUTION MODULE ADMIN.PHP FORMATDATA DATA CODE INJECTION
Description A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the
CVE-2024-40711 : VEEAM BACKUP & REPLICATION UP TO 12.1.2.172 REMOTE CODE EXECUTION
Description A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). References
CVE-2024-8480 : IMAGE OPTIMIZER, RESIZER AND CDN PLUGIN UP TO 7.2.7 ON WORDPRESS SIRV_SAVE_PREVENTED_SIZES AUTHORIZATION
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due
What Is GraphQL API And How To Secure Them?
GraphQL API security is critical to protecting your application from threats and vulnerabilities. GraphQL, with its simple and efficient data
CVE-2024-23365 : QUALCOMM SNAPDRAGON AUTO UP TO WSA8845H MINKSOCKET LISTENER THREAD USE AFTER FREE
Description Memory corruption while releasing shared resources in MinkSocket listener thread. References https://docs.qualcomm.com/product/publicresources/securitybulletin/september-2024-bulletin.html For More Information CVERecord
CVE-2024-5053 : TECHJEWEL CONTACT FORM PLUGIN UP TO 5.1.18 ON WORDPRESS MAILCHIMP API KEY VERIFYREQUEST IMPROPER AUTHORIZATION
Description The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for
CVE-2024-8368 : CODE-PROJECTS HOSPITAL MANAGEMENT SYSTEM 1.0 LOGIN INDEX.PHP USERNAME SQL INJECTION
Description A vulnerability was found in code-projects Hospital Management System 1.0. It has been rated as critical. Affected by this
CVE-2024-39747 : IBM STERLING CONNECT DIRECT WEB SERVICES 6.0/6.1/6.2/6.3 DEFAULT CREDENTIALS
Description IBM Sterling Connect:Direct Web Services 6.0, 6.1, 6.2, and 6.3 uses default credentials for potentially critical functionality. References https://www.ibm.com/support/pages/node/7166947
CVE-2024-5879 : HUBSPOT PLUGIN UP TO 11.1.22 ON WORDPRESS HUBSPOT MEETING WIDGET CROSS SITE SCRIPTING
Description The HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics plugin for WordPress is vulnerable to Stored Cross-Site
CVE-2024-45037 : AWS AWS-CDK UP TO 2.148.0 AUTHORIZATION
Description The AWS Cloud Development Kit (CDK) is an open-source framework for defining cloud infrastructure using code. Customers use it
CVE-2024-41622 : D-LINK DIR-846W A1 FW100A43 /HNAP1/ TOMOGRAPHY_PING_ADDRESS OS COMMAND INJECTION
Description D-Link DIR-846W A1 FW100A43 was discovered to contain a remote command execution (RCE) vulnerability via the tomography_ping_address parameter in
CVE-2024-42490 : GOAUTHENTIK API ENDPOINT IMPROPER AUTHORIZATION
Description authentik is an open-source Identity Provider. Several API endpoints can be accessed by users without correct authentication/authorization. The main
CVE-2024-42497 : MATTERMOST UP TO 9.5.7/9.8.2/9.9.1/9.10.0/9.11.0 SYSTEMS MANAGER ROLE ACCESS CONTROL
Description Mattermost versions 9.9.x
CVE-2024-7384 : ACYBA ACYMAILING PLUGIN UP TO 9.7.2 ON WORDPRESS ACYM_EXTRACTARCHIVE UNRESTRICTED UPLOAD
Description The AcyMailing – An Ultimate Newsletter Plugin and Marketing Automation Solution for WordPress plugin for WordPress is vulnerable to
CVE-2024-21690 : ATLASSIAN CONFLUENCE DATA CENTER/CONFLUENCE SERVER UP TO 8.9.5 CROSS-SITE REQUEST FORGERY
Description This High severity Reflected XSS and CSRF (Cross-Site Request Forgery) vulnerability was introduced in versions 7.19.0, 7.20.0, 8.0.0, 8.1.0,
CVE-2024-41674 : CKAN UP TO 2.10.4 PACKAGE_SEARCH INFORMATION EXPOSURE
Description CKAN is an open-source data management system for powering data hubs and data portals. If there were connection issues
CVE-2024-42362 : APACHE HERTZBEAT UP TO 1.5.X /API/MONITORS/IMPORT DESERIALIZATION
Description Hertzbeat is an open source, real-time monitoring system. Hertzbeat has an authenticated (user role) RCE via unsafe deserialization in
CVE-2024-43403 : KANISTERIO KANISTER UP TO 0.110.0 CREATE/PATCH/UDPATE PRIVILEGES MANAGEMENT
Description Kanister is a data protection workflow management tool. The kanister has a deployment called default-kanister-operator, which is bound with