CVE-2024-4708 : MYSCADA MYPRO 7/8.20.0/8.26/8.27.0/8.29.0 HARD-CODED PASSWORD
Description mySCADA myPRO uses a hard-coded password which could allow an attacker to remotely execute code on the affected device.
CVE-2024-5980 : LIGHTNING-AI PYTORCH-LIGHTNING UP TO 2.2.4 API ENDPOINT /V1/RUNS UNRESTRICTED UPLOAD
Description A vulnerability in the /v1/runs API endpoint of lightning-ai/pytorch-lightning v2.2.4 allows attackers to exploit path traversal when extracting tar.gz
CVE-2024-5751 : BERRIAI LITELLM UP TO 1.35.8 ENVIRONMENT VARIABLE ADD_DEPLOYMENT CODE INJECTION
Description BerriAI/litellm version v1.35.8 contains a vulnerability where an attacker can achieve remote code execution. The vulnerability exists in the
CVE-2024-5826 : VANNA-AI VANNA SRC/VANNA/BASE/BASE.PY VANNA.ASK CODE INJECTION
Description In the latest version of vanna-ai/vanna, the `vanna.ask` function is vulnerable to remote code execution due to prompt injection.
CVE-2024-6127 : BC SECURITY EMPIRE UP TO 5.9.2 PATH TRAVERSAL
Description BC Security Empire before 5.9.3 is vulnerable to a path traversal issue that can lead to remote code execution.
CVE-2024-36075 : NETWRIX COSOSYS ENDPOINT PROTECTOR/COSOSYS UNIFY APPLICATION CONFIGURATION IMPROPER AUTHENTICATION
Description Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the
CVE-2024-37140 : DELL POWERPROTECT DD PRIOR 8.0 OS COMMAND INJECTION
Description Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability
CVE-2024-5443 : PARISNEO LOLLMS UP TO 9.7 EXTENSIONBUILDER.BUILD_EXTENSIONN PATH TRAVERSAL
Description CVE-2024-4320 describes a vulnerability in the parisneo/lollms software, specifically within the `ExtensionBuilder().build_extension()` function. The vulnerability arises from the `/mount_extension`
CVE-2024-6146 : ACTIONTEC WCB6200Q 1.2L.03.5 HTTP SERVER UH_GET_POSTDATA_WITHUPLOAD STACK-BASED OVERFLOW
Description Actiontec WCB6200Q uh_get_postdata_withupload Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code
CVE-2024-27172 : TOSHIBA TEC E-STUDIO MULTI-FUNCTION PERIPHERAL OS COMMAND INJECTION
Description Remote Command program allows an attacker to get Remote Code Execution. As for the affected products/models/versions, see the reference
CVE-2024-37569 : MITEL 6869I UP TO 4.5.0.41/5.0.0.1018 PROVIS.HTML HOSTNAME OS COMMAND INJECTION
Description An issue was discovered on Mitel 6869i through 4.5.0.41 and 5.x through 5.0.0.1018 devices. A command injection vulnerability exists
CVE-2024-32850 : SEIKO SKYBRIDGE BASIC MB-A130 COMMAND INJECTION
Description Improper neutralization of special elements used in a command (‘Command Injection’) exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and
CVE-2024-4267 : PARISNEO LOLLMS-WEBUI UP TO 9.5 OPEN_FILE COMMAND INJECTION
Description A remote code execution (RCE) vulnerability exists in the parisneo/lollms-webui, specifically within the ‘open_file’ module, version 9.5. The vulnerability
CVE-2024-21683 : ATLASSIAN CONFLUENCE DATA CENTER UP TO 8.9.0 PRIVILEGE ESCALATION
Description This High severity RCE (Remote Code Execution) vulnerability was introduced in version 5.2 of Confluence Data Center and Server.
CVE-2024-3927 : ELEMENT PACK ELEMENTOR ADDONS PLUGIN UP TO 5.6.3 ON WORDPRESS ACCESS CONTROL
Description The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is
CVE-2024-29204 : IVANTI AVALANCHE UP TO 6.4.2 WLAVALANCHESERVICE HEAP-BASED OVERFLOW
Description A Heap Overflow vulnerability in WLAvalancheService component of Ivanti Avalanche before 6.4.3 allows a remote unauthenticated attacker to execute
CVE-2024-2912 : BENTOML FRAMEWORK UP TO 1.2.4 POST REQUEST INSECURE DEFAULT INITIALIZATION OF RESOURCE
Description An insecure deserialization vulnerability exists in the BentoML framework, allowing remote code execution (RCE) by sending a specially crafted
CVE-2024-21508 : MYSQL2 UP TO 3.9.3 READCODEFOR BIGNUMBERSTRINGS CODE INJECTION
Description Versions of the package mysql2 before 3.9.4 are vulnerable to Remote Code Execution (RCE) via the readCodeFor function due
CVE-2024-24578 : JENS-MAUS RASPBERRYMATIC PRIOR 3.75.6.20240316 PATH TRAVERSAL
Description RaspberryMatic is an open-source operating system for HomeMatic internet-of-things devices. RaspberryMatic / OCCU prior to version 3.75.6.20240316 contains a
What Are Fragmented Attacks?
Fragmented Attacks refer to a type of cyber assault that utilizes network packet fragmentation to obscure malicious payloads and deceive
CVE-2024-22459 : DELL ECS UP TO 3.6.2.5/3.7.0.6/3.8.0.4 ACCESS CONTROL
Description Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access
CVE-2024-25415 : CE PHOENIX 1.0.8.20 DEFINE_LANGUAGE.PHP INJECTION
Description A remote code execution (RCE) vulnerability in /admin/define_language.php of CE Phoenix v1.0.8.20 allows attackers to execute arbitrary PHP code
CVE-2024-22320 : IBM OPERATIONAL DECISION MANAGER UP TO 8.12.0.1 REQUEST DESERIALIZATION
Description IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11, 8.11.0.1, and 8.12.0.1 could allow a remote authenticated attacker to execute
CVE-2024-1015 : SE-ELEKTRONIC E-DDC3.3 03.07.03 WEB CONFIGURATION CODE INJECTION
Description Remote command execution vulnerability in SE-elektronic GmbH E-DDC3.3 affecting versions 03.07.03 and higher. An attacker could send different commands