#recon
1
From cvefeed.io
CVE-2024-3379 - "Lunary AI Private Key Unauthorized Regeneration Vulnerability"
1 1
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. Specifically, a user with a 'Member' role can issue a request to regenerate the private key of a project...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
12h ago
1
From cvefeed.io
CVE-2024-3501 - Lunary-AI Lunary Information Disclosure Vulnerability
1 1
In lunary-ai/lunary versions up to and including 1.2.5, an information disclosure vulnerability exists due to the inclusion of single-use tokens in the responses of `GET /v1/users/me` and `GET /v1/users/me/org` API endpoints. These tokens, intended for sensitive operations such as password...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
13h ago
1
From cvefeed.io
CVE-2024-4343 - Amazon SageMaker PrivateGPT Python Command Injection Vulnerability
1 1
A Python command injection vulnerability exists in the `SagemakerLLM` class's `complete()` method within `./private_gpt/components/llm/custom/sagemaker.py` of the imartinez/privategpt application, versions up to and including 0.3.0. The vulnerability arises due to the use of the `eval()`...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
13h ago
1
From cvefeed.io
CVE-2024-9693 - GitLab CE/EE Kubernetes Agent Authorization Bypass
1 1
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.0 prior to 17.3.7, starting from 17.4 prior to 17.4.4, and starting from 17.5 prior to 17.5.2, which could have allowed unauthorized access to the Kubernetes agent in a cluster under specific configurations.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
20h ago
1
From cvefeed.io
CVE-2024-9832 - Philips Ventilator Login Brute Force Vulnerability
1 1
There is no limit on the number of failed login attempts permitted with the Clinician Password or the Serial Number Clinician Password. An attacker could execute a brute-force attack to gain unauthorized access to the ventilator, and then make changes to device settings that could disrupt the...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
8h ago
1
From cvefeed.io
CVE-2024-9834 - Medtronic Ventilator Information Exposure Vulnerability
1 1
Improper data protection on the ventilator's serial interface could allow an attacker to send and receive messages that result in unauthorized disclosure of information and/or have unintended impacts on device settings and performance.
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
8h ago
1
From cvefeed.io
CVE-2024-10571 - Chartify WordPress Chart Plugin Local File Inclusion Vulnerability
1 1
The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.9.5 via the 'source' parameter. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
19h ago
1
From cvefeed.io
CVE-2024-10924 - Really Simple Security for WordPress Authentication Bypass
1 1
The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are vulnerable to authentication bypass in versions 9.0.0 to 9.1.1.1. This is due to improper user check error handling in the two-factor REST API actions with the 'check_login_and_get_user' function. This makes it...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
3h ago
1
From cvefeed.io
CVE-2024-10962 - WordPress WPvivid Plugin PHP Object Injection Vulnerability
1 1
The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This makes it possible for unauthenticated...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
16h ago
1
From cvefeed.io
CVE-2024-10979 - PostgreSQL PL/Perl Environment Variable Overflow Vulnerability
1 1
Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a database server operating system user....
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
18h ago
1
From cvefeed.io
CVE-2024-11120 - GeoVision Command Injection Vulnerability
1 1
Certain EOL GeoVision devices have an OS Command Injection vulnerability. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the device. Moreover, this vulnerability has already been exploited by attackers, and we have received...
#cti #cve #ioc #recon #threatintel #cybersecurity #threatintelligence
5h ago