From cvefeed.io
CVE-2024-10924 - Really Simple Security for WordPress Authentication Bypass
1 1
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
5h ago
From cvefeed.io
CVE-2024-11120 - GeoVision Command Injection Vulnerability
1 1
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
7h ago
From cvefeed.io
CVE-2024-9834 - Medtronic Ventilator Information Exposure Vulnerability
1 1
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
10h ago
From cvefeed.io
CVE-2024-9832 - Philips Ventilator Login Brute Force Vulnerability
1 1
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
10h ago
From cvefeed.io
CVE-2024-52370 - "Hive Support WordPress Help Desk Unrestricted File Upload RCE"
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in Hive Support Hive Support – WordPress Help Desk allows Upload a Web Shell to a Web Server.This issue affects Hive Support – WordPress Help Desk: from n/a through 1.1.1.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
14h ago
From cvefeed.io
CVE-2024-52369 - Optimal Access Inc. KBucket Unvalidated File Upload Vulnerability
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in Optimal Access Inc. KBucket allows Upload a Web Shell to a Web Server.This issue affects KBucket: from n/a through 4.1.6.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
14h ago
From cvefeed.io
CVE-2024-52377 - BdThemes Instant Image Generator Unrestricted File Upload Vulnerability
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in BdThemes Instant Image Generator allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through 1.5.4.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-3379 - "Lunary AI Private Key Unauthorized Regeneration Vulnerability"
1 1
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52373 - Devexhub Gallery Unrestricted File Upload RCE
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in Team Devexhub Devexhub Gallery allows Upload a Web Shell to a Web Server.This issue affects Devexhub Gallery: from n/a through 2.0.1.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52384 - Sage AI: Unrestricted Upload of Web Shell Vulnerability
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in Sage AI Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation allows Upload a Web Shell to a Web Server.This issue affects Sage AI: Chatbots, OpenAI GPT-4 Bulk Articles, Dalle-3 Image Generation: from n/a through 2.4.9.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-3501 - Lunary-AI Lunary Information Disclosure Vulnerability
1 1
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52382 - Medma Technologies Matix Popup Builder Authorization Bypass
1 1
Missing Authorization vulnerability in Medma Technologies Matix Popup Builder allows Privilege Escalation.This issue affects Matix Popup Builder: from n/a through 1.0.0.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52372 - WebTechGlobal Easy CSV Importer BETA File Upload RCE
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in WebTechGlobal Easy CSV Importer BETA allows Upload a Web Shell to a Web Server.This issue affects Easy CSV Importer BETA: from n/a through 7.0.0.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52375 - Arttia Creative Datasets Manager Unrestricted File Upload Vulnerability
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in Arttia Creative Datasets Manager by Arttia Creative.This issue affects Datasets Manager by Arttia Creative: from n/a through 1.5.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52371 - DonnellC Global Gateway e4 Payeezy Gateway Path Traversal
1 1
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in DonnellC Global Gateway e4 | Payeezy Gateway.This issue affects Global Gateway e4 | Payeezy Gateway: from n/a through 2.0.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52380 - Softpulse Infotech Picsmize: Unrestricted File Upload with Code Execution
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in Softpulse Infotech Picsmize allows Upload a Web Shell to a Web Server.This issue affects Picsmize: from n/a through 1.0.0.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-50306 - Apache Traffic Server Privilege Escalation Vulnerability
1 1
Unchecked return value can allow Apache Traffic Server to retain privileges on startup. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.5, from 10.0.0 through 10.0.1. Users are recommended to upgrade to version 9.2.6 or 10.0.2, which fixes the issue.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52379 - KineticPay for WooCommerce Unrestricted File Upload Vulnerability
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in Kinetic Innovative Technologies Sdn Bhd kineticPay for WooCommerce allows Upload a Web Shell to a Web Server.This issue affects kineticPay for WooCommerce: from n/a through 2.0.8.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-4343 - Amazon SageMaker PrivateGPT Python Command Injection Vulnerability
1 1
A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the `eval()`...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52376 - "cmsMinds Boat Rental Plugin for WordPress RCE Upload"
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in cmsMinds Boat Rental Plugin for WordPress allows Upload a Web Shell to a Web Server.This issue affects Boat Rental Plugin for WordPress: from n/a through 1.0.1.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52381 - Shoaib Rehmat ZIJ KART PHP Remote File Inclusion
1 1
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Shoaib Rehmat ZIJ KART allows PHP Local File Inclusion.This issue affects ZIJ KART: from n/a through 1.1.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
CVE-2024-52374 - DoThatTask Unrestrictive WebShell Upload Vulnerability
1 1
Unrestricted Upload of File with Dangerous Type vulnerability in DoThatTask Do That Task allows Upload a Web Shell to a Web Server.This issue affects Do That Task: from n/a through 1.5.5.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
15h ago
From cvefeed.io
1 1
A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document containing a crafted payload. A successful attack requires a malicious user to have a combination of both specific Elasticsearch indices privileges...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
16h ago
From cvefeed.io
CVE-2024-52552 - Jenkins Authorize Project Plugin Stored XSS
1 1
Jenkins Authorize Project Plugin 1.7.2 and earlier evaluates a string containing the job name with JavaScript on the Authorization view, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
17h ago
From cvefeed.io
CVE-2024-43091 - "Skia Graphics Library Integer Overflow RCE"
1 1
In filterMask of SkEmbossMaskFilter.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
17h ago
From cvefeed.io
CVE-2024-52551 - Jenkins Pipeline Declarative Plugin Remote Code Execution
1 1
Jenkins Pipeline: Declarative Plugin 2.2214.vb_b_34b_2ea_9b_83 and earlier does not check whether the main (Jenkinsfile) script used to restart a build from a specific stage is approved, allowing attackers with Item/Build permission to restart a previous build whose (Jenkinsfile) script is no...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
17h ago
From cvefeed.io
CVE-2024-50854 - Tenda G3 Remote Code Execution (Stack Overflow)
1 1
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a stack overflow via the formSetPortMapping function.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
From cvefeed.io
CVE-2024-50852 - Tenda Router Command Injection Vulnerability
1 1
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetUSBPartitionUmount function.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
From cvefeed.io
CVE-2024-50970 - Itsourcecode Online Furniture Shopping Project SQL Injection Vulnerability
1 1
A SQL injection vulnerability in orderview1.php of Itsourcecode Online Furniture Shopping Project 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
From cvefeed.io
CVE-2024-50853 - Tenda G3 Command Injection Vulnerability
1 1
Tenda G3 v3.0 v15.11.0.20 was discovered to contain a command injection vulnerability via the formSetDebugCfg function.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
From cvefeed.io
CVE-2024-48510 - DotNetZip Directory Traversal Remote Code Execution
1 1
Directory Traversal vulnerability in DotNetZip v.1.16.0 and before allows a remote attacker to execute arbitrary code via the src/Zip.Shared/ZipEntry.Extract.cs component NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
From cvefeed.io
CVE-2024-10962 - WordPress WPvivid Plugin PHP Object Injection Vulnerability
1 1
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
19h ago
From cvefeed.io
CVE-2024-10979 - PostgreSQL PL/Perl Environment Variable Overflow Vulnerability
1 1
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user....
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
20h ago
From cvefeed.io
CVE-2024-10571 - Chartify WordPress Chart Plugin Local File Inclusion Vulnerability
1 1
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
22h ago
From cvefeed.io
CVE-2024-9693 - GitLab CE/EE Kubernetes Agent Authorization Bypass
1 1
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
22h ago