WordPress has released a security update to resolve arbitrary file uploads vulnerability in the WP Membership plugin. The affected versions are WP Membership plugin, all versions up to, and including, 1.6.2.
CVE ID: CVE-2024-10547 (Critical)
WordPress has released a security update to resolve arbitrary file read and deletion vulnerability in the WPLMS Learning Management System. The affected versions are WPLMS Learning Management System, all versions up to, and including, 4.962.
CVE ID: CVE-2024-10470 (Critical)
An arbitrary file creation vulnerability has been discovered in the WordPress Debug Tool plugin. The affected versions are Debug Tool plugin, all versions up to, and including, 2.2.
CVE ID: CVE-2024-10586(Critical)
WordPress has released security updates to resolve arbitrary file uploads and arbitrary file deletion vulnerabilities in the WooCommerce Support Ticket System plugin. The affected versions are WooCommerce Support Ticket System plugin, all versions up to, and including, 17.7.
CVE ID: CVE-2024-10627(Critical), CVE-2024-10625(Critical)
WordPress has released a security update to resolve arbitrary file uploads vulnerability in the WordPress User Extra Fields plugin. The affected versions are WordPress User Extra Fields plugin,all versions up to, and including, 16.5.
CVE ID: CVE-2024-10801(Critical)
Authentication bypass and information disclosure vulnerabilities have been discovered in the WordPress CE21 Suite plugin. The affected versions are CE21 Suite plugin, versions up to, and including, 2.2.0.
CVE ID: CVE-2024-10285(Critical), CVE-2024-10284(Critical)
WordPress has released a security update to resolve a privilege escalation vulnerability in the RegistrationMagic – User Registration Plugin with Custom Registration Forms plugin. The affected versions are WordPress User Extra Fields plugin, all versions up to, and including, 16.5.
CVE ID: CVE-2024-10508(Critical)
WordPress has released a security update to resolve a privilege escalation vulnerability in Leopard - WordPress Offload Media plugin. The affected versions are Leopard - WordPress Offload Media plugin, all versions up to, and including, 3.1.1.
CVE ID: CVE-2024-10589(Critical)
WordPress has released a security update to resolve Local File Inclusion vulnerability vulnerability in the Category Ajax Filter plugin. The affected versions are Category Ajax Filter plugin, all versions up to, and including, 2.8.2.
CVE ID: CVE-2024-10871 (Critical)
An XML External Entity (XXE) vulnerability has been discovered in Dmoz2CSV of openimaj. The affected version is Dmoz2CSV in openimaj v1.3.10.
CVE ID: CVE-2024-51136 (Critical)
An arbitrary command execution vulnerability has been discovered in Draytek Vigor3900. The affected version is Draytek Vigor3900 1.5.1.3.
CVE ID: CVE-2024-51252 (Critical)
A SQL injection vulnerability has been discovered in Tongda OA 2017. The affected versions are Tongda OA 2017 up to 11.10.
CVE ID: CVE-2024-10732 (Critical)
A stack-based buffer overflow vulnerability has been discovered in Tenda. The affected version is Tenda AC6 15.03.05.19.
CVE ID: CVE-2024-10698 (Critical)
A vulnerability has been discovered in LevelOne WBR-6012 router's web application that allows to change the administrator password and gain higher privileges without the current password. The affected version is LevelOne WBR-6012 router firmware version R0.40e6.
CVE ID: CVE-2024-33699 (Critical)
A stack-based buffer overflow vulnerability has been discovered in Tenda. The affected versions are Tenda AC1206 up to 20241027.
CVE ID: CVE-2024-10434 (Critical)
A vulnerability has been discovered in SECOM wireless router WRTM326 that does not properly validate a specific parameter and could execute arbitrary system commands by sending crafted requests.
CVE ID: CVE-2024-10119 (Critical)
A missing authorization vulnerability has been discovered in AA-Team WZone. The affected versions are WZone from n/a through 14.0.10.
CVE ID: CVE-2024-33545 (Critical)
A SQL injection vulnerability has been discovered in the GraphCypherQAChain class of langchain-ai/langchainjs. The affected versions are GraphCypherQAChain class of langchain-ai/langchainjs version 0.2.5 and all versions with this class.
CVE ID: CVE-2024-7042 (Critical)
An authorization bypass vulnerability has been discovered in Meetup. The affected versions are Meetup: from n/a through 0.1.
CVE ID: CVE-2024-50483 (Critical)
Multiple vulnerabilities have been discovered in Rockwell Automation FactoryTalk ThinManager equipment. The affected versions are ThinManager: versions 11.2.0 to 11.2.9, versions 12.0.0 to 12.0.7, versions 12.1.0 to 12.1.8, versions 13.0.0 to 13.0.5, versions 13.1.0 to 13.1.3, versions 13.2.0 to 13.2.2, and version 14.0.0. The mitigation and workarounds are available.
CVE ID: CVE-2024-10386 (Critical), CVE-2024-10387 (High)
Google has released Chrome Beta 131 (131.0.6778.22) for iOS, Chrome Beta 131 (131.0.6778.22) for Android, and Beta channel 131.0.6778.24 for Windows, Mac and Linux.
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 132, Thunderbird 128.4, Firefox ESR 115.17, Firefox ESR 128.4, Firefox 132. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-10458 (High), CVE-2024-10459 (High), CVE-2024-10460 (Medium), CVE-2024-10461 (Medium), CVE-2024-10462 (Medium), CVE-2024-10463 (Medium), CVE-2024-10464 (Low), CVE-2024-10465 (Low), CVE-2024-10466 (Low), CVE-2024-10467 (Medium), CVE-2024-10468 (Medium)
An authentication bypass vulnerability has been discovered in Crypto plugin for WordPress. The affected versions are Crypto plugin for WordPress up to and including, 2.15.
CVE ID: CVE-2024-9989 (Critical)
A static credentials vulnerability has been discovered in IBM Flexible Service Processor. The affected versions are IBM Flexible Service Processor FW860.00 through FW860.B3, FW950.00 through FW950.C0, FW1030.00 through FW1030.61, FW1050.00 through FW1050.21, and FW1060.00 through FW1060.10. Security updates are available.
CVE ID: CVE-2024-45656 (Critical)
Multiple vulnerabilities have been discovered in several of Siemens' equipment- InterMesh. Siemens has released workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2024-47901 (Critical), CVE-2024-47902 (High), CVE-2024-47903 (High), CVE-2024-47904 (High)
A deserialization of untrusted data vulnerability has been discovered in Delta Electronics' Equipment- InfraSuite Device Master. The affected versions are InfraSuite Device Master: Versions 1.0.12 and prior. Security updates are available.
CVE ID: CVE-2024-10456 (Critical)
Apple has released security updates to address multiple vulnerabilities in Safari 18.1. An attacker can exploit these vulnerabilities to take control of an affected device.
CVE ID: CVE-2024-44259, CVE-2024-44229, CVE-2024-44296, CVE-2024-44244
SQL Injection vulnerability has been discovered in eHDR CTMS of Sunnet that allow unauthenticated remote attackers to inject arbitrary SQL command to read, modify, and delete database contents.
CVE ID: CVE-2024-10440 (Critical)
An Unauthenticated Arbitrary File Upload vulnerability has been discovered in Wux Blog Editor plugin for WordPress. The affected versions are Wux Blog Editor plugin for WordPress up to and including, 3.0.0.
CVE ID: CVE-2024-9932 (Critical)
A vulnerability has been discovered in Trend Micro Deep Discovery Inspector that allow an attacker to disclose sensitive information affected installations. The affected versions are Trend Micro Deep Discovery Inspector versions 5.8 and above.
CVE ID: CVE-2024-46902 (Critical)
Stack-based buffer overflow vulnerability has been discovered in Tenda FH1201. The affected version is Tenda FH1201 v1.2.0.14.
CVE ID: CVE-2024-41461 (Critical)
Fortinet has released security updates to address missing authentication for critical function vulnerability in FortiManager. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-47575 (Critical)
Improper Access Control vulnerability has been discovered in VIMESA's Equipment- VHF/FM Transmitter Blue Plus. The affected version is VHF/FM Transmitter Blue Plus v9.7.1. The mitigations are available.
CVE ID: CVE-2024-9692 (Medium)
Path Traversal vulnerability has been discovered in iniNet Solutions' Equipment- SpiderControl SCADA PC HMI Editor. The affected version is SpiderControl SCADA PC HMI Editor version 8.10.00.00.
CVE ID: CVE-2024-10313 (High)
Deep Sea Electronics has released security update to address a Missing Authentication for Critical Function vulnerability in its equipment- DSE855. The affected version is DSE855: version 1.0.26.
CVE ID: CVE-2024-5947 (Medium)
Cisco has released security updates to address static credential vulnerability in Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 1000, 2100, 3100, and 4200 series.
CVE ID: CVE-2024-20412 (Critical)
Cisco has released security updates to address command injection vulnerability in Cisco Secure Firewall Management Center Software.
CVE ID: CVE-2024-20424 (Critical)
Cisco has released security updates to address command injection vulnerability in the SSH subsystem of Cisco Adaptive Security Appliance (ASA) Software.
CVE ID: CVE-2024-20329 (Critical)
An insufficiently protected credentials vulnerability has been discovered in LiteSpeed Cache of LiteSpeed Technologies that allows authentication bypass. The affected versions are LiteSpeed Cache: from n/a before 6.5.0.1.
CVE ID: CVE-2024-44000 (Critical)
A deserialization of untrusted data vulnerability has been discovered in Piyushmca Shipyaari Shipping Management that allows Object Injection. The affected versions are Shipyaari Shipping Management: from n/a through 1.2.
CVE ID: CVE-2024-49626 (Critical)
A SQL injection vulnerability has been discovered in Simple Admin Panel App. The affected version is Simple Admin Panel App v1.0.
CVE ID: CVE-2024-25223 (Critical)
A vulnerability has been discovered in the postjournal service of Zimbra Collaboration. The affected versions are Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1.
CVE ID: CVE-2024-45519 (Critical)
A missing authentication vulnerability has been discovered in the Visual Studio Code extension for Arduino that allows to perform Remote Code Execution (RCE) through a network attack vector.
CVE ID: CVE-2024-43488 (Critical)
An OS command injection vulnerability has been discovered in SECOM WRTR-304GN-304TW-UPSC. The affected product is WRTR-304GN-304TW-UPSC V02.
CVE ID: CVE-2024-10118
An OS command injection vulnerability has been discovered in wireless router WRTM326 from SECOM. The affected products are WRTM326 before version 2.3.20.
CVE ID: CVE-2024-10119
Fortinet has released security updates to address an use of externally-controlled format string vulnerability in FortiOS and FortiSwitchManager. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-23113 (Critical)
Multiple vulnerabilities have been discovered in Kieback&Peter's Equipment- DDC4000 Series. The mitigations are available.
CVE ID: CVE-2024-41717 (Critical), CVE-2024-43812 (High), CVE-2024-43698 (Critical)
An insufficiently protected credential vulnerability has been discovered in HMS Networks' equipment- EWON FLEXY 202. The affected version is EWON FLEXY 202 firmware version 14.2s0. Security updates are available.
CVE ID: CVE-2024-7755 (High)
Multiple vulnerabilities have been discovered in Elvaco's Equipment- M-Bus Metering Gateway CMe3100. Successful exploitation of these vulnerabilities could allow to perform Remote Code Execution (RCE), impersonate and send false information, or bypass authentication.
CVE ID: CVE-2024-49396 (High), CVE-2024-49397 (High), CVE-2024-49398 (Critical), CVE-2024-49399 (High)
A Cross Site Scripting (XSS) vulnerability has been discovered in LCDS' Equipment- LAquis SCADA that allows to steal cookies, inject arbitrary code, or perform unauthorized actions. The affected version is LAquis SCADA: version 4.7.1.511. Security Updates are available.
CVE ID: CVE-2024-9414 (Critical)
A Denial of Service (DoS) vulnerability has been discovered in Mitsubishi Electric's Equipment- CNC Series. The mitigations are available.
CVE ID: CVE-2024-7316 (Medium)
WordPress has released a security update to resolve a privilege escalation vulnerability in the UserPro plugin for WordPress. The affected versions are UserPro plugin for WordPress up to and including, 3.6.0.
CVE ID: CVE-2024-9863 (Critical)
VMware has released security updates to address an Authenticated SQL injection in VMware HCX. The affected versions are VMware HCX 4.8.x, 4.9.x, and 4.10.x.
CVE ID: CVE-2024-38814 (High)
WordPress has released a security update to resolve an authentication bypass vulnerability in the Nextend Social Login Pro plugin for WordPress. The affected versions are Nextend Social Login Pro plugin for WordPress up to and including, 3.1.14.
CVE ID: CVE-2024-9893 (Critical)
Dell has released security updates for Dell OpenManage Enterprise. The affected versions are Dell OpenManage Enterprise versions prior to 4.2.0.
CVE ID: CVE-2024-45766 (High), CVE-2024-45767 (Medium)
Google has released Dev channel 131.0.6778.0 (Platform version: 16063.2.0) for most ChromeOS devices. Chrome Beta 131 (131.0.6778.2) for Android, Chrome 131.0.6778.3 Beta channel for Windows, Mac and Linux, and Chrome Beta 131 (131.0.6778.2) for iOS.
Mozilla has released security updates to address a vulnerability in Firefox for iOS 131.2. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-10004 (Medium)
Cisco has released security updates to address multiple vulnerabilities in Cisco ATA 190 Series Analog Telephone Adapter firmware, Cisco UCS Central Software, and Cisco Unified Contact Center Management Portal.
CVE ID: CVE-2024-20420 (Medium), CVE-2024-20421 (High), CVE-2024-20458 (High), CVE-2024-20459 (Medium), CVE-2024-20460 (Medium), CVE-2024-20461 (Medium), CVE-2024-20462 (Medium), CVE-2024-20463 (Medium), CVE-2024-20280 (Medium)
Google has released Stable channel OS version 16002.58.0 Browser version 129.0.6668.110 for most ChromeOS devices, LTS-126 version 126.0.6478.255 Platform version 15886.80.0 for most ChromeOS devices, Chrome 130 130.0.6723.58 for Android, Stable channel 130.0.6723.58/.59 for Windows & Mac & 130.0.6723.58 for Linux and Extended Stable channel 130.0.6723.59 for Windows & Mac.
CVE ID: CVE-2024-9123 (High), CVE-2024-9122 (High), CVE-2024-8905 (High), CVE-2024-9954 (High), CVE-2024-9955 (Medium), CVE-2024-9956 (Medium), CVE-2024-9957 (Medium), CVE-2024-9958 (Medium), CVE-2024-9959 (Medium), CVE-2024-9960 (Medium), CVE-2024-9961 (Medium), CVE-2024-9962 (Medium), CVE-2024-9963 (Medium), CVE-2024-9964 (Medium), CVE-2024-9965 (Medium), CVE-2024-9966 (Medium), CVE-2024-9967 (Medium)
Oracle has released its critical patch update for October 2024 to address 334 vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-45492 (Critical), CVE-2023-38408 (Critical), CVE-2024-4577 (Critical), CVE-2023-6816 (Critical), CVE-2022-2068 (Critical), CVE-2024-37371 (Critical), CVE-2022-36760 (Critical), CVE-2022-34381 (Critical), CVE-2024-5535 (Critical), CVE-2024-21216 (Critical), CVE-2024-28752 (Critical), CVE-2022-23305 (Critical), CVE-2023-38545 (Critical), CVE-2024-29736 (Critical), CVE-2024-21172 (Critical), CVE-2022-46337 (Critical)
A SQL Injection vulnerability has been discovered in the Property Management System of ChanGate that allows to inject arbitrary SQL commands to read, modify, and delete database content.
CVE ID: CVE-2024-9972 (Critical)
WordPress has released a security update to resolve a path traversal vulnerability in the WordPress File Upload plugin for WordPress. The affected versions are WordPress File Upload plugin for WordPress up to and including, 4.24.11.
CVE ID: CVE-2024-9047 (Critical)
An authentication bypass vulnerability has been discovered in Pedalo Connector plugin for WordPress. The affected versions are Pedalo Connector plugin for WordPress up to and including, 2.0.5.
CVE ID: CVE-2024-9822 (Critical)
Moxa has released security updates to address missing authentication and OS command injection vulnerabilities in Moxa's Cellular Routers, Secure Routers, and Network Security Appliances.
CVE ID: CVE-2024-9137 (Critical), CVE-2024-9139 (High)
WordPress has released security update to resolve Remote Code Execution (RCE) vulnerability in the Hunk Companion plugin for WordPress. The affected versions are Hunk Companion plugin for WordPress up to and including, 1.8.4.
CVE ID: CVE-2024-9707 (Critical)
Microsoft has released updated Microsoft Edge Stable Channel version 129.0.2792.89 and Microsoft Edge Extended Stable Channel 128.0.2739.113 to resolve vulnerabilities.
Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- CNCSoft-G2 that can allow to execute code remotely. The affected version is CNCSoft-G2: 2.1.0.10.
CVE ID: CVE-2024-47962 (High), CVE-2024-47963 (High), CVE-2024-47964 (High), CVE-2024-47965 (High), CVE-2024-47966 (High)
An improper input validation vulnerability has been discovered in several products & versions of Rockwell Automation's Equipment's ControlLogix that causes a Denial of Service (DoS) condition on the affected device. The mitigations are available.
CVE ID: CVE-2024-6207 (High)
A vulnerability has been discovered in postjournal service of Zimbra Collaboration that allows unauthenticated users to execute commands. The affected versions are Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9 and 10.1 before 10.1.1.
CVE ID: CVE-2024-45519 (Critical)
VMware has released security updates to address multiple vulnerabilities in VMware Cloud Foundation and VMware NSX.
CVE ID: CVE-2024-38818 (Medium), CVE-2024-38817 (Medium), CVE-2024-38815 (Medium)
Mozilla has released security updates to address multiple vulnerabilities in Firefox 131.0.2, Firefox ESR 115.16.1, and Firefox ESR 128.3.1. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-9680 (Critical)
Google has released Chrome 130 130.0.6723.40 for Android, Chrome Stable 130 130.0.6723.37 for iOS, Beta channel OS version 16033.24.0, Browser version 130.0.6723.36 for most ChromeOS devices, Stable channel 130.0.6735.44 for Windows & Mac, Chrome Beta 130 130.0.6723.40 for Android and Chrome Beta 130 130.0.6723.38 for iOS.
Adobe has released security updates to address multiple vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-45115 (Critical)
Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-43468 (Critical), CVE-2024-38124 (Critical)
Arbitrary code execution vulnerability has been discovered in DrayTek Vigor310 devices. The affected versions are DrayTek Vigor310 devices through 4.3.2.6.
CVE ID: CVE-2024-41593 (Critical)
OS Command Injection vulnerability has been discovered in AutoGPT. The affected versions are AutoGPT v0.5.0 up to but not including 5.1.0.
CVE ID: CVE-2024-1881 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in DataEase. The affected versions are DataEase prior to 2.10.1.
CVE ID: CVE-2024-46997 (Critical)
A SQL injection vulnerability has been discovered in an Opti Marketing WordPress plugin. The affected versions are Opti Marketing WordPress plugin through 2.0.9.
CVE ID: CVE-2024-6928 (Critical)
A missing authorization vulnerability has been discovered in weForms. The affected versions are weForms: from n/a through 1.6.20.
CVE ID: CVE-2024-30512 (Critical)
Google has released Dev channel 131.0.6752.0 (Platform version: 16052.0.0) for most ChromeOS devices and Dev channel 131.0.6753.0 for Windows, Mac & Linux.
An access control vulnerability has been discovered in certain switch models by PLANET Technology that allows to download and upload firmware and system configurations, ultimately gaining full control of the devices. The affected products are GS-4210-24PL4C hardware 2.0 and GS-4210-24P2S hardware 3.0. Security updates are available.
CVE ID: CVE-2024-8456 (Critical)
A session fixation vulnerability has been discovered in Oceanic Software ValeApp that allows brute force & session hijacking. The affected versions are ValeApp before v2.0.0.
CVE ID: CVE-2024-8643 (Critical)
A session fixation vulnerability has been discovered in Oceanic Software ValeApp that allows brute force & session hijacking. The affected versions are ValeApp before v2.0.0.
CVE ID: CVE-2024-8607 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Tenda G3 Router. The affected version is Tenda G3 Router firmware v15.03.05.05.
CVE ID: CVE-2024-46628 (Critical)
A privilege escalation vulnerability has been discovered in Zoom Desktop Client for Windows, Zoom VDI Client for Windows and Zoom Meeting SDK for Windows.
CVE ID: CVE-2024-24691 (Critical)
An insecure deserialization vulnerability has been discovered in Progress Telerik UI for WPF. The affected versions are Progress Telerik UI for WPF versions prior to 2024 Q3 (2024.3.924).
CVE ID: CVE-2024-7576 (Critical)
A vulnerability has been discovered in Zimbra Collaboration (ZCS). The affected products are Zimbra Collaboration (ZCS) before 8.8.15 Patch 46, 9 before 9.0.0 Patch 41, 10 before 10.0.9, and 10.1 before 10.1.1.
CVE ID: CVE-2024-45519 (Critical)
Subnet Solutions Inc. has released a security update to resolve multiple vulnerabilities in PowerSYSTEM Center.Successful exploitation of these vulnerabilities could result in bypassing a proxy, creating a Denial of Service (DoS) condition, or viewing sensitive information.The affected products are PowerSYSTEM Center PSC 2020 v5.21.x and prior.
CVE ID: CVE-2020-28168 (Medium), CVE-2021-3749(High), CVE-2023-45857(Medium)
SQL injection vulnerabilities have been discovered in Delta Electronics product, DIAEnergie.Successful exploitation of these vulnerabilities could allow to retrieve records or cause a Denial of Service (DoS). The affected products are DIAEnergie versions v1.10.01.008 and prior. Security update is available.
CVE ID: CVE-2024-43699(Critical), CVE-2024-42417(High)
Multiple vulnerabilities have been discovered in TEM Opera Plus FM Family Transmitter.Successful exploitation of these vulnerabilities could allow to perform Remote Code Execution (RCE).The affected product is Opera Plus FM Family Transmitter version 35.45.
CVE ID: CVE-2024-41988 (Critical), CVE-2024-41987 (High)
Microsoft has released updated Microsoft Edge Stable Channel version 129.0.2792.79 and Microsoft Edge Extended Stable Channel 128.0.2739.107 to resolve vulnerabilities.
CVE ID: CVE-2024-9370 , CVE-2024-9369 , CVE-2024-7025
Drupal has released security updates to address an access bypass, and Information Disclosure vulnerabilities in Diff, a third-party library used in it.
Multiple vulnerabilities have been discovered in several Jenkins Plugins. Successful exploitation of these vulnerabilities could allow taking control of an affected system. Security updates are available.
CVE ID: CVE-2024-47803 (Medium), CVE-2024-47804 (Medium), CVE-2024-47805 (Medium), CVE-2024-47806 (High), CVE-2024-47807 (High)
A missing authentication for critical function vulnerability has been discovered in SCHNEIDER Elektronik's 700 series. The affected versions are SCHNEIDER Elektronik's 700 series up to version 0.1.17.6. Security update is available.
CVE ID: CVE-2024-35293
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird 131, Thunderbird 128.3, Firefox ESR 115.16, Firefox ESR 128.3 and Firefox 131. An attacker can exploit these vulnerabilities to take control of an affected system.
Multiple Vulnerabilities have been discovered in Optigo Networks's product ONS-S8 - Spectra Aggregation Switch. Successful exploitation of these vulnerabilities can allow to achieve Remote Code Execution (RCE), arbitrary file upload, or bypass authentication. The affected products are ONS-S8 - Spectra Aggregation Switch 1.3.7 and prior.
CVE ID: CVE-2024-41925, CVE-2024-45367
A Denial-of-Service (DoS) vulnerability has been discovered in Mitsubishi Electric's MELSEC iQ-F FX5-OPC equipment. The affected products are all versions of MELSEC iQ-F FX5-OPC.
CVE ID: CVE-2024-8497 (High)
A Denial of Service (DoS) has been discovered Mitsubishi Electric's Equipment- MELSEC iQ-F FX5-OPC. All versions of MELSEC iQ-F FX5-OPC are affected. The mitigations are available.
CVE ID: CVE-2024-0727 (High)
Critical vulnerability has been discovered in the password recovery mechanism for the forgotten password in Riello Netman 204 that allows an attacker to reset the admin password and take over control of the device. The affected versions are Netman 204: through 4.05.
CVE ID: CVE-2024-8878 (Critical)
SQL Injection vulnerability has been discovered in Riello Netman 204. The affected versions are Netman 204: through 4.05.
CVE ID: CVE-2024-8877 (Critical)
Server-side request forgery vulnerability has been discovered in New Cloud MyOffice SDK Collaborative Editing Server. The affected versions are MyOffice SDK Collaborative Editing Server 2.2.2 through 2.8.
CVE ID: CVE-2024-47222 (Critical)
XML External Entity (XXE) vulnerability has been discovered in Akana API Platform. The affected versions are Akana API Platform prior to 2024.1.0.
CVE ID: CVE-2024-3930 (Critical)
Google has released Dev channel 131.0.6738.0 for Windows, Mac and Linux, Dev channel OS version: 16033.11.0, Browser version: 130.0.6723.19, for most ChromeOS devices, Chrome Dev 131 (131.0.6738.0) for Android, and Chrome Beta 130 (130.0.6723.16) for iOS.
Missing restrictions for excessive failed authentication attempts vulnerability has been discovered in Apex Softcell LD Geo. A remote attacker could exploit this vulnerability by conducting a brute force attack on login OTP, which could lead to gain unauthorized access to other user accounts.
CVE ID: CVE-2024-47088 (Critical)
Incorrect Permission Assignment for Critical Resource vulnerability has been discovered in Havelsan Inc. Dialogue that allows Accessing Functionality Not Properly Constrained by ACLs. The affected versions are Dialogue: from v1.83 before v1.83.1 or v1.84.
CVE ID: CVE-2024-3375 (Critical)
A plaintext storage of a password vulnerability has been discovered in Eliz Software Panel. The affected versions are Eliz Software Panel before v2.3.24.
CVE ID: CVE-2024-5960 (Critical)
An arbitrary code execution vulnerability has been discovered in TuomoKu SPx-GC. The affected versions are TuomoKu SPx-GC v.1.3.0 and before.
CVE ID: CVE-2024-44623 (Critical)
A directory traversal vulnerability has been discovered in Tiptel IP 286. The affected version is Tiptel IP 286 with firmware version 2.61.13.10.
CVE ID: CVE-2024-33109 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in eladmin. The affected versions are eladmin v2.7 and before.
CVE ID: CVE-2024-44677 (Critical)
Citrix has released security updates to address multiple vulnerabilities in XenServer and Citrix Hypervisor. The affected versions are XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR.
CVE ID: CVE-2024-45817 (Medium), CVE-2022-24805(Medium), CVE-2022-24809 (Medium)
An absolute path traversal vulnerability has been discovered in Franklin Fueling Systems' Equipment- TS-550 EVO Automatic Tank Gauge. The affected versions are Franklin Fueling Systems S-550 EVO versions prior to 2.26.4.8967. The mitigations are available.
CVE ID: CVE-2024-8497 (High)
A buffer overflow vulnerability has been discovered in Cellopoint Secure Email Gateway. The affected versions are Secure Email Gateway from version 4.2.1 to 4.5.0.
CVE ID: CVE-2024-9043 (Critical)
WordPress has released security updates to resolve a privilege escalation vulnerability in the Webo-facto plugin for WordPress. The affected versions are Webo-facto plugin for WordPress up to and including, 1.40.
CVE ID: CVE-2024-8853 (Critical)
A deserialization vulnerability has been discovered in Thinkphp that allows attackers to execute arbitrary code. The affected versions are Thinkphp v6.1.3 to v8.0.4.
CVE ID: CVE-2024-44902 (Critical)
A stack overflow vulnerability has been discovered in Tenda. The affected version is Tenda O6 V3.0 firmware V1.0.0.7(2054).
CVE ID: CVE-2024-46049 (Critical)
A code injection vulnerability has been discovered in NitroPack. The affected versions are NitroPack: from n/a through 1.16.7.
CVE ID: CVE-2024-43922 (Critical)
A stack-based buffer overflow vulnerability has been discovered in the OpenPLC Runtime EtherNet/IP parser functionality of OpenPLC. The affected version is OpenPLC _v3 b4702061dc14d1024856f71b4543298d77007b88.
CVE ID: CVE-2024-34026 (Critical)
Mozilla has released security update to address an address bar spoofing after server-side redirect vulnerability in Firefox for Android 130.0.1. An attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-8897 (High)
A buffer overflow vulnerability has been discovered in TOTOLINK. The affected version is TOTOLINK AC1200 T8 v4.1.5cu.861_B20230220.
CVE ID: CVE-2024-46419 (Critical)
Multiple vulnerabilities have been discovered in Millbeck Communications' Equipment- Proroute H685t-w. The affected version is Proroute H685t-w 3.2.334.
CVE ID: CVE-2024-45682 (High), CVE-2024-38380 (Medium)
A Denial of Service (DoS) vulnerability has been discovered in Yokogawa's Equipment- Dual-redundant Platform for Computer (PC2CKM). The affected versions are Dual-redundant Platform for Computer (PC2CKM) R1.01.00 to R2.03.00. Security update is available.
CVE ID: CVE-2024-8110 (High)
Google has released Stable channel 128.0.6613.161 Platform version 15964.58.0 for most ChromeOS devices, Chrome 129 129.0.6668.54 for Android, Extended Stable channel 128.0.6613.162 for Windows & Mac, Chrome Beta 129 129.0.6668.54 for Android and Chrome 129 129.0.6668.58 for Linux & 129.0.6668.58/.59 Windows & Mac to resolve multiple vulnerabilities.
CVE ID: CVE-2024-8904 (High), CVE-2024-8905 (Medium), CVE-2024-8906 (Medium), CVE-2024-8907 (Medium), CVE-2024-8908 (Low), CVE-2024-8909 (Low)
VMware has released security updates to address heap-overflow and privilege escalation vulnerabilities in VMware vCenter Server and VMware Cloud Foundation. The affected versions are VMware vCenter Server 8.0 & 7.0 and VMware Cloud Foundation 5.x & 4.x.
CVE ID: CVE-2024-38812 (Critical), CVE-2024-38813 (High)
Apple has released security updates to address multiple vulnerabilities in iOS 18 & iPadOS 18, macOS Sequoia 15, tvOS 18, watchOS 11, visionOS 2, Safari 18, Xcode 16, iOS 17.7 & iPadOS 17.7, macOS Sonoma 14.7 and macOS Ventura 13.7. An attacker can exploit these vulnerabilities to take control of an affected device.
A stack based buffer overflow vulnerability has been discovered in D-Link wireless routers that allows to exploit the vulnerability to execute arbitrary code on the device.
CVE ID: CVE-2024-45695 (Critical)
An authentication bypass vulnerability has been discovered in SolarWinds Access Rights Manager. Successful exploitation of vulnerability allows access to the RabbitMQ management console.
CVE ID: CVE-2024-28990 (Critical)
Ivanti has released a security update to address an OS command injection vulnerability in Ivanti Cloud Services Appliance (CSA). The affected versions are Ivanti CSA 4.6.
CVE ID: CVE-2024-8190 (High)
A use of a broken or risky cryptographic algorithm vulnerability has been discovered in Dell PowerScale InsightIQ. The affected versions are Dell PowerScale InsightIQ versions 5.0 through 5.1.
CVE ID: CVE-2024-39583 (Critical)
Microsoft has released security updates to address critical, high, and medium vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to take control of an affected system.
AÂ Remote Code Execution (RCE) vulnerability has been discovered in SolarWinds Access Rights Manager (ARM). This vulnerability allows an authenticated user to abuse the service, resulting in remote code execution.
CVE ID: CVE-2024-28991 (Critical)
A SQL Injection vulnerability has been discovered in the LearnPress - WordPress LMS Plugin via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint. Update to version 4.2.7.1, or a newer patched version.
CVE ID: CVE-2024-8529 (Critical)
A SQL Injection vulnerability has been discovered in the LearnPress - WordPress LMS Plugin
via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint.
Update to version 4.2.7.1, or a newer patched version.
CVE ID: CVE-2024-8522 (Critical)
Schneider Electric has released security updates to resolve multiple vulnerabilities in Vijeo Designer, EcoStruxure Power Monitoring Expert (PME) and EcoStruxure Power Operation (EPO) products. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-8401 (Medium), CVE-2024-8306 (High)
Ivanti has released updates for Ivanti Endpoint Manager 2024 and 2022 SU6 which addresses
multiple vulnerabilities. Successful exploitation could lead to unauthorized access to the
EPM core server.
CVE ID: CVE-2024-32840 (Critical), CVE-2024-32842 (Critical), CVE-2024-32843
(Critical), CVE-2024-32845 (Critical), CVE-2024-32846 (Critical), CVE-2024-32848
(Critical), CVE-2024-34779 (Critical), CVE-2024-34783 (Critical), CVE-2024-34785
(Critical), CVE-2024-29847(Critical)
A privilege escalation vulnerability has been discovered in the WPCOM Member plugin for
WordPress. All versions up to, and including, 1.5.2.1 are affected.
CVE ID: CVE-2024-7493 (Critical)
A critical vulnerability has been discovered in IBM webMethods Integration 10.15. This
vulnerability could allow an authenticated user to upload and execute arbitrary files.
CVE ID: CVE-2024-45076 (Critical)
A SQL injection vulnerability has been discovered in OpenRapid RapidCMS. The affected
versions are OpenRapid RapidCMS up to 1.3.1.
CVE ID: CVE-2024-8331 (Critical)
A reflected Cross Site Scripting (XSS) vulnerability has been discovered in vTiger CRM. The
affected version is vTiger CRM 7.4.0.
CVE ID: CVE-2024-44779 (Critical)
A vulnerability has been discovered that allows Prototype Pollution via the extended
function in Chartist. The affected versions are Chartist 1.x through 1.3.0.
CVE ID: CVE-2024-45435 (Critical)
Arbitrary Command Execution vulnerability has been discovered in Tenda. The affected version
is Tenda FH1206 v02.03.01.35.
CVE ID: CVE-2024-42978 (Critical)
A SQL injection vulnerability has been discovered in Django. The affected versions are
Django 5.0 before 5.0.8 and 4.2 before 4.2.15.
CVE ID: CVE-2024-42005 (Critical)
SQL Injection vulnerability has been discovered in the Media Library Folders plugin for
WordPress in versions up to and including 8.2.2. Security update is available.
CVE ID: CVE-2024-7857 (Critical)
Buffer overflow vulnerability has been discovered in TOTOLINK. The affected version is
TOTOLINK AC1200 T8 4.1.5cu.862_B20230228.
CVE ID: CVE-2024-8079 (Critical)
An Unauthenticated Server-Side Request Forgery (SSRF) vulnerability has been discovered in
Havoc. The affected version is Havoc 2 0.7.
CVE ID: CVE-2024-41570 (Critical)
RansomHub is a ransomware-as-a-service variant—formerly that has established itself as
an efficient and successful service model. The affiliates leverage a double-extortion model
by encrypting systems and exfiltrating data to extort victims.
Drupal has released security updates to address an access bypass vulnerability in Advanced
Varnish, a third-party library used in it. The affected versions are Advanced Varnish prior
to 4.0.11.
A stack overflow vulnerability has been discovered in FAST that allows to execute arbitrary
code or can cause a Denial of Service (DoS) via a crafted file path. The affected version is
FAST FW300R v1.3.13 Build 141023 Rel.61347n.
CVE ID: CVE-2024-41285 (Critical)
A hard-coded credentials vulnerability has been discovered in TOTOLINK. The affected version
is TOTOLINK T10 AC1200 4.1.8cu.5207.
CVE ID: CVE-2024-8162 (Critical)
Google has released Beta channel 128.0.6613.97 Platform version 15964.37.0 for most ChromeOS
devices, LTS channel, version 120.0.6099.320 Platform version 15662.117.0 for most ChromeOS
devices and Chrome Stable 128 128.0.6613.98 for iOS.
A dangerous file type upload vulnerability has been discovered in Versa Director. Security
patches and mitigation are available.
CVE ID: CVE-2024-39717 (High)
SonicWall has released security updates to address an improper access control vulnerability
in SonicWall SonicOS management access. The affected versions are SonicWall Firewall Gen 5
and Gen 6 devices, as well as Gen 7 devices running SonicOS 7.0.1-5035 and older versions.
CVE ID: CVE-2024-40766 (Critical)
A Cross Site Request Forgery (CSRF) vulnerability has been discovered in the Favicon
Generator plugin for WordPress in versions up to and including 1.5. Security update is
available.
CVE ID: CVE-2024-7568 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda. The affected
version is Tenda FH1206 02.03.01.35.
CVE ID: CVE-2024-7707 (Critical)
A vulnerability has been discovered in LibreChat that does not validate the normalized
pathnames of images. The affected versions are LibreChat through 0.7.4-rc1.
CVE ID: CVE-2024-41704 (Critical)
An incorrect access control vulnerability has been discovered in LibreChat. The affected
versions are LibreChat through 0.7.4-rc1.
CVE ID: CVE-2024-41703 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in the WADL service
description in versions of Apache CXF before 4.0.5, 3.6.4 and 3.5.9.
CVE ID: CVE-2024-29736 (Critical)
An authentication bypass vulnerability has been discovered in N-central server. The affected
versions are N-central prior to 2024.2.
CVE ID: CVE-2024-28200 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Rockwell Automation's
Equipment- Emulate3D. The affected version is Emulate3D 17.00.00.13276. The mitigations are
available.
CVE ID: CVE-2024-6079 (Medium)
A Denial of Service (DoS) vulnerability has been discovered in Rockwell Automation's
Equipment- 5015 - AENFTXT. The affected version is Rockwell Automation 5015 - AENFTXT
version 2.011. The mitigations are available.
CVE ID: CVE-2024-6089 (Medium)
A Remote Code Execution (RCE) vulnerability has been discovered in MOBOTIX's Equipment- P3
Cameras, Mx6 Cameras. The workarounds and mitigations are available.
CVE ID: CVE-2023-34873 (High)
Multiple vulnerabilities have been discovered in Avtec's Equipment- Outpost 0810, Outpost
Uploader Utility. The affected versions are Avtec Outpost 0810 versions prior to v5.0.0 and
Outpost Uploader Utility versions prior to v5.0.0. The mitigations are available.
CVE ID: CVE-2024-39776 (High), CVE-2024-42418 (High)
Google has released Beta channel 128.0.6613.75 Platform version 15964.32.0 for most ChromeOS
devices, Chrome Beta channel 129.0.6668.12 for Windows, Mac & Linux, Chrome Beta 129
129.0.6668.11 for iOS, and Chrome Dev 130 130.0.6669.0 for Android.
SolarWinds has released security updates to address hardcoded credentials and broken access
control Remote Code Execution (RCE) vulnerabilities in SolarWinds Web Help Desk that allow
to access internal functionality and modify data.
CVE ID: CVE-2024-28987 (Critical), CVE-2024-28986 (Critical)
WordPress has released a security update to resolve the Remote Code Execution (RCE)
vulnerability in the WPML plugin for WordPress. The affected versions are WPML plugin for
WordPress versions up to, and including, 4.6.12.
CVE ID: CVE-2024-6386 (Critical)
A stored Cross Site Scripting (XSS) vulnerability has been discovered in Typecho. The
affected version is Typecho v1.3.0.
CVE ID: CVE-2024-35540 (Critical)
Google has released Chrome 128 128.0.6613.88 for Android, Chrome Stable 128 128.0.6613.92
for iOS, Dev channel OS version 16002.2.0, Browser version 129.0.6668.0 for most ChromeOS
devices, Chrome Beta 129 129.0.6668.9 for Android and Chrome 128 stable channel
128.0.6613.84 for Linux & 128.0.6613.84/.85 for Windows & Mac to resolve multiple
vulnerabilities.
CVE ID: CVE-2024-7964, CVE-2024-7965, CVE-2024-7966, CVE-2024-7967, CVE-2024-7968,
CVE-2024-7969, CVE-2024-7971, CVE-2024-7972, CVE-2024-7973, CVE-2024-7974, CVE-2024-7975,
CVE-2024-7976, CVE-2024-7977, CVE-2024-7978 ,CVE-2024-7979, CVE-2024-7980,
CVE-2024-7981, CVE-2024-8033, CVE-2024-8034, CVE-2024-8035
A SQL injection vulnerability has been discovered in the Woo Inquiry plugin for WordPress.
The affected versions are Woo Inquiry plugin for WordPress versions up to, and including,
0.1.
CVE ID: CVE-2024-7854 (Critical)
A vulnerability has been discovered in wishnet Nepstech Wifi Router that allows to obtain
sensitive information via the cookie's parameters. The affected version is wishnet Nepstech
Wifi Router NTPL-XPON1GFEVN v1.0.
CVE ID: CVE-2024-42658 (Critical)
An improper authentication vulnerability has been discovered in Progress MOVEit Gateway
(SFTP modules)that allows authentication bypass. The affected version is MOVEit Gateway:
2024.0.0.
CVE ID: CVE-2024-5805 (Critical)
WordPress has released a security update to resolve the PHP object injection vulnerability
in GiveWP - Donation Plugin and Fundraising Platform plugin. The affected versions are
GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress versions up to, and
including, 3.14.1.
CVE ID: CVE-2024-5932 (Critical)
A stack based buffer overflow vulnerability has been discovered in TOTOLINK. The affected
version is TOTOLINK EX1200L 9.3.5u.6146_B20201023.
CVE ID: CVE-2024-7909 (Critical)
Google has released Beta channel 128.0.6613.32 Platform version 15964.24.0 for most ChromeOS
devices, LTC-126 version 126.0.6478.244 Platform Version 15886.75.0 for most ChromeOS
devices and Dev channel 129.0.6658.0 for Windows, Mac and Linux.
An arbitrary command execution vulnerability has been discovered in Tenda. The affected
version is Tenda FH1206 v02.03.01.35.
CVE ID: CVE-2024-42978 (Critical)
An incorrect access control vulnerability has been discovered in TOTOLINK. The affected
version is TOTOLINK LR350 V9.3.5u.6369_B20220309.
CVE ID: CVE-2024-42967 (Critical)
A SQL injection vulnerability has been discovered in Task Manager App. The affected version
is Task Manager App v1.0.
CVE ID: CVE-2024-25222 (Critical)
Microsoft has released security updates to address critical, high, and medium
vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2024-38063 (Critical), CVE-2024-38108 (Critical), CVE-2024-38109
(Critical), CVE-2024-38140 (Critical), CVE-2024-38159 (Critical), CVE-2024-38160 (Critical),
CVE-2024-38199 (Critical)
Google has released Stable channel OS version 15917.65.0 Browser version 127.0.6533.114 for
most ChromeOS devices and Stable channel 127.0.6533.119/.120 for Windows, Mac and
127.0.6533.119 for Linux.
Multiple vulnerabilities have been discovered in Ocean Data Systems' equipment - Dream
Report 2023. The affected versions are Dream Report 2023 version 23.0.17795.1010 and prior,
and AVEVA Reports for Operations 2023 version 23.0.17795.1010. The mitigations are
available.
CVE ID: CVE-2024-6618 (High), CVE-2024-6619 (High)
An allocation of resources without limits or throttling vulnerability has been discovered in
AVEVA's Equipment- SuiteLink Server that allows servers to consume excessive system
resources, preventing processing of SuiteLink messages on the targeted host.
CVE ID: CVE-2024-7113 (High)
A buffer overflow vulnerability has been discovered in TOTOLINK. The affected versions are
TOTOLINK A3100R V4.1.2cu.5050_B20200504.
CVE ID: CVE-2024-42547 (Critical)
Command injection vulnerability has been discovered in Edimax. The affected versions are
Edimax IC-6220DC and IC-5150W up to 3.06.
CVE ID: CVE-2024-7616 (Critical)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has
released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2024-41940 (Critical), CVE-2021-20093 (Critical), CVE-2023-3935
(Critical), CVE-2024-3596 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe software
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2024-39397 (Critical)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
An authentication bypass vulnerability has been discovered in WooCommerce - Social Login
plugin for WordPress. The affected versions are WooCommerce - Social Login plugin for
WordPress versions up to, and including, 2.7.5.
CVE ID: CVE-2024-7503 (Critical)
A SQL injection vulnerability has been discovered in Shopware. The affected versions are
Shopware prior to versions 6.6.5.1 and 6.5.8.13.
CVE ID: CVE-2024-42357 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Koha ILS. The affected
versions are Koha ILS 23.05 and before.
CVE ID: CVE-2024-28740 (Critical)
Palo Alto Networks has released security updates to resolve a missing authentication
vulnerability in the Palo Alto Networks Expedition that could lead to an Expedition admin
account takeover for attackers with network access to the Expedition. The affected versions
are Palo Alto Networks Expedition below 1.2.92.
CVE ID: CVE-2024-3400 (Critical)
A hard-coded password vulnerability has been discovered in TOTOLINK. The affected version is
TOTOLINK CP450 4.1.0cu.747_B20191224.
CVE ID: CVE-2024-7332 (Critical)
Microsoft has released updated Microsoft Edge Stable Channel (Version 127.0.2651.98) and
Extended Stable Channel (Version 126.0.2592.137) to resolve vulnerabilities.
CVE ID: CVE-2024-38219 (Medium), CVE-2024-38218 (High)
Juniper Networks has released security updates to address Denial of Service (DoS)
vulnerability in Junos OS and Junos OS Evolved.
CVE ID: CVE-2024-39558 (Medium)
Multiple vulnerabilities have been discovered in Cisco Smart Software Manager On-Prem, and
Cisco Small Business SPA300 Series and SPA500 Series IP Phones. A security update is
available for Cisco Smart Software Manager On-Prem.
CVE ID: CVE-2024-20450 (Critical), CVE-2024-20451 (High), CVE-2024-20452 (Critical),
CVE-2024-20453 (High), CVE-2024-20454 (Critical), CVE-2024-20419 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2024-43044 (Critical), CVE-2024-43045 (Medium)
Drupal has released security updates to address an Arbitrary PHP code execution
vulnerability in Opigno group manager, Opigno Learning path and Opigno module, the
third-party libraries used in it. The affected versions are Opigno group manager below
3.1.1, Opigno module below 3.1.2, and Opigno Learning path below 3.1.2.
Hardcoded credentials vulnerability has been discovered in D-Link DIR-300 REVA FIRMWARE. The
affected version is D-Link DIR-300 REVA FIRMWARE v1.06B05_WW.
CVE ID: CVE-2024-41616 (Critical)
An improper input validation vulnerability has been discovered in Zscaler Client Connector
on MacOS that allows OS Command Injection. The affected versions are Zscaler Client
Connector on MacOS below 4.2.
CVE ID: CVE-2024-23483 (Critical)
A SQL injection vulnerability has been discovered in PayPal, Credit Card and Debit Card
Payment. The affected versions are PayPal, Credit Card and Debit Card Payment version 1.0.
CVE ID: CVE-2024-33974 (Critical)
A vulnerability has been discovered in JetBrains TeamCity that can cause access tokens to
work even after deletion or expiration. The affected versions are JetBrains TeamCity before
2024.07.
CVE ID: CVE-2024-41827 (Critical)
An authentication bypass vulnerability has been discovered in the IBM MQ Operator. The
affected versions are IBM MQ Operator 3.2.2 and IBM MQ Operator 2.0.24.
CVE ID: CVE-2024-39742 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
115.14, Thunderbird 128.1 Firefox ESR 128.1, Firefox ESR 115.14, and Firefox 129. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-7518 (High), CVE-2024-7519 (High), CVE-2024-7520 (High),
CVE-2024-7521 (High), CVE-2024-7522 (High), CVE-2024-7524 (High), CVE-2024-7525 (High),
CVE-2024-7526 (High), CVE-2024-7527 (High), CVE-2024-7528 (High), CVE-2024-7529 (Medium),
CVE-2024-7530 (Medium), CVE-2024-7531 (Low)
An OS command injection vulnerability has been discovered in Raisecom. The affected versions
are Raisecom MSG1200, MSG2100E, MSG2200 and MSG2300 3.90.
CVE ID: CVE-2024-7470 (Critical)
A path traversal vulnerability has been discovered in elunez eladmin. The affected versions
are elunez eladmin up to 2.7.
CVE ID: CVE-2024-7458 (Critical)
Django has released security updates to address multiple vulnerabilities in its product. The
affected versions are Django main branch, Django 5.1, Django 5.0, and Django 4.2.
CVE ID: CVE-2024-41989 (Medium), CVE-2024-41990 (Medium), CVE-2024-41991 (Medium),
CVE-2024-42005 (High)
A stack based buffer overflow vulnerability has been discovered in Delta Electronics'
Equipment- DIAScreen. The affected versions are DIAScreen prior to 1.4.2.
CVE ID: CVE-2024-7502 (High)
Multiple vulnerabilities have been discovered in Siemens' Equipment- Omnivise T3000. The
mitigations are available.
CVE ID: CVE-2024-38876 (High), CVE-2024-38877 (High), CVE-2024-38878 (High),
CVE-2024-38879 (High)
A Remote Code Execution (RCE) vulnerability has been discovered in ALCASAR. The affected
versions are ALCASAR before 3.6.1.
CVE ID: CVE-2024-38295 (Critical)
Google has released Dev channel 129.0.6628.3 for Windows, Mac & Linux, Chrome Beta 128
(128.0.6613.16) for iOS and Chrome Dev 129 (129.0.6628.0) for Android.
An unprotected alternate channel vulnerability has been discovered in Rockwell Automation's
Equipment- ControlLogix, GuardLogix, and 1756 ControlLogix I/O Modules that allow executing
CIP programming and configuration commands. The mitigations are available.
CVE ID: CVE-2024-6242 (High)
An inadequate encryption strength vulnerability has been discovered in Johnson Controls
Inc.'s Equipment- exacqVision Client & exacqVision Server key that allows to decrypt
communications between exacqVision Server and exacqVision Client, due to insufficient key
length and exchange. All versions of exacqVision client and exacqVision server. The
mitigations are available.
CVE ID: CVE-2024-32758 (High)
The permissive cross-domain policy with untrusted domain vulnerability has been discovered
in Johnson Controls Inc.'s Equipment- exacqVision Web Service that allows to send an
unauthorised request or access data from an untrusted domain. The affected version is
exacqVision Web Service 22.12.1.0. The mitigations are available.
CVE ID: CVE-2024-32862 (Medium)
A command injection vulnerability has been discovered in AVTECH SECURITY Corporation's
Equipment- IP camera. The affected versions are AVM1203 firmware version
FullImg-1023-1007-1011-1009 and prior.
CVE ID: CVE-2024-7029 (High)
Drupal has released security updates to address the Cross Site Scripting (XSS) vulnerability
in View Password, a third-party library used in it. The affected versions are View Password
prior to 6.0.4.
DigiCert has revoked a subset of Transport Layer Security (TLS) certificates due to a
non-compliance issue with Domain Control Verification (DCV). Revocation of these
certificates may cause temporary disruptions to websites, services, and applications relying
on these certificates for secure communication. DigiCert customers check their DigiCert
account to view any non-compliant certificates and reissue/rekey certificates.
Stack-Based Buffer Overflow vulnerability has been discovered in National Instruments'
Equipment- IO Trace that may allow a local attacker to execute arbitrary code. All versions
of IO Trace are affected.
CVE ID: CVE-2024-5602 (High)
Multiple vulnerabilities have been discovered in Hitachi Energy's Equipment- AFS650, AFS660,
AFS665, AFS670, AFS675, AFS677, AFR677 that allow an attacker to create a denial-of-service
condition. The mitigations are available.
CVE ID: CVE-2023-0286 (High), CVE-2023-0215 (High), CVE-2022-4450 (High),
CVE-2022-4304 (Medium)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2024-4076 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2024-1975 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2024-1737 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2024-0760 (High)
An improper access control vulnerability has been discovered in GroupMe that allows an a
unauthenticated attacker to elevate privileges over a network by convincing a user to click
on a malicious link.
CVE ID: CVE-2024-38164 (Critical)
An unauthorized modification of data has been discovered in WooCommerce - Social Login
plugin for WordPress. The affected versions are WooCommerce - Social Login plugin for
WordPress all versions up to, and including, 2.7.3.
CVE ID: CVE-2024-6636 (Critical)
An unauthorized modification of data vulnerability has been discovered in WooCommerce -
Social Login plugin for WordPress. The affected versions are WooCommerce - Social Login
plugin for WordPress all versions up to, and including, 2.7.3.
CVE ID: CVE-2024-6636 (Critical)
SQL injection vulnerability has been discovered in PayPlus Payment Gateway WordPress plugin.
The affected versions are ayPlus Payment Gateway WordPress plugin before 6.6.9.
CVE ID: CVE-2024-6205 (Critical)
Authorization Bypass Through User-Controlled Key vulnerability has been discovered in
PruvaSoft Informatics Apinizer Management Console. The affected versions are Apinizer
Management Console: before 2024.05.1.
CVE ID: CVE-2024-5619 (Critical)
Stack-based buffer overflow vulnerability has been discovered in Tenda. The affected version
is Tenda AC18 V15.03.3.10_EN.
CVE ID: CVE-2024-33182 (Critical)
Google has released Dev channel 128.0.6601.2 for Windows, Mac and Linux, Chrome Dev 128
(128.0.6601.2) for Android, and Chrome Beta 127 (127.0.6533.58) for iOS.
Buffer Overflow vulnerability has been discovered in SMTP Listener of Cellopoint Secure
Email Gateway. The affected version is Secure Email Gateway before version 4.5.0. The
mitigations are available.
CVE ID: CVE-2024-6744 (Critical)
It has been discovered that AguardNet's Space Management System does not properly validate
user input, allowing unauthenticated remote attackers to inject arbitrary SQL commands to
read, modify, and delete database contents.
CVE ID: CVE-2024-6743 (Critical)
Juniper Networks has released security updates to address multiple vulnerabilities in Junos
OS and Junos OS Evolved.
CVE ID: CVE-2024-39565 (High), CVE-2024-39548 (Medium), CVE-2024-39545
(Medium)
SQL injection vulnerability has been discovered in my-springsecurity-plus. The affected
versions are my-springsecurity-plus before v2024.07.03.
CVE ID: CVE-2024-40542 (Critical)
Privilege escalation vulnerability has been discovered in JSON API User plugin for
WordPress. All versions up to and including 3.9.3 are affected.
CVE ID: CVE-2024-6624 (Critical)
In coordination with the assessed organization, CISA is releasing this Cybersecurity
Advisory (CSA) detailing the red team’s activity and tactics, techniques, and procedures
(TTPs); associated network defense activity; and lessons learned to provide network
defenders with recommendations for improving their organization’s detection capabilities and
cyber posture. The red team’s findings underscored the importance of defense-in-depth and
using diversified layers of protection.
Rockwell Automation has released security update to address an Improper Privilege Management
vulnerability in its equipment- FactoryTalk System Services and Policy Manager. The affected
versions are FactoryTalk System Services: v6.40, and FactoryTalk Policy Manager: v6.40.
CVE ID: CVE-2024-6325 (Medium), CVE-2024-6236 (Medium)
Cross-site Scripting vulnerability has been discovered in HMS Industrial Networks'
Equipment- Anybus-CompactCom 30. All versions of Anybus-CompactCom 30 are affected. The
mitigations are available.
CVE ID: CVE-2024-6558 (Medium)
Rockwell Automation has released security update to address an improper input validation
vulnerability in its equipment- ThinManager ThinServer that may allow an attacker to execute
arbitrary code or cause a denial-of-service condition. The affected versions are ThinManager
ThinServer versions 11.1.0, 11.2.0, 12.0.0, 12.1.0, 13.0.0, 13.1.0, 13.2.0.
CVE ID: CVE-2024-5988 (Critical), CVE-2024-5989 (Critical), CVE-2024-5990
(High)
Moxa has released security updates to address Linux kernel memory double free vulnerability
in multiple Moxa product. The affected versions are NPort 5100A Series prior to version 1.6.
CVE ID: CVE-2024-1086 (High)
CISA and FBI have released Secure by Design Alert in response to recent well-publicized
threat actor campaigns that exploited OS command injection defects in network edge devices
to target and compromise users. These vulnerabilities allowed unauthenticated malicious
actors to remotely execute code on network edge devices.
CVE ID: CVE-2024-20399, CVE-2024-3400, CVE-2024-21887
Cisco has released security updates to address a vulnerability in Cisco IOS XR software that
allows to bypass the Cisco Secure Boot functionality and load unverified software onto an
affected device.
CVE ID: CVE-2024-20456 (High)
Google has released Beta channel 127.0.6533.43 for Windows, Mac & Linux, Beta channel OS
version 15917.31.0, Browser version 127.0.6533.39 for most ChromeOS devices, Chrome Beta 127
127.0.6533.40 for iOS, and Chrome Beta 127 127.0.6533.41 for Android.
A SQL injection vulnerability has been discovered in EGroupware. The affected versions are
EGroupware before 23.1.20240624.
CVE ID: CVE-2024-40614 (Critical)
A SQL injection vulnerability has been discovered in CodeProjects Health Care Hospital
Management System. The affected version is CodeProjects Health Care hospital Management
System v1.0.
CVE ID: CVE-2024-38348 (Critical)
A template injection vulnerability has been discovered in Rejetto HTTP File Server. The
affected versions are Rejetto HTTP File Server up to and including version 2.3m.
CVE ID: CVE-2024-23692 (Critical)
Fortinet has released security updates to address vulnerabilities in FortiExtender, FortiOS
& FortiProxy. An attacker can exploit some of these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2024-26006 (Medium), CVE-2024-26015 (Low), CVE-2024-23663
(High)
Multiple vulnerabilities have been discovered in Citrix NetScaler Console, NetScaler SVM,
and NetScaler Agent. The mitigations are available.
CVE ID: CVE-2024-6235 (Critical), CVE-2024-6236 (High)
Microsoft has released security updates to address critical, high, and medium
vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2024-38076 (Critical), CVE-2024-38077 (Critical), CVE-2024-38074
(Critical), CVE-2024-38089 (Critical)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has
released security updates, workarounds and mitigations to resolve vulnerabilities.
CVE ID: CVE-2024-23113 (Critical), CVE-2024-21762 (Critical), CVE-2024-3400
(Critical), CVE-2024-3596 (Critical), CVE-2024-39872 (Critical)
Adobe has released security updates to address multiple high, and medium vulnerabilities in
Adobe software products. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2024-34123 (High), CVE-2024-20781 (High), CVE-2024-20782 (High),
CVE-2024-20783 (High), CVE-2024-20785 (High), CVE-2024-34139 (High), CVE-2024-34140
(Medium)
Multiple vulnerabilities have been discovered in Citrix products. Citrix has released
security updates to address these vulnerabilities for some products.
CVE ID: CVE-2024-6148 (Medium), CVE-2024-6149 (Medium), CVE-2024-6150 (Medium),
CVE-2024-6151 (High), CVE-2024-6286 (High), CVE-2024-5491 (High), CVE-2024-5492
(Medium)
Multiple vulnerabilities have been discovered in Delta Electronics' Equipment- CNCSoft-G2
that can cause a buffer overflow condition and allow remote code execution. The affected
version is CNCSoft-G2: Version 2.0.0.5. The mitigations are available.
CVE ID: CVE-2024-39880 (High), CVE-2024-39881 (High), CVE-2024-39882 (High),
CVE-2024-39883 (High)
Mozilla has released security updates to address multiple vulnerabilities in Firefox ESR
115.13, and Firefox 128. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2024-6600 (Medium), CVE-2024-6601 (Medium), CVE-2024-6602 (Medium),
CVE-2024-6603 (Medium), CVE-2024-6604 (High), CVE-2024-6605 (High), CVE-2024-6606 (High),
CVE-2024-6607 (Medium), CVE-2024-6608 (Medium), CVE-2024-6609 (Medium), CVE-2024-6610
(Medium), CVE-2024-6611 (Low), CVE-2024-6612 (Low), CVE-2024-6613 (Low), CVE-2024-6614
(Low), CVE-2024-6615 (High)
A Remote Code Execution (RCE) vulnerability has been discovered in the Product Table of the
WBW plugin for WordPress. The affected versions are the Product Table of the WBW plugin for
WordPress all versions up to, and including, 2.0.1.
CVE ID: CVE-2024-6365 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in Volmarg Personal
Management System. The affected version is Volmarg Personal Management System 1.4.64.
CVE ID: CVE-2024-29319 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in goanother Another Redis
Desktop Manager. The affected versions are goanother Another Redis Desktop Manager 1.6.1 and
below.
CVE ID: CVE-2024-23998 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Lukas Bach yana. The
affected version is Lukas Bach yana 1.0.16 and below.
CVE ID: CVE-2024-23997 (Critical)
An arbitrary code execution vulnerability has been discovered in SeaCMS. The affected
versions are SeaCMS 12.9 and below.
CVE ID: CVE-2024-39028 (Critical)
Unauthorized file access and Remote Code Execution (RCE) vulnerabilities have been
discovered in ABB's ASPECT system. The affected versions are ASPECT®- Enterprise 3.08.01 and
earlier, NEXUS Series 3.08.01 and earlier and MATRIX Series 3.08.01 and earlier. The
mitigations are available.
CVE ID: CVE-2024-6209 (Critical), CVE-2024-6298 (Critical)
A security regression vulnerability has been discovered in OpenSSH's server (sshd) that
leads to a race condition in sshd to handle some signals in an unsafe manner.
CVE ID: CVE-2024-6387 (High)
An Operating System (OS) command injection vulnerability has been discovered in Issabel PBX.
The affected version is Issabel PBX 4.0.0.
CVE ID: CVE-2024-0986 (Critical)
VMware has released a security update to address an HTML injection vulnerability in VMware
Cloud Director Availability. The affected version is VMware Cloud Director Availability 4.x.
CVE ID: CVE-2024-22277 (Medium)
A malicious code execution vulnerability due to incorrect default permissions has been
discovered in Mitsubishi Electric's equipment- MELIPC Series MI5122-VW. The affected
versions are MELIPC Series MI5122-VW Firmware versions "05" to "07". Security updates are
available.
CVE ID: CVE-2024-3904 (High)
An out of bounds write vulnerability has been discovered in OpenHarmony. The affected
versions are OpenHarmony v4.0.0 and prior.
CVE ID: CVE-2024-37185 (Critical)
A code injection vulnerability has been discovered in MongoDB Compass. The affected versions
are MongoDB Compass versions prior to version 1.42.2.
CVE ID: CVE-2024-6376 (Critical)
A Remote Code Execution (RCE) vulnerability has been discovered in Langflow. The affected
versions are Langflow through 0.6.19.
CVE ID: CVE-2024-37014 (Critical)
Use of hard coded password vulnerability has been discovered in mySCADA's Equipment- myPRO
that can cause Remotely Code Execution (RCE) on the affected device. The affected versions
are myPRO prior to 8.31.0. The mitigation is available.
CVE ID: CVE-2024-4708 (Critical)
Johnson Controls has released security updates to resolve a vulnerability in Kantech KT Door
Controllers. The affected versions are Kantech KT1 Door Controller, Rev01 version 2.09.10
and prior, Kantech KT2 Door Controller, Rev01 version 2.09.10 and prior, and Kantech KT400
Door Controller, Rev01 version 3.01.16 and prior.
CVE ID: CVE-2024-32754 (Low)
Multiple vulnerabilities have been discovered in ICONICS, Mitsubishi Electric's Equipment-
ICONICS Product Suite, which can result in Denial of Service (DoS), improper privilege
management, or potentially Remote Code Execution (RCE). The mitigations are available.
CVE ID: CVE-2023-2650 (Low), CVE-2023-4807 (Medium), CVE-2024-1182 (High),
CVE-2024-1573 (Medium), CVE-2024-1574 (Medium)
Juniper Networks has released security updates to address Denial of Service (DoS)in Junos
OS. The affected versions are Junos OS starting with 21.4R1, affected platforms SRX Series.
CVE ID: CVE-2024-21586 (High)
A missing authorization vulnerability has been discovered in PTC's Equipment- Creo
Elements/Direct License Server that allows to execute arbitrary OS commands. The affected
versions are Creo Elements/Direct License Server: version 20.7.0.0 and prior.
CVE ID: CVE-2024-6071 (Critical)
Progress has released security updates to resolve an authentication bypass vulnerability for
MOVEit Transfer (SFTP module). The affected versions are MOVEit Transfer from 2023.0.0
before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2.
CVE ID: CVE-2024-5806 (Critical)
An improper input validation vulnerability has been discovered in ABB's Equipment- 800xA
Base that can cause services to crash and restart. The affected versions are ABB 800xA Base:
versions 6.1.1-2 and prior.
CVE ID: CVE-2024-3036 (Medium)
Google has released Chrome Stable 126 126.0.6478.108 for iOS, Stable channel 126.0.6478.132
Platform version: 15886.44.0 for most ChromeOS devices, and Dev channel 128.0.6555.2 for
Windows, Mac & Linux.
Apple has released security updates to resolve an authentication vulnerability in AirPods
(2nd generation and later), AirPods Pro (all models), AirPods Max, Powerbeats Pro, and Beats
Fit Pro. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2024-27867
Google has released Chrome 126 126.0.6478.122 for Android, and Stable channel
126.0.6478.126/127 for Windows, Mac & 126.0.6478.126 for Linux.
CVE ID: CVE-2024-6290 (High), CVE-2024-6291 (High), CVE-2024-6292 (High),
CVE-2024-6293 (High)
A SQL injection vulnerability has been discovered in Pear Admin Boot. The affected versions
are Pear Admin Boot up to 2.0.2.
CVE ID: CVE-2024-6241 (Critical)
An improper privilege management vulnerability has been discovered in Parallels Desktop
Software. The affected versions are Parallels Desktop Software versions earlier than
19.3.0.
CVE ID: CVE-2024-6240 (Critical)
A vulnerability has been discovered in the PHP that can allow a malicious user to pass
options to PHP binary being run, and thus reveal the source code of scripts, run arbitrary
PHP code on the server, etc. The affected versions are PHP versions 8.1.* before 8.1.29,
8.2.* before 8.2.20, and 8.3.* before 8.3.8.
CVE ID: CVE-2024-4577 (Critical)
CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized
Businesses: Identifying Challenges and Opportunities. The report summarizes views of vendors
and customers and provides a set of recommendations for encouraging SSO adoption.
Google has released Beta channel 127.0.6533.17 for Windows, Mac and Linux, Chrome Beta 127
(127.0.6533.16) for iOS, and Chrome Beta 127 (127.0.6533.15) for Android.
Uncontrolled Search Path Element vulnerability has been discovered in Yokogawa's Equipment-
CENTUM that allow an attacker to execute arbitrary programs. The mitigations are available.
CVE ID: CVE-2024-5650 (High)
Multiple vulnerabilities have been discovered in Westermo's Equipment- L210-F2G Lynx that
can crash the device being accessed or can allow remote code execution. The affected version
is Westermo L210-F2G Lynx: 4.21.0. The mitigations are available.
CVE ID: CVE-2024-37183 (Medium), CVE-2024-35246 (High), CVE-2024-32943
(High)
Microsoft has released Microsoft Edge Stable Channel (Version 126.0.2592.68) to resolve
multiple vulnerabilities.
CVE ID: CVE-2024-38082 (Medium), CVE-2024-38093 (Medium)
Path Traversal vulnerability has been discovered in CAREL's Equipment- Boss-Mini that allow
an attacker to manipulate an argument path, which can lead to information disclosure. The
affected version is CAREL Boss-Mini: version 1.4.0 (Build 6221). The mitigations are
available.
CVE ID: CVE-2023-3643 (Critical)
Authentication bypass vulnerability has been discovered in Lifeline Donation plugin for
WordPress. The affected versions are Lifeline Donation plugin for WordPress versions up to,
and including, 1.2.6.
CVE ID: CVE-2024-5432 (Critical)
A prompt injection vulnerability has been discovered in the EmailGPT service that allows a
malicious user to inject a direct prompt and take over the service logic.
CVE ID: CVE-2024-5184 (Critical)
Google has released Chrome 126 (126.0.6478.110) for Android, Dev channel OS version
127.0.6533.11 (Platform version 15917.8.0) for most ChromeOS devices, Stable channel has
been updated to 126.0.6478.114/115 for Windows, Mac and 126.0.6478.114 for Linux, and Stable
channel OS version: 15853.67.0 Browser version: 125.0.6422.197 for most ChromeOS devices.
CVE ID: CVE-2024-6100 (High), CVE-2024-6101 (High), CVE-2024-6102 (High),
CVE-2024-6103 (High)
A prompt injection vulnerability has been discovered in EmailGPT service. The service uses
an API service that allows a malicious user to inject a direct prompt and take over the
service logic. Attackers can exploit this vulnerability by forcing the AI service to leak
the standard hard-coded system prompts and/or execute unwanted prompts.
CVE ID: CVE-2024-5184 (Critical)
Improper access controls vulnerability has been discovered in Totolink. The affected version
is Totolink N350RT 9.3.5u.6265.
CVE ID: CVE-2024-0570 (Critical)
A PHP object injection vulnerability has been discovered in the WooCommerce - Social Login
plugin for WordPress. The affected versions are WooCommerce - Social Login plugin for
WordPress versions up to, and including, 2.6.2.
CVE ID: CVE-2024-5871 (Critical)
An authentication bypass vulnerability has been discovered in the ASUS router that allows
unauthenticated remote attackers to log into the device.
CVE ID: CVE-2024-3080 (Critical)
It has been discovered that certain EOL GeoVision devices fail to properly filter user input
for the specific functionality. Unauthenticated remote attackers can exploit this
vulnerability to inject and execute arbitrary system commands on the device.
CVE ID: CVE-2024-6047 (Critical)
An arbitrary firmware upload vulnerability has been discovered in ASUS routers. An
unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system
commands on the device.
CVE ID: CVE-2024-3912 (Critical)
Remote File Inclusion vulnerability has been discovered in Canto plugin for WordPress. The
affected versions are Remote File Inclusion in all versions up to, and including, 3.0.8.
CVE ID: CVE-2024-4936 (Critical)
An authentication bypass vulnerability has been discovered in the Progress Telerik Report
Server. The affected versions are Progress Telerik Report Server version 2024 Q1
(10.0.24.305) or earlier.
CVE ID: CVE-2024-4358 (Critical)
A SQL injection vulnerability has been discovered in the Dokan Pro plugin for WordPress. The
affected versions are the Dokan Pro plugin for WordPress all versions up to, and including,
3.10.3.
CVE ID: CVE-2024-3922 (Critical)
A missing authorization vulnerability has been discovered in SoftLab Upload Fields for
WPForms. The affected versions are SoftLab Upload Fields for WPForms from n/a through 1.0.2.
CVE ID: CVE-2024-35661 (Critical)
A missing authorization vulnerability has been discovered in WPDeveloper EmbedPress. The
affected versions are EmbedPress from n/a through 3.9.8.
CVE ID: CVE-2024-31284 (Critical)
Cisco has released security updates to address multiple vulnerabilities in Cisco Secure
Email and Web Manager, Secure Email Gateway, and Secure Web Appliance.
CVE ID: CVE-2024-20256 (Medium), CVE-2024-20257 (Medium), CVE-2024-20258 (Medium),
CVE-2024-20383 (Medium), CVE-2024-20392 (Medium)
Google has released Chrome Beta 127 127.0.6533.5 for Windows, Mac & Linux, Dev channel
OS version 127.0.6533.0 Platform version 15917.2.0 for most ChromeOS devices, Chrome Beta
127 127.0.6533.2 for Android, Chrome Beta 127 127.0.6533.3 for iOS and Beta channel OS
version 15886.29.0 Browser version 126.0.6478.48 for most ChromeOS devices.
Microsoft has released security updates to address multiple vulnerabilities in its products.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address multiple critical, high, and medium
vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2024-30299 (Critical), CVE-2024-30300 (Critical), CVE-2024-34108
(Critical), CVE-2024-34102 (Critical)
A SQL injection vulnerability has been discovered in Intrado's Equipment- 911 Emergency
Gateway (EGW) that allows to execute malicious code, exfiltrate data, or manipulate the
database. All versions of 911 Emergency Gateway (EGW) are affected.
CVE ID: CVE-2024-1839 (Critical)
Fortinet has released security updates to address several vulnerabilities in FortiOS. An
attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-26010 (Medium), CVE-2024-23111 (Medium), CVE-2024-23110 (High),
CVE-2023-46720 (Medium), CVE-2024-21754 (Low)
An always incorrect control flow implementation vulnerability has been discovered in
Rockwell Automation's Equipment- ControlLogix, GuardLogix & CompactLogix. The mitigation
is available.
CVE ID: CVE-2024-5659 (High)
A deserialization of untrusted data vulnerability has been discovered in AVEVA's Equipment -
PI Web API that allows to perform Remote Code Execution (RCE). The affected versions are
AVEVA PI Web API versions 2023 and prior. The mitigations are available.
CVE ID: CVE-2024-3468 (High)
A deserialization of untrusted data vulnerability has been discovered in AVEVA's Equipment -
PI Asset Framework Client that allows to perform malicious code execution. The affected
versions are PI Asset Framework Client: 2023 and PI Asset Framework Client: 2018 SP3 P04 and
prior. The mitigations are available.
CVE ID: CVE-2024-3467 (High)
An improper authorization in the handler for custom URL scheme and stack-based buffer
overflow vulnerabilities have been discovered in MicroDicom's Equipment- DICOM Viewer. The
affected versions are DICOM Viewer prior to 2024.2. The mitigations are available.
CVE ID: CVE-2024-33606 (High), CVE-2024-28877 (High)
A potential Denial of Service (DoS) vulnerability have been discovered in XenServer and
Citrix Hypervisor. Citrix has released security update to address this vulnerability. The
affected versions are XenServer 8 and Citrix Hypervisor 8.2 CU1 LTSR.
CVE ID: CVE-2024-5661 (Medium)
Apple has released security updates to resolve multiple vulnerabilities in VisionOS 1.2. An
attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2024-27817, CVE-2024-27831, CVE-2024-27832, CVE-2024-27801,
CVE-2024-27836, CVE-2024-27828, CVE-2024-27840, CVE-2024-27815, CVE-2024-27811,
CVE-2024-27800, CVE-2024-27802, CVE-2024-27857, CVE-2024-27844, CVE-2024-27838,
CVE-2024-27808, CVE-2024-27812, CVE-2024-27850, CVE-2024-27833, CVE-2024-27851,
CVE-2024-27830, CVE-2024-27820
A file upload vulnerability has been discovered in Pichome that allows to execute arbitrary
code via crafted POST request. The affected version is Pichome v.1.1.01.
CVE ID: CVE-2024-24393 (Critical)
A directory traversal vulnerability has been discovered in the Startklar Elementor Addons
plugin for WordPress. The affected versions are Startklar Elementor Addons plugin for
WordPress, all versions up to, and including, 1.7.15.
CVE ID: CVE-2024-5153 (Critical)
CISCO has released security updates to resolve multiple vulnerabilities in Cisco Finesse
Web-Based Management Interface that allow to perform a stored Cross Site Scripting (XSS)
attack by exploiting a Remote File Inclusion (RFI) vulnerability or performing a Server Side
Request Forgery (SSRF) attack on an affected system.
CVE ID: CVE-2024-20404 (Medium), CVE-2024-20405 (Medium)
Google has released Beta channel OS version 15886.24.0, Browser version 126.0.6478.33 for
most ChromeOS devices, Stable channel 126.0.6478.36 for Windows & Mac, Beta channel
126.0.6478.36 for Windows, Mac & Linux, Chrome Beta 126 (126.0.6478.34) for iOS, Chrome
Stable 126 (126.0.6478.35) for iOS and Chrome Beta 126 (126.0.6478.40) for Android.
Drupal has released security updates to address access bypass and Denial of Service (DoS)
vulnerabilities in Acquia DAM, a third-party library used in it. The affected versions are
Acquia DAM prior to 1.0.13 and Acquia DAM 1.1.0 below Acquia DAM 1.1.0-beta3.
A SQL injection vulnerability has been discovered in LifterLMS – WordPress LMS Plugin for
eLearning plugin for WordPress. The affected versions are LifterLMS – WordPress LMS Plugin
for eLearning plugin for WordPress, all versions up to, and including, 7.6.2.
CVE ID: CVE-2024-4743 (Critical)
An improper privilege management vulnerability has been discovered in DeluxeThemes Userpro
that allows privilege escalation. The affected versions are DeluxeThemes Userpro from n/a
through 5.1.8.
CVE ID: CVE-2024-35700 (Critical)
A Denial of Service (DoS) vulnerability due to OpenSSL vulnerability has been discovered in
Mitsubishi Electric's Equipment- CC-Link IE TSN Industrial Managed Switch. The affected
versions are CC-Link IE TSN Industrial Managed Switch ”05” and prior. Security Updates are
available.
CVE ID: CVE-2023-2650 (Low)
A Cross Site Scripting (XSS) vulnerability has been discovered in Uniview's Equipment-
NVR301-04S2-P4. The affected versions are Uniview NVR301-04S2-P4 prior to
NVR-B3801.20.17.240507. The mitigation is available.
CVE ID: CVE-2024-3850 (Medium)
Multiple vulnerabilities have been discovered in Fuji Electric's Equipment- Monitouch V-SFT
that can allow an attacker to execute arbitrary code. The affected versions are Monitouch
V-SFT versions prior to 6.2.3.0. The mitigation is available.
CVE ID: CVE-2024-5271 (High), CVE-2024-34171 (High), CVE-2024-5597 (High)
Snowflake indicated a recent increase in cyber threat activity targeting customer accounts
on its cloud data platform. Snowflake has issued a recommendation for users to query for
unusual activity and conduct further analysis to prevent unauthorized user access.
An authentication bypass vulnerability has been discovered in Social Login Lite For
WooCommerce plugin for WordPress. The affected versions are Social Login Lite For
WooCommerce plugin for WordPress versions up to, and including, 1.6.0.
CVE ID: CVE-2024-4552 (Critical)
An authentication bypass vulnerability has been discovered in XPodas Octopod. The affected
version is Octopod before v1.
CVE ID: CVE-2024-1202 (Critical)
A SQL injection vulnerability has been discovered in Kashipara Billing Software. The
affected version is Kashipara Billing Software 1.0.
CVE ID: CVE-2024-0496 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 125.0.2535.85) to resolve a
vulnerability.
CVE ID: CVE-2024-5493, CVE-2024-5494, CVE-2024-5495, CVE-2024-5496, CVE-2024-5497,
CVE-2024-5498, CVE-2024-5499
Authentication bypass vulnerability has been discovered in the Login with phone number
plugin for WordPress. The affected versions are Login with phone number plugin for WordPress
versions up to, and including, 1.7.26.
CVE ID: CVE-2024-5150 (Critical)
It has been discovered FTP uses unsecure encryption mechanism in the B&R Automation
Runtime version prior to I4.93 that may allow Man in the Middle (MITM) attacks or to decrypt
communications between the affected products and other parties. Security update is
available.
CVE ID: CVE-2024-0323 (Critical)
Authentication bypass vulnerability has been discovered in Pie Register - Social Sites Login
(Add on) plugin for WordPress. The affected versions are Pie Register - Social Sites Login
(Add on) plugin for WordPress versions up to, and including, 1.7.7.
CVE ID: CVE-2024-4544 (Critical)
Authentication bypass vulnerability has been discovered in Hash Form – Drag & Drop Form
Builder plugin for WordPress. The affected versions are Hash Form – Drag & Drop Form
Builder plugin for WordPress versions up to, and including, 1.1.0.
CVE ID: CVE-2024-5084 (Critical)
Google has released Chrome 125 (125.0.6422.112/.113) for Android, Extended Stable
124.0.6367.233 for Windows and Mac, Stable channel 125.0.6422.112/.113 for Windows, Mac and
125.0.6422.112 for Linux, and LTS channel version 120.0.6099.312 (Platform Version:
15662.109.0) for most ChromeOS devices.
CVE ID: CVE-2024-5274 (High), CVE-2024-4761 (High), CVE-2024-4947 (High)
SQL Injection vulnerability has been discovered in Country State City Dropdown CF7 plugin
for WordPress. The affected versions are Country State City Dropdown CF7 plugin for
WordPress versions up to, and including, 2.7.2.
CVE ID: CVE-2024-3495 (Critical)
GitLab has released updated versions 17.0.1, 16.11.3, and 16.10.6 for GitLab Community
Edition (CE) and Enterprise Edition (EE) to resolve multiple vulnerabilities.
CVE ID: CVE-2024-4835 (High), CVE-2024-2874 (Medium), CVE-2023-7045 (Medium),
CVE-2023-6502 (Medium), CVE-2024-1947 (Medium), CVE-2024-4367
A time-based SQL Injection vulnerability has been discovered in Business Directory Plugin –
Easy Listing Directories for WordPress plugin. The affected versions are Business Directory
Plugin – Easy Listing Directories for WordPress plugin, all versions up to, and including,
6.4.2.
CVE ID: CVE-2024-4443 (Critical)
A time-based SQL Injection vulnerability has been discovered in Business Directory Plugin-
Easy Listing Directories for WordPress plugin. The affected versions are Business Directory
Plugin- Easy Listing Directories for WordPress plugin, all versions up to, and including,
6.4.2.
CVE ID: CVE-2024-4443 (Critical)
An authentication bypass vulnerability has been discovered in Build App Online plugin for
WordPress. The affected versions are Build App Online plugin for WordPress versions up to,
and including, 1.0.21.
CVE ID: CVE-2024-3658 (Critical)
Google has released Stable channel 124.0.6367.225 Platform version 15823.60.0 for most
ChromeOS devices, Chrome Dev 127 (127.0.6483.0) for Android and Dev channel 127.0.6485.0 for
Windows, Mac & Linux.
An improper input validation vulnerability has been discovered in Rockwell Automation's
Equipment- FactoryTalk View SE that allows to inject a malicious SQL statement into the SQL
database, resulting in exposing sensitive information. The affected versions are FactoryTalk
View SE versions prior to 14.0. The mitigations are available.
CVE ID: CVE-2024-4609 (High)
Microsoft has released updated Microsoft Edge Stable Channel (Version 124.0.2478.109) and
Extended Stable channel (Version 124.0.2478.109) to resolve vulnerabilities.
CVE ID: CVE-2024-4947, CVE-2024-30056 (High)
An infinite loops vulnerability has been discovered in Wireshark MONGO and ZigBee TLV
dissector. The affected versions are Wireshark 4.2.0 to 4.2.4, Wireshark 4.0.0 to 4.0.14,
and Wireshark 3.6.0 to 3.6.22. The mitigations are available.
A SQL injection vulnerability has been discovered in DigiWin EasyFlow .NET that allows
unauthorized access to read, modify, and delete database records, as well as execute system
commands.
CVE ID: CVE-2024-4893 (Critical)
Drupal has released a security update to resolve an access bypass vulnerability in RESTful
Web Services, a third-party library used in it. The affected version is RESTful Web Services
module for Drupal 7.
Google has released Dev channel 126.0.6475.0 Platform version: 15886.0.0 for most ChromeOS
devices, Chrome 125 125.0.6422.53 for Android, Extended Stable channel 124.0.6367.221 for
Windows &Mac, Chrome Beta 125 125.0.6422.53 for Android and Chrome 125 stable channel
125.0.6422.60 for Linux &125.0.6422.60/.61 for Windows &Mac to resolve multiple
vulnerabilities.
CVE ID: CVE-2024-4947 (High), CVE-2024-4948 (High), CVE-2024-4949 (Medium),
CVE-2024-4950 (Low)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
115.11. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-4367 (High), CVE-2024-4767 (Medium), CVE-2024-4768 (Medium),
CVE-2024-4769 (Medium), CVE-2024-4770 (Medium), CVE-2024-4777 (Medium)
Microsoft has released updated Microsoft Edge Stable Channel and Extended Stable Channels
Version 124.0.2478.105 to resolve a vulnerability.
CVE ID: CVE-2024-4761
Microsoft has released security updates to address multiple vulnerabilities in its products.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
Adobe has released security updates to address multiple vulnerabilities in Adobe software.
An attacker can exploit these vulnerabilities to take control of an affected system.
Cybersecurity and Infrastructure Security Agency (CISA), in partnership with other
organizations, has released cybersecurity guidance to protect High Risk Community (HRC)
entities such as civil society organizations and individuals. Additionally, the guide
encourages software manufacturers to actively implement and publicly commit to Secure by
Design practices that are necessary to help protect vulnerable people and HRC.
A Remote Code Execution (RCE) vulnerability has been discovered in Rockwell Automation's
Equipment- Factory Talk Remote Access. The affected versions are FactoryTalk Remote Access
v13.5.0.174 and prior. The mitigations are available.
CVE ID: CVE-2024-3640 (Medium)
A vulnerability has been discovered in Subnet Solutions Inc.'s Equipment- PowerSYSTEM Center
that allows privilege escalation, Denial of Service (DoS) or arbitrary code execution. The
affected versions are PowerSYSTEM Center Update 19 and prior. The mitigations are available.
CVE ID: CVE-2024-28042 (High)
An insertion of sensitive information into a log file vulnerability has been discovered in
Johnson Controls' Equipment- Software House C?CURE 9000 that allows, to access credentials
used for access to the application. The affected version is Software House C?CURE 9000:
v3.00.2. The mitigations are available.
CVE ID: CVE-2024-0912 (High)
Fortinet has released security updates to address vulnerabilities in FortiOS. An attacker
can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-46714 (Medium), CVE-2023-44247 (Medium), CVE-2023-36640 (Medium),
CVE-2023-45583 (Medium), CVE-2024-26007 (Medium), CVE-2023-45586 (Medium)
Google has released Stable channel 124.0.6367.219 (Platform version: 15823.58.0) for most
ChromeOS devices, Dev channel 126.0.6468.2 for Windows, Mac &Linux.
Google has released Chrome 124 (124.0.6367.179) for Android, LTS channel version
120.0.6099.310 (Platform Version: 15662.107.0) for most ChromeOS devices, Stable channel
124.0.6367.207/.208 for Mac, Windows and 124.0.6367.207 for Linux to resolve multiple
vulnerabilities.
CVE ID: CVE-2024-4761 (High), CVE-2024-4331 (High), CVE-2024-0409 (High),
CVE-2023-25584 (High), CVE-2024-24806 (High), CVE-2024-21626 (High)
It has been discovered that Black Basta ransomware affiliates use common initial access
techniques such as phishing &exploiting known vulnerabilities and then employ a
double-extortion model, both encrypting systems and exfiltrating data. Ransomware affiliates
use tools such as BITSAdmin &PsExec, along with Remote Desktop Protocol (RDP), for
lateral movement.
Microsoft has released updated Microsoft Edge Stable Channel (Version 124.0.2478.97) and
Extended Stable channel (Version 124.0.2478.97) to resolve vulnerabilities.
CVE ID: CVE-2024-30055 (Medium), CVE-2024-4671
Cybersecurity Infrastructure Security Agency (CISA) has released secure by design alert to
choose secure and verifiable technologies impacting Critical Infrastructure Sectors.
Google has released Stable channel 124.0.6367.154 Platform version: 15823.51.0 for most
ChromeOS devices, Chrome Dev 126 126.0.6465.0 for Android and Stable channel
124.0.6367.201/.202 for Mac &Windows &124.0.6367.201 for Linux to resolve use after
free vulnerability.
CVE ID: CVE-2024-4671 (High)
Use of default credentials vulnerability has been discovered in Alpitronic's Equipment-
Hypercharger EV charger that can result in an attacker disabling the device, bypassing
payment, or accessing payment data. All versions of Hypercharger EV charger are affected.
The mitigation is available.
CVE ID: CVE-2024-4622 (High)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment-
FactoryTalk Historian SE that can cause a Denial of Service (DoS) condition. The affected
versions are FactoryTalk Historian SE versions v9.0 and prior. The mitigations are
available.
CVE ID: CVE-2023-31274 (High), CVE-2023-34348 (High)
A deserialization of untrusted data vulnerability has been discovered in Delta Electronics'
Equipment- InfraSuite Device Master that allows Remote Code Execution (RCE). The affected
versions are InfraSuite Device Master versions 1.0.10 and prior. The mitigations are
available.
CVE ID: CVE-2023-46604 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Heateor Social Login
WordPress plugin. The affected products are Heateor Social Login WordPress versions prior to
1.1.32.
CVE ID: CVE-2024-32674 (Medium)
Apple has released security update to address an arbitrary code execution vulnerability in
iTunes 12.13.2 for Windows. An attacker can exploit this vulnerability to take control of an
affected device.
CVE ID: CVE-2024-27793
Google has released Chrome Beta 125 125.0.6422.32 for iOS, Dev channel 126.0.6455.0 Platform
version: 15879.0.0 for most ChromeOS devices, Chrome 125 125.0.6422.34 for Android, Stable
channel 125.0.6422.41 for Windows &Mac, Beta channel 125.0.6422.41 for Windows, Mac
&Linux, Chrome Stable 125 125.0.6422.33 for iOS and Chrome Beta 125 125.0.6422.34 for
Android.
Authentication bypass vulnerability has been discovered in Social Connect plugin for
WordPress. The affected versions are Social Connect plugin for WordPress versions up to, and
including, 1.2.
CVE ID: CVE-2024-4393 (Critical)
Arbitrary file deletion vulnerability has been discovered in Startklar Elementor Addons
plugin for WordPress. The affected versions are Startklar Elementor Addons plugin for
WordPress versions up to, and including, 1.7.13.
CVE ID: CVE-2024-4346 (Critical)
Authentication bypass vulnerability has been discovered in Build App Online plugin for
WordPress. The affected versions are Build App Online plugin for WordPress for WordPress
versions up to, and including, 3.0.5.
CVE ID: CVE-2024-4186 (Critical)
Reliance on Insufficiently Trustworthy Component vulnerability has been discovered in Subnet
Solutions Inc.'s Equipment- Substation Server. The affected versions are Substation Server
2.23.10 and prior. The mitigations are available.
CVE ID: CVE-2024-26024 (High)
Cross-site Scripting vulnerability has been discovered in PTC's Equipment- Codebeamer that
allows an attacker to inject malicious code in the application. The affected versions are
Codebeamer: version 22.10 SP9 and prior, Codebeamer: version 2.0.0.3 and prior, and
Codebeamer: version 2.1.0.0. The mitigations are available.
CVE ID: CVE-2024-3951 (High)
Google has released Chrome 124 (124.0.6367.159) for Android, Stable channel
124.0.6367.155/.156 for Mac and Windows and 124.0.6367.155 for Linux
CVE ID: CVE-2024-4558 (High), CVE-2024-4559 (High)
Moxa has released a security update to address a Store Cross Site Scripting (XSS)
vulnerability in NPort 5100A Series. The affected versions are NPort 5100A Series prior to
version 1.6.
CVE ID: CVE-2024-3576 (High)
Multiple vulnerabilities have been discovered in CyberPower's Equipment- PowerPanel. The
affected versions are PowerPanel 4.9.0 and prior. The mitigations are available.
CVE ID: CVE-2024-34025 (Critical), CVE-2024-33615 (High), CVE-2024-32053 (Critical),
CVE-2024-32047 (Critical), CVE-2024-32042 (Medium), CVE-2024-31856 (High), CVE-2024-31410
(Medium), CVE-2024-31409 (Medium)
Multiple vulnerabilities have been discovered in Delta Electronics' equipment- DIAEnergie.
The affected version is DIAEnergie v1.10.00.005. The mitigations are available.
CVE ID: CVE-2024-34031 (High), CVE-2024-34032 (High), CVE-2024-34033
(High)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2024-34144 (High), CVE-2024-34145 (High), CVE-2024-34146 (Medium),
CVE-2024-34147 (Low), CVE-2024-34148 (Medium)
Google has released Chrome Beta 125 125.0.6422.26 for Android, Beta channel 125.0.6422.26
for Windows, Mac &Linux, Chrome Beta 125 125.0.6422.21 for iOS and Chrome Stable 124
124.0.6367.111 for iOS.
SonicWall has released security updates to address multiple vulnerabilities in SonicWall GMS
(Virtual Appliance, Windows). The affected versions are GMS (Virtual Appliance, Windows) -
9.3.4 and earlier versions.
CVE ID: CVE-2024-29010 (High), CVE-2024-29011 (High)
CISCO has released security updates for IP Phone 6800, 7800, and 8800 series to resolve
multiplatform firmware vulnerabilities that can cause a Denial of Service (DoS) condition,
gain unauthorized access, or allow to view sensitive information on an affected system.
CVE ID: CVE-2024-20357, CVE-2024-20376, CVE-2024-20378
It has been observed that hacktivists target and compromise small-scale Operational
Technology (OT) systems and the Internet exposed Industrial Control Systems (ICS) operations
through their software components, such as Human Machine Interfaces (HMIs), by exploiting
Virtual Network Computing (VNC) remote access software and default passwords for malicious
activities.
Google has released Chrome 124 (124.0.6367.113) for Android, Beta channel OS version:
15853.16.0 Browser version: 125.0.6422.19 for most ChromeOS devices and Stable channel
124.0.6367.118/.119 for Windows &Mac &124.0.6367.118 for Linux to resolve multiple
vulnerabilities.
CVE ID: CVE-2024-4331 (High), CVE-2024-4368 (High)
Google has released Beta channel ChromeOS version 15823.40.0 with Chrome Browser version
124.0.6367.95 for most ChromeOS devices and Long Term Support (LTS) Channel to
120.0.6099.309, Platform Version: 15662.105.0 for most ChromeOS devices to resolve critical
vulnerability.
CVE ID: CVE-2024-4058 (Critical)
CISCO has released security updates to address ArcaneDoor exploitation of Cisco Adaptive
Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20353 (High), CVE-2024-20358 (Medium), CVE-2024-20359
(High)
Google has released Chrome Beta 125 (125.0.6422.14) for iOS, Chrome Beta 125 (125.0.6422.14)
for Android, Beta channel to 125.0.6422.14 for Windows, Mac &Linux, Dev channel to OS
version: 15853.9.0 Browser version: 125.0.6422.10 for most ChromeOS devices, Chrome 124
(124.0.6367.82) for Android and Stable channel 124.0.6367.78/.79 for Windows &Mac
&124.0.6367.78 to Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2024-4058 (Critical), CVE-2024-4059 (High), CVE-2024-4060 (High)
CISCO has released security updates to address command injection vulnerability in the
web-based management interface of Cisco Integrated Management Controller (IMC).
CVE ID: CVE-2024-20356 (High)
CISCO has released security updates to resolve a command injection vulnerability in the
Command Line Interface (CLI) of the Cisco Integrated Management Controller (IMC).
CVE ID: CVE-2024-20295 (High)
A vulnerability has been discovered in the password reset feature of Ai3 QbiBot due to lack
of proper access control that allows adversaries to reset any user's password.
CVE ID: CVE-2024-3777 (Critical)
OS command injection and plaintext storage of password vulnerabilities have been discovered
in BUFFALO wireless LAN routers. Security updates are available.
CVE ID: CVE-2024-23486 (Medium), CVE-2024-26023 (Medium)
Palo Alto Networks has released security updates to resolve a command injection
vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS. The affected
versions are PAN-OS 10.2, PAN-OS 11.0, and PAN-OS 11.1.
CVE ID: CVE-2024-3400 (Critical)
Juniper Networks has released security updates to address a stack based buffer overflow
vulnerability in the Routing Protocol Daemon (RPD) component of Junos OS and Junos OS
Evolved.
CVE ID: CVE-2024-30394 (High)
Multiple vulnerabilities have been discovered in XenServer and Citrix Hypervisor. Citrix has
released security updates to address these vulnerabilities.
CVE ID: CVE-2023-46842, CVE-2024-2201 and CVE-2024-31142
Rockwell Automation has released a security update to address an input validation
vulnerability in Rockwell Automation's 5015-AENFTXT. The affected versions are 5015-AENFTXT:
v35 and prior to v2.12.1.
CVE ID: CVE-2024-2424 (High)
Multiple vulnerabilities have been discovered in a-blog cms. The affected versions are
a-blog cms Ver.3.1.x series prior to Ver.3.1.12, a-blog cms Ver.3.0.x series prior to
Ver.3.0.32, a-blog cms Ver.2.11.x series prior to Ver.2.11.61, a-blog cms Ver.2.10.x series
prior to Ver.2.10.53.
CVE ID: CVE-2024-30419 (Medium), CVE-2024-30420 (Medium), CVE-2024-31394 (Medium),
CVE-2024-31395 (Medium), CVE-2024-31396 (Medium)
GitLab has released updated versions 16.10.2, 16.9.4, and 16.8.6 for GitLab Community
Edition (CE) and Enterprise Edition (EE).
CVE ID: CVE-2024-3092 (High), CVE-2024-2279 (High), CVE-2023-6489 (Medium),
CVE-2023-6678 (Medium)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has
released security updates, workarounds and mitigation to resolve vulnerabilities.
CVE ID: CVE-2023-35980 (Critical), CVE-2023-35981 (Critical), CVE-2023-35982
(Critical), CVE-2023-42789 (Critical), CVE-2024-21762 (Critical), CVE-2024-23113 (Critical),
CVE-2023-45614 (Critical), CVE-2023-45615 (Critical), CVE-2023-45616 (Critical)
Schneider Electric has released security updates to resolve multiple vulnerabilities in its
products. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2024-2747 (High), CVE-2023-5629 (High), CVE-2023-5630 (Medium),
CVE-2023-6032 (Medium)
Microsoft has released security updates to address critical, high, and medium
vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to
take control of an affected system.
Fortinet has released security updates to address vulnerabilities in FortiClientMac,
FortiClient Linux, FortiOS &FortiProxy. An attacker can exploit some of these
vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-45590 (Critical), CVE-2023-45588 (High), CVE-2024-31492 (High),
CVE-2023-48784 (Medium), CVE-2023-41677 (High), CVE-2024-23662 (High)
A reliance on insufficiently trustworthy component vulnerability has been discovered in
SUBNET Solutions Inc.'s Equipments- PowerSYSTEM Server &Substation Server 2021 that
allows privilege escalation, Denial of Service (DoS) or arbitrary code execution . The
affected versions are PowerSYSTEM Server 4.07.00 and prior and Substation Server 2021
4.07.00 and prior. Mitigation is available.
CVE ID: CVE-2024-3313 (High)
A vulnerability has been discovered in OpenSSL that can cause unbounded memory growth when
processing TLSv1.3 sessions, leading to a Denial of Service (DoS) attack. The affected
versions are OpenSSL 3.2, 3.1, 3.0 &1.1.1. Security updates are available.
CVE ID: CVE-2024-2511 (Low)
Microsoft has released the updated Microsoft Edge Stable Channel (Version 123.0.2420.81) and
Extended Stable Channel (Version 122.0.2365.120).
CVE ID: CVE-2024-29981 (Medium), CVE-2024-29049 (Medium)
Apache has released security updates to address HTTP response splitting and memory
exhaustion vulnerabilities in Apache HTTP Server. The affected versions are Apache HTTP
Server through 2.4.58.
CVE ID: CVE-2023-38709 (Medium), CVE-2024-24795 (Low), CVE-2024-27316
(Medium)
An improper authentication vulnerability has been discovered in Hitachi Energy's Equipment-
Asset Suite 9. The affected versions are Asset Suite prior to 9.6.3.13 and Asset Suite prior
to 9.6.4.1. The mitigation is available.
CVE ID: CVE-2024-2244 (Medium)
Inclusion of undocumented features vulnerability has been discovered in Schweitzer
Engineering Laboratories' Equipment- SEL 700 series relays. The mitigations are available.
CVE ID: CVE-2024-2103 (Medium)
Google has released Chrome Beta 124 (124.0.6367.26) for iOS, Chrome Beta 124 (124.0.6367.28)
for Android, Beta channel 124.0.6367.29 for Windows, Mac &Linux and Beta channel
ChromeOS version 15823.16.0 with Chrome Browser version 124.0.6367.24 for most ChromeOS
devices.
A Server Side Cross Site Scripting (XSS) vulnerability has been discovered in SiYuan that
allows execution of arbitrary commands on the server. The affected version is SiYuan version
3.0.3.
CVE ID: CVE-2024-2692 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Firefox for iOS
124. An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-31393 (Medium), CVE-2024-31392 (Low)
Google has released Chrome 123 (123.0.6312.99) for Android, Extended Stable 122.0.6261.156
for Windows &Mac, Stable channel OS version: 15786.41.0 Browser version: 123.0.6312.94
for most ChromeOS devices and Stable channel 123.0.6312.105/.106/.107 for Windows &Mac,
Stable channel 123.0.6312.105 for Linux to resolve multiple vulnerabilities.
CVE ID: CVE-2024-3156 (High), CVE-2024-3158 (High), CVE-2024-3159 (High)
VMware has released security updates to address multiple vulnerabilities in VMware SD-WAN.
An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-22246 (High), CVE-2024-22247 (Medium), CVE-2024-22248
(High)
An improper access control vulnerability has been discovered in Totolink. The affected
version is Totolink N350RT 9.3.5u.6265.
CVE ID: CVE-2024-0570 (Critical)
An information disclosure vulnerability has been discovered in Totolink. The affected
version is Totolink T8 4.1.5cu.833_20220905.
CVE ID: CVE-2024-0569 (Critical)
It has been discovered that malicious code is embedded in XZ Utils versions 5.6.0 and 5.6.1
that may allow unauthorised access to affected systems. XZ Utils is data compression
software and may be present in Linux distributions. Fedora Linux 40 beta does contain these
two affected versions of xz libraries.
CVE ID: CVE-2024-3094 (Critical)
Google has released Dev channel ChromeOS version 15823.11.0 with Chrome Browser version
124.0.6367.18 for most ChromeOS devices, Dev channel 125.0.6382.3 for Windows, Mac
&Linux, Chrome Dev 125 (125.0.6379.6) for Android, and Chrome Beta 124 (124.0.6367.18)
for Android.
Google has released Beta channel 123.0.6312.79 (Platform version: 15786.37.0) for most
ChromeOS devices, LTS (Long Term Support) channel version 114.0.5735.358 (Platform Version:
15437.98.0) for most ChromeOS devices, Chrome 123 (123.0.6312.80) for Android, Extended
Stable channel 122.0.6261.148 for Windows and Mac, Stable channel 123.0.6312.86/.87 for
Windows and Mac and 123.0.6312.86 for Linux.
CVE ID: CVE-2024-1284 (High), CVE-2024-2883 (Critical), CVE-2024-2885 (High),
CVE-2024-2886 (High), CVE-2024-2887 (High)
Multiple vulnerabilities have been discovered in AutomationDirect's Equipment- C-MORE EA9
HMI that allow an attacker to exploit a remote device and inject malicious code on the
panel. The mitigations are available.
CVE ID: CVE-2024-25136 (High), CVE-2024-25137 (Medium), CVE-2024-25138
(Medium)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- PowerFlex
527 that can crash the device and require a manual restart to recover. The affected versions
are PowerFlex 527 versions v2.001.x and later. The mitigations are available.
CVE ID: CVE-2024-2425 (High), CVE-2024-2426 (High), CVE-2024-2427 (High)
Multiple vulnerabilities have been discovered in Rockwell Automation's Equipment- Arena
Simulation Software that can crash the application or allow an attacker to run harmful code
on the system. The affected version is Arena Simulation Software version 16.00. The
mitigations are available.
CVE ID: CVE-2024-21912 (High), CVE-2024-21913 (High), CVE-2024-2929 (High),
CVE-2024-21918 (High), CVE-2024-21919 (High), CVE-2024-21920 (Medium)
Cross-site Scripting vulnerability has been discovered in Rockwell Automation's Equipment-
FactoryTalk View ME that can lead to the loss of view or control of the PanelView product.
The affected versions are FactoryTalk View ME prior to v14. The mitigations are available.
CVE ID: CVE-2024-21914 (Medium), CVE-2024-21914 (Medium)
Apple has released security updates to address multiple vulnerabilities in Safari 17.4.1,
macOS Sonoma 14.4.1, and macOS Ventura 13.6.6. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2024-1580
Mozilla has released a security updates to address a vulnerabilities in Firefox ESR 115.9.1,
and Firefox 124.0.1. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2024-29944 (Critical), CVE-2024-29943 (Critical)
Multiple vulnerabilities have been discovered in MELSEC Series CPU modules and MELSEC-Q/L
Series CPU modules of Mitsubishi Electric. The mitigations are available.
CVE ID: CVE-2024-0802 (Critical), CVE-2024-0803 (Critical), CVE-2024-1915 (Critical),
CVE-2024-1916 (Critical), CVE-2024-1917 (Critical), CVE-2023-1424 (Critical)
SonicWall has released security updates to address multiple vulnerabilities in SonicOS and
SonicWall Email.
CVE ID: CVE-2024-22396 (Medium), CVE-2024-22397 (Medium), CVE-2024-22398
(Medium)
Google has released Stable channel 123.0.6132.46 for Windows &Mac, Beta channel
123.0.6312.46 for Windows, Mac &Linux, Chrome Beta 123 (123.0.6312.40) for Android and
Beta channel 123.0.6312.36 (Platform version: 15786.22.0) for most ChromeOS devices.
Apple has released security updates to address an use-after-free vulnerability in GarageBand
10.4.11. An attacker can exploit this vulnerability to take control of an affected device.
CVE ID: CVE-2024-23300
Adobe has released security updates to address multiple critical, high, medium &low
vulnerabilities in Adobe software products. An attacker can exploit these vulnerabilities to
take control of an affected system.
An elevation of privilege vulnerability has been discovered in Microsoft Azure Kubernetes
Service Confidential Container.
CVE ID: CVE-2024-21400 (Critical)
Microsoft has released security updates to address multiple critical, high &medium
vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to
take control of an affected system.
Fortinet has released security updates to address vulnerabilities in multiple Fortinet
products. An attacker can exploit some of these vulnerabilities to take control of an
affected system. CVE ID: CVE-2023-47534 (High), CVE-2023-42789 (Critical),
CVE-2023-42790 (Critical), CVE-2024-23112 (High), CVE-2023-36554 (High), CVE-2023-48788
(Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe software.
An attacker can exploit some of these vulnerabilities to take control of an affected
system.
Google has released Chrome 122 (122.0.6261.119) for Android, Chrome Beta 123 (123.0.6312.38)
for iOS and Stable channel updated to 122.0.6261.128/.129 for Windows &Mac and
122.0.6261.128 for Linux to resolve security fixes &vulnerability.
CVE ID: CVE-2024-2400 (High)
Cybersecurity and Infrastructure Security Agency (CISA) developed Hybrid Identity Solutions
Guidance for better understanding identity management capabilities, the tradeoffs that exist
in various implementation options, and factors that should be considered when making
implementation decisions. This solution's guidance also supports the Secure Cloud Business
Application (SCuBA) project’s goal of providing guidance to help agencies effectively
implement cybersecurity capabilities as organisations migrate from traditional on-premises
infrastructure to the cloud.
Multiple critical, high, medium &low vulnerabilities have been discovered in several
Siemens products. Siemens has released security updates, workarounds and mitigations to
resolve vulnerabilities.
Microsoft has released security updates to address critical, high, medium &low
vulnerabilities in its products. An attacker can exploit some of these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2024-21334 (Critical), CVE-2024-21400 (Critical)
Remote Code Execution vulnerability has been discovered in Microsoft Azure Kubernetes
Service Confidential Container.
CVE ID: CVE-2024-21376 (Critical)
A use of hard-coded credentials vulnerability has been discovered in Chirp Systems'
Equipment-Chirp Access, which allows an attacker to take control and gain unrestricted
physical access to systems. All versions of Chirp Access are affected.
CVE ID: CVE-2024-2197 (Critical)
VMware has released security updates to address a partial information disclosure
vulnerability in VMware Cloud Director. An attacker can exploit this vulnerability to take
control of an affected system.
CVE ID: CVE-2024-22256 (Medium)
A command injection vulnerability has been discovered in GitHub Enterprise Server. The
affected versions are GitHub Enterprise Server prior to 3.12.
CVE ID: CVE-2024-1374 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2023-48795 (Medium), CVE-2024-28149 (High), CVE-2024-28150 (High),
CVE-2024-28151 (Medium), CVE-2024-28152 (Medium), CVE-2024-28153 (High), CVE-2024-28154
(Medium), CVE-2024-28155 (Medium), CVE-2024-28161 (Medium), CVE-2024-28162 (Medium),
CVE-2024-2215 (Medium), CVE-2024-2216 (Medium), CVE-2024-28156 (High), CVE-2024-28157
(High), CVE-2024-28158 (Medium), CVE-2024-28159 (Medium), CVE-2024-28160 (High)
Drupal has released security updates to address Access bypass vulnerability in Registration
role, a third-party library used in it. The affected versions are Registration role prior to
2.0.1.
Moxa has released security update to address a stack-based buffer overflow vulnerability in
the built-in web server of Moxa NPort W2150A/W2250A Series firmware. The affected versions
are Moxa NPort W2150A/W2250A Series firmware version 2.3 and prior.
CVE ID: CVE-2024-1220 (High)
Authentication bypass vulnerability has been discovered in JetBrains TeamCity. The affected
version is JetBrains TeamCity before 2023.11.4.
CVE ID: CVE-2024-27198 (Critical)
Juniper Networks has released security updates to address an improper handling of
exceptional conditions vulnerability in AS PATH processing of Juniper Networks Junos OS and
Junos OS Evolved. All versions of Junos OS and Junos OS Evolved are affected.
CVE ID: CVE-2023-44186 (High)
Apple has released security updates to address multiple vulnerabilities in iOS 17.4, iPadOS
17.4, iOS 16.7.6 and iPadOS 16.7.6. An attacker can exploit these vulnerabilities to take
control of an affected device.
CVE ID: CVE-2024-23243, CVE-2024-23225, CVE-2024-23296, CVE-2024-23256
Google has released Stable channel 122.0.6045.214 (Platform version: 15753.38.0) for most
ChromeOS devices, LTS channel 114.0.5735.355 (Platform Version: 15437.95.0) for most
ChromeOS devices, Chrome 122 (122.0.6261.105) for Android, Stable channel
122.0.6261.111/.112 for Windows &Mac and 122.0.6261.111 for Linux to resolve multiple
vulnerabilities.
CVE ID: CVE-2024-0225 (High), CVE-2024-1059 (High), CVE-2024-2173 (High),
CVE-2024-2174 (High), CVE-2024-2176 (High)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All
versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1372 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All
versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1369 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All
versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1359 (Critical)
A command injection vulnerability has been discovered in GitHub Enterprise Server. All
versions of GitHub Enterprise Server prior to 3.12 are affected.
CVE ID: CVE-2024-1355 (Critical)
Out-of-Bounds Write vulnerability has been discovered in Santesoft's Equipment- Sante FFT
Imaging. The affected versions are Sante FFT Imaging: 1.4.1 and prior. The mitigations are
available.
CVE ID: CVE-2024-1696 (High)
Improper Output Neutralization for Logs vulnerability has been discovered in Integration
Objects's Equipment- OPC UA Server Toolkit. The affected versions are OPC UA Server Toolkit:
1.0.0 and prior. The mitigations are available.
CVE ID: CVE-2023-7234 (Medium)
Android has released a security bulletin to resolve multiple vulnerabilities affecting
several Android devices. Security patch levels of 2024-03-05 or later, address all of these
issues.
Mozilla has released a security update to address a vulnerability in Thunderbird 115.8.1. An
attacker can exploit this vulnerability to take control of an affected system.
CVE ID: CVE-2024-1936 (High)
A SQL injection vulnerability has been discovered in Supabase PostgreSQL. The affected
version is Supabase PostgreSQL v15.1.
CVE ID: CVE-2024-24213 (Critical)
RevoWorks has released security updates to address a protection mechanism failure
vulnerability in RevoWorks SCVX and RevoWorks Browser. The affected versions are RevoWorks
SCVX prior to scvimage4.10.21_1013, and RevoWorks Browser prior to 2.2.95.
CVE ID: CVE-2024-25091 (Low)
A stack based buffer overflow vulnerability has been discovered in Delta Electronics'
Equipment- CNCSoft-B that allows executing arbitrary code. The affected versions are
CNCSoft-B 1.0.0.4 and prior.
CVE ID: CVE-2024-1941 (High)
Heap based buffer overflow and out of bounds write vulnerabilities have been discovered in
MicroDicom's Equipment- DICOM Viewer that allow to cause memory corruption issues leading to
execution of arbitrary code. The affected versions are MicroDicom DICOM Viewer 2023.3 (Build
9342) and prior. The mitigations are available.
CVE ID: CVE-2024-22100 (High), CVE-2024-25578 (High)
It has been observed that Phobos ransomware actors are using Tactics, Techniques and
Procedures (TTPs) for bypassing organizational network defense protocols by modifying system
firewall configurations. Phobos actors typically gain initial access to vulnerable networks
by leveraging phishing campaigns to drop hidden payloads or using Internet Protocol (IP)
scanning tools. After the exfiltration phase, Phobos actors then hunt for
backups. Cybersecurity and Infrastructure Security Agency (CISA )has released a joint
cybersecurity advisory to disseminate IOCs, mitigations for protecting systems and TTPs
associated with Phobos ransomware.
Google has released Dev channel 123.0.6312.18 Platform version 15786.10.0 for most ChromeOS
devices, Chrome Dev 124 (124.0.6328.0) for Android, Beta channel 123.0.6312.22 for Windows,
Mac and Linux, and Chrome Beta 123 (123.0.6312.20) for Android.
It has been observed that cyber threat actors are actively exploiting multiple previously
identified vulnerabilities in Ivanti Connect Secure and Ivanti Policy Secure gateways. The
vulnerabilities affect all supported versions (9.x and 22.x) and can be used in a chain of
exploits to enable malicious cyber threat actors to bypass authentication, create malicious
requests, and execute arbitrary commands with elevated privileges. Cybersecurity and
Infrastructure Security Agency (CISA) has released cybersecurity advisory to disseminate
IOCs, mitigations &detection methods to protect affected systems and TTPs associated
with threat actors.
CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical), CVE-2024-21893
(High)
A SQL injection vulnerability has been discovered in Tongda OA 2017. The affected versions
are Tongda OA 2017 up to 11.10.
CVE ID: CVE-2024-1251 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda i9. The affected
version is Tenda i9 1.0.0.9(4122).
CVE ID: CVE-2024-0996 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda W6. The affected
version is Tenda W6 1.0.0.9(4122).
CVE ID: CVE-2024-0995 (Critical)
A path traversal vulnerability has been discovered in Sichuan Yougou Technology KuERP. The
affected versions are Sichuan Yougou Technology KuERP up to 1.0.4.
CVE ID: CVE-2024-0989 (Critical)
A stack based buffer overflow vulnerability has been discovered in Tenda AC10U. The affected
version is Tenda AC10U 15.03.06.49_multi_TDE01.
CVE ID: CVE-2024-0931 (Critical)
Cisco has released security updates to address multiple vulnerabilities in its products. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20321 (High), CVE-2024-20267 (High), CVE-2024-20344 (Medium),
CVE-2024-20291 (Medium), CVE-2024-20294 (Medium)
Drupal has released security updates to address multiple vulnerabilities in 3rd party
plugins such as Drupal Symfony Mailer Lite, Node Access Rebuild Progressive, Private
content, and Coffee modules.
Google has released Chrome 122 (122.0.6261.90) for Android, Stable channel OS version:
15699.72.0 Browser version: 121.0.6167.212 for most ChromeOS devices, and Chrome Beta 123
(123.0.6312.17) for iOS.
VMware has released security updates to address an out of bounds read vulnerability in
VMware Workstation and Fusions. An attacker can exploit this vulnerability to take control
of an affected system.
CVE ID: CVE-2024-22251 (Medium)
A Denial of Service (DoS) vulnerability has been discovered in the Ethernet function of
multiple FA product of Mitsubishi Electric. The affected products are MELSEC iQ-F Series.
The mitigation is available.
CVE ID: CVE-2023-7033 (Medium)
An OpenSSH Terrapin Attack vulnerability has been discovered in Hitachi Energy Lumada
products. The affected products are Lumada EAM, Lumada APM, Lumada RM &Lumada AIP. The
mitigation is available.
CVE ID: CVE-2023-48795 (Medium)
Moxa has released security updates to resolve an IP forwarding vulnerability in Moxa
EDS-4000/G4000 Series that can bypass access controls or hide the source of malicious
requests. The affected versions are EDS-4000/G4000 Series prior to version 3.2.
CVE ID: CVE-2024-0387 (Medium)
SonicWall has released security updates to address improper access control vulnerability in
SMA100 SSL-VPN virtual office portal. The affected versions are SMA 100 Series
10.2.1.10-62sv and earlier versions.
CVE ID: CVE-2024-22395 (Medium)
An uncontrolled search path element vulnerability has been discovered in Delta Electronics'
Equipment- CNCSoft-B DOPSoft that allows to achieve Remote Code Execution (RCE). The
affected versions are CNCSoft-B v1.0.0.4 DOPSoft prior to v4.0.0.82.
CVE ID: CVE-2024-1595 (High)
An authentication bypass vulnerability has been discovered in ConnectWise ScreenConnect that
allows access to confidential information or critical systems. The affected versions are
ConnectWise ScreenConnect 23.9.7 and prior.
CVE ID: CVE-2024-1709 (Critical)
Juniper has released security updates to address a Time-of-check Time-of-use (TOCTOU) race
condition vulnerability in telemetry processing of Juniper Networks Junos OS. An attacker
can exploit this vulnerability to take control of an affected system. The affected products
are Juniper Networks Junos OS: 20.4 versions prior to 20.4R3-S9, 21.1 versions 21.1R1 and
later, 21.2 versions prior to 21.2R3-S6; 21.3 versions prior to 21.3R3-S5, 21.4 versions
prior to 21.4R3-S5, 22.1 versions prior to 22.1R3-S4, 22.2 versions prior to 22.2R3-S2, 22.3
versions prior to 22.3R2-S1, 22.3R3-S1, 22.4 versions prior to 22.4R2-S2, 22.4R3 and 23.1
versions prior to 23.1R2.
CVE ID: CVE-2023-44188 (Medium)
Cisco has released security updates to address an insufficient access control vulnerability
in Cisco Unified Intelligence Center that allows to read and modify data in a repository
that belongs to an internal service on an affected device.
CVE ID: CVE-2024-20325 (Medium)
Google has released Chrome Beta 123 (123.0.6312.3) for Android, Chrome 123.0.6312.4 Beta
channel for Windows, Mac and Linux, Chrome Beta 123 (123.0.6312.2) for iOS and LTC channel
version 120.0.6099.294 (Platform Version: 15662.94.0) for most ChromeOS devices to resolve
multiple vulnerabilities.
CVE ID: CVE-2024-1283 (High), CVE-2024-1284 (High)
A heap corruption vulnerability has been discovered in libgit2 that can be leveraged for
arbitrary code execution. The vulnerability has been patched in version 1.6.5 and 1.7.2.
CVE ID: CVE-2024-24577 (Critical)
An arbitrary code execution vulnerability has been discovered in MyQ Print Server. The
affected versions are MyQ Print Server before 8.2 patch 43.
CVE ID: CVE-2024-22076 (Critical)
CISA has released top cyber actions for securing Water and Wastewater Systems Sector
entities, which run Operational Technology (OT) and Information Technology (IT) systems to
reduce cyber risk and improve resilience to cyberattacks.
A double-free vulnerability has been discovered in the BrainVision ASCII Header Parsing
functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary
code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch
(ab0ee111).
CVE ID: CVE-2024-23809 (Critical)
An out-of-bounds write vulnerability has been discovered in the sopen_FAMOS_read
functionality of The Biosig Project libbiosig and Master Branch that can lead to arbitrary
code execution. The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch
(ab0ee111).
CVE ID: CVE-2024-23606 (Critical)
An use-after-free vulnerability has been discovered in the sopen_FAMOS_read functionality of
The Biosig Project libbiosig and Master Branch that can lead to arbitrary code execution.
The affected versions are Biosig Project libbiosig 2.5.0 and Master Branch (ab0ee111).
CVE ID: CVE-2024-23310 (Critical)
Mozilla has released security updates to address multiple vulnerabilities in Thunderbird
115.8, Firefox ESR 115.8, and Firefox 123. An attacker can exploit these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2024-1546 (High), CVE-2024-1547 (High), CVE-2024-1548 (Medium),
CVE-2024-1549 (Medium), CVE-2024-1550 (Medium), CVE-2024-1551 (Medium), CVE-2024-1552 (Low),
CVE-2024-1553 (High), CVE-2024-1554 (Medium), CVE-2024-1555 (Medium), CVE-2024-1556 (Low),
CVE-2024-1557 (High)
Google has released Chrome 122 (122.0.6261.64) for Android, Beta channel 122.0.6261.57 for
Windows, Mac and Linux, Chrome Beta 122 (122.0.6261.64) for Android, Chrome Stable 122
(122.0.6261.62) for iOS, and Chrome 122.0.6261.57 for Linux and Mac, 122.0.6261.57/.58 for
Windows to resolve multiple vulnerabilities.
CVE ID: CVE-2024-1669 (High), CVE-2024-1670 (High), CVE-2024-1671 (Medium),
CVE-2024-1672 (Medium), CVE-2024-1673 (Medium), CVE-2024-1674 (Medium), CVE-2024-1675
(Medium), CVE-2024-1676 (Low)
Multiple vulnerabilities have been discovered in Commend's Equipment- WS203VICM that allow
an attacker to obtain sensitive information or force the system to restart. The affected
versions are WS203VICM 1.7 and prior. The mitigation is available.
CVE ID: CVE-2024-22182 (High), CVE-2024-21767 (Critical), CVE-2024-23492
(Medium)
Multiple vulnerabilities have been discovered in CISA's Equipment- Industrial Control
Systems Network Protocol Parsers (ICSNPP) - Ethercat Plugin for Zeek that allow Remote Code
Execution (RCE). The affected versions are Industrial Control Systems Network Protocol
Parsers (ICSNPP) - Ethercat Zeek Plugin versions d78dda6 and prior. The mitigations are
available.
CVE ID: CVE-2023-7244 (Critical), CVE-2023-7243 (Critical), CVE-2023-7242
(High)
VMware has released security updates to address multiple vulnerabilities in VMware Enhanced
Authentication Plug-in (EAP), VMware Aria Operations and VMware Cloud Foundation. An
attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-22245 (Critical), CVE-2024-22250 (High), CVE-2024-22235
(Medium)
An OS command injection vulnerability has been discovered in ELECOM wireless LAN routers.
The affected versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier,
WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62
and earlier.
CVE ID: CVE-2024-25579 (Medium)
Multiple vulnerabilities have been discovered in ELECOM wireless LAN routers. The affected
versions are WRC-1167GS2-B v1.67 and earlier, WRC-1167GS2H-B v1.67 and earlier,
WRC-2533GS2-B v1.62 and earlier, WRC-2533GS2-W v1.62 and earlier, and WRC-2533GS2V-B v1.62
and earlier.
CVE ID: CVE-2024-21798 (Medium), CVE-2024-23910 (Medium)
A Remote Code Execution (RCE) vulnerability due to Microsoft Message Queuing service on
Microsoft Windows exists in Electrical discharge machines of Mitsubishi Electric. The
mitigation is available.
CVE ID: CVE-2023-21554 (Critical)
An arbitrary command execution vulnerability has been discovered due to insecure
deserialization in Torrentpier. The affected version is Torrentpier 2.4.1.
CVE ID: CVE-2024-1651 (Critical)
An OS command injection vulnerability has been discovered in Loomio that allows executing
arbitrary commands on the server. The affected version is Loomio 2.22.0.
CVE ID: CVE-2024-1297 (Critical)
A privilege escalation vulnerability has been discovered in Rockwell Automation FactoryTalk®
Service Platform (FTSP). The affected products are FactoryTalk® Service Platform software
version prior to v2.74. Security updates are available.
CVE ID: CVE-2024-21915 (Critical)
Google has updated the Stable channel to OS version 15699.66.0 Browser version
121.0.6167.188 for most ChromeOS devices and LTS channel to 114.0.5735.351 Platform Version:
15437.91.0 to resolve multiple vulnerabilities.
CVE ID: CVE: CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2023-51042 (High),
CVE-2023-6931 (High), CVE-2023-6817 (High), CVE-2023-46813 (High),
CVE-2023-6932 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system.
Oracle has released its critical patch update for January 2024 to address 389
vulnerabilities across multiple products. An attacker can exploit these vulnerabilities to
take control of an affected system.
SolarWinds has released a security update to address multiple vulnerabilities in Access
Rights Manager. The affected versions are SolarWinds Access Rights Manager (ARM) 2023.2.2
and prior versions.
CVE ID: CVE-2023-40057 (Critical), CVE-2024-23476 (Critical), CVE-2024-23477 (High),
CVE-2024-23478 (High), CVE-2024-23479 (Critical)
Google has released Chrome 122 (122.0.6261.43) for Android, Chrome Beta 122 (122.0.6261.47)
for iOS, Chrome Stable 122 (122.0.6261.48) for iOS, Stable channel 122.0.6261.39 for Windows
&122.0.6261.49 for Mac, Beta channel 122.0.6261.39 for Windows, Mac &Linux, and
Chrome Beta 122 (122.0.6261.43) for Android.
It has been discovered that the functionality for file download in HGiga OAKlouds' contains
an arbitrary file read and delete vulnerability.
CVE ID: CVE-2024-26261 (Critical)
It has been discovered that the functionality for synchronization in HGiga OAKlouds' has an
OS command injection vulnerability that allows to inject system commands within specific
request parameters.
CVE ID: CVE-2024-26260 (Critical)
An improper authentication vulnerability has been discovered in SonicWall SonicOS SSL-VPN
feature. The affected version is SonicOS 7.1.1-7040.
CVE ID: CVE-2024-22394 (Critical)
A Cross Site Scripting (XSS) vulnerability has been discovered in Axigen WebMail that allows
to escalate privileges. The affected versions are Axigen WebMail v.10.5.7 and before.
CVE ID: CVE-2023-48974 (Critical)
A vulnerability has been discovered in SQLAlchemyDA that allows unauthenticated execution of
arbitrary SQL statements on the database. The affected products are SQLAlchemyDA versions
prior to 2.2.
CVE ID: CVE-2024-24811 (Critical)
An unrestricted upload vulnerability has been discovered in Juanpao JPShop. The affected
versions are Juanpao JPShop up to 1.5.02.
CVE ID: CVE-2024-1264 (Critical)
A buffer overflow vulnerability has been discovered in Tenda AC9. The affected version is
Tenda AC9 v.3.0, firmware version v.15.03.06.42_multi.
CVE ID: CVE-2024-24543 (Critical)
Drupal has released security updates to address the Cross Site Scripting (XSS) vulnerability
in CKEditor 4 LTS - WYSIWYG HTML editor, a third-party library used in it. The affected
versions are CKEditor 4 LTS - WYSIWYG HTML editor 1.0.0 and below 1.0.1.
CVE ID: CVE-2024-24815
Siemens has released Security Updates to address multiple vulnerabilities in its products.
These updates as per OEM recommendations may be implemented.
An information disclosure vulnerability has been discovered in Mitsubishi Electric's MELSEC
iQ-R Series Safety CPU and SIL2 Process CPU module. All versions of MELSEC iQ-R Series
Safety CPU and MELSEC iQ-R Series SIL2 Process CPU are affected. The mitigation is
available.
CVE ID: CVE-2023-6815 (Medium)
Adobe has released security updates to address multiple vulnerabilities in Adobe software.
An attacker can exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-20738 (Critical),CVE-2024-20739 (High), CVE-2024-20750 (High),
CVE-2024-20719 (Critical), CVE-2024-20720 (Critical)
Microsoft has released security updates to address multiple vulnerabilities in its products.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-21364 (Critical), CVE-2024-21376 (Critical), CVE-2024-21401
(Critical), CVE-2024-21403 (Critical), CVE-2024-21410 (Critical), CVE-2024-21413
(Critical)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2023-50868 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2023-50387 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2023-6516 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2023-5680 (Medium)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2023-5679 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2023-5517 (High)
ISC has released security updates to address a vulnerability affecting multiple versions of
ISC's Berkeley Internet Name Domain (BIND) 9. An attacker can exploit this vulnerability to
take control of an affected device.
CVE ID: CVE-2023-4408 (High)
Google has released Chrome 121 (121.0.6167.178) for Android, Extended Stable channel
120.0.6099.291 for Windows &Mac, Stable channel 121.0.6167.184 for Mac &Linux and
121.0.6167.184/185 to Windows.
Arbitrary code execution vulnerability has been discovered in Malwarebytes Binisoft Windows
Firewall Control. The affected versions are Malwarebytes Binisoft Windows Firewall Control
before 6.9.9.2.
CVE ID: CVE-2024-25089 (Critical)
A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are
Novel-Plus v4.3.0-RC1 and prior.
CVE ID: CVE-2024-24021 (Critical)
A SQL injection vulnerability has been discovered in Novel-Plus. The affected versions are
Novel-Plus v4.3.0-RC1 and prior.
CVE ID: CVE-2024-24017 (Critical)
A vulnerability has been discovered in Johnson Controls impacting IQ Panel 4 and IQ4 Hub,
which allows unauthorized access to settings. All versions of IQ Panel 4 prior to 4.4.2 and
all versions of IQ4 Hub prior to 4.4.2 are affected. The mitigations are available.
CVE ID: CVE-2024-0242
An out-of-bounds write vulnerability has been discovered in FortiOS that can allow a remote
unauthenticated attacker to execute arbitrary code or command via specially crafted HTTP
requests. The updates are available.
CVE ID: CVE-2024-21762 (Critical)
An use of externally-controlled format string vulnerability has been discovered in FortiOS
fgfmd daemon that can allow a remote unauthenticated attacker to execute arbitrary code or
commands via specially crafted requests. The updates are available.
CVE ID: CVE-2024-23113 (Critical)
An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The
affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2,
6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
CVE ID: CVE-2024-23109 (Critical)
An OS command injection vulnerability has been discovered in Fortinet FortiSIEM. The
affected versions are Fortinet FortiSIEM version 7.1.0 through 7.1.1, 7.0.0 through 7.0.2,
6.7.0 through 6.7.8, 6.6.0 through 6.6.3, 6.5.0 through 6.5.2, and 6.4.0 through 6.4.2.
CVE ID: CVE-2024-23108 (Critical)
A SQL injection vulnerability has been discovered in Ninja Forms Contact Form – The Drag and
Drop Form Builder for WordPress plugin. The affected versions are Ninja Forms Contact Form –
The Drag and Drop Form Builder for WordPress plugin versions up to, and including, 3.7.1.
CVE ID: CVE-2024-0685 (Critical)
A vulnerability has been discovered in Vinchin Backup &Recovery that allows to be
configured with default root credentials. The affected version is Vinchin Backup
&Recovery v7.2.
CVE ID: CVE-2024-22902 (Critical)
A vulnerability has been discovered in Vinchin Backup &Recovery due to the use of
default MYSQL credentials. The affected version is Vinchin Backup &Recovery v7.2.
CVE ID: CVE-2024-22901 (Critical)
A vulnerability has been discovered in Rockwell Automation FactoryTalk® Service Platform
that allows to obtain the service token and use it for authentication on another FTSP
directory.
CVE ID: CVE-2024-21917 (Critical)
Cisco has released security updates to address multiple Cross Site Request Forgery (CSRF)
vulnerabilities in Cisco Expressway Series. An attacker can exploit these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2024-20252 (Critical), CVE-2024-20254 (Critical), CVE-2024-20255
(High)
Google has released Chrome Beta 122 (122.0.6261.27) for Android, Chrome Stable 121
(121.0.6167.171) for iOS, Beta channel 122.0.6261.29 for Windows, Mac &Linux, LTC-120
version 120.0.6099.272 (Platform Version: 15662.88.0) for most ChromeOS devices, Chrome Beta
122 (122.0.6261.26) for iOS and Stable channel OS version 15699.58.0 Browser version
121.0.6167.159 for most ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2024-1280 (Medium), CVE-2024-1281 (Medium), CVE-2024-25556 (Medium),
CVE-2024-25557 (Medium), CVE-2024-25558 (Medium), CVE-2023-6817 (Medium), CVE-2023-6932
(Medium), CVE-2024-0806 (Medium), CVE-2024-0807 (High), CVE-2024-0808 (High), CVE-2024-0813
(Medium), CVE-2024-0814 (Medium), CVE-2024-0809 (Low), CVE-2024-0811 (Low)
Cisco has released security updates to address a Denial of Service (DoS) vulnerability in
ClamAV OLE2 File Format Parser.
CVE ID: CVE-2024-20290 (High)
GitLab has released updated versions 16.8.2, 16.7.5, and 16.6.7 for GitLab Community Edition
(CE) and Enterprise Edition (EE).
CVE ID: CVE-2024-1250 (Medium), CVE-2023-6840 (Medium), CVE-2023-6386 (Medium),
CVE-2024-1066 (Medium)
JetBrains has released security update for TeamCity On-Premises to address a vulnerability
that allow unauthenticated attacker with HTTP(S) access to a TeamCity server to bypass
authentication checks and gain administrative control of that TeamCity server. All versions
of TeamCity On-Premises from 2017.1 through 2023.11.2 are affected.
CVE ID: CVE-2024-23917 (Critical)
Remote code execution vulnerability has been discovered in IBM Operational Decision Manager.
The affected versions are IBM Operational Decision Manager 8.10.3, 8.10.4, 8.10.5.1, 8.11,
8.11.0.1, and 8.12.0.1.
CVE ID: CVE-2024-22319 (Critical)
Arbitrary command execution vulnerability has been discovered in Notion Web Clipper. The
affected version is Notion Web Clipper 1.0.3(7).
CVE ID: CVE-2024-23745 (Critical)
Improper Authorization vulnerability has been discoveerd in HID Global's Equipment- iCLASS
SE, OMNIKEY. All versions of iCLASS SE CP1000 Encoder, iCLASS SE Readers, iCLASS SE Reader
Modules, iCLASS SE Processors, OMNIKEY 5427CK Readers, OMNIKEY 5127CK Readers, OMNIKEY 5023
Readers, and OMNIKEY 5027 Readers are affected.
CVE ID: CVE-2024-22388 (Medium)
Improper Authorization vulnerability has been discovered in HID Global's Equipment- Reader
Configuration Cards. All versions of HID iCLASS SE reader configuration cards and OMNIKEY
Secure Elements reader configuration cards are affected.
CVE ID: CVE-2024-23806 (Medium)
Cisco has released security updates to address Snort access control policy bypass
vulnerability in multiple Cisco products. An attacker can exploit these vulnerabilities to
take control of an affected system.
CVE ID: CVE-2023-20246 (Medium)
VMware has released security updates to address multiple vulnerabilities in VMware Aria
Operations for Networks. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2024-22237 (High), CVE-2024-22238 (Medium), CVE-2024-22239 (Medium),
CVE-2024-22240 (Medium), CVE-2024-22241 (Medium)
Google has released Chrome 121 (121.0.6167.164) for Android, Stable channel 121.0.6167.160
for Mac and Linux and 121.0.6167.160/161 for Windows, and Extended Stable channel
120.0.6099.283 for Windows and Mac.
CVE ID: CVE-2024-1284 (High), High CVE-2024-1283 (High)
Authentication bypass vulnerability has been discovered in the Admin UI component of
CrateDB. The affected version is CrateDB 5.5.1.
CVE ID: CVE-2023-51982 (Critical)
A SQL injection vulnerability has been discovered in the 'HTML5 Video Player' WordPress
Plugin. The affected versions are 'HTML5 Video Player' WordPress Plugin prior to 2.5.25.
CVE ID: CVE-2024-1061 (Critical)
Android has released a security bulletin to resolve multiple vulnerabilities affecting
several Android devices. Security patch levels of 2024-02-05 or later, address all of these
issues.
Docker has released security updates to resolve multiple vulnerabilities in several
products. The affected versions are runc 1.1.11 and below, BuildKit 0.12.4 and below, Moby
(Docker Engine) 25.0.1 and below and 24.0.8 and below, and Docker Desktop 4.27.0 and below.
CVE ID: CVE-2024-21626 (High), CVE-2024-23651 (High), CVE-2024-23652 (High),
CVE-2024-23653 (High), CVE-2024-23650 (Medium), CVE-2024-24557 (Medium)
Privilege escalation, and Server-side request forgery vulnerabilities have been discovered
in Ivanti Connect Secure, Ivanti Policy Secure and ZTA Gateways. All versions of Version 9.x
and 22.x of Ivanti Connect Secure, Ivanti Policy Secure, and ZTA Gateways are affected. The
patches and mitigations are available.
CVE ID: CVE-2024-21888 (High), CVE-2024-21893 (High)
An uncontrolled search path element vulnerabilitiy have been discovered in AVEVA's
Equipment- AVEVA Edge products aka InduSoft Web Studio that results in achieving arbitrary
code execution and privilege escalation . The affected versions are AVEVA Edge 2020 R2 SP2
and prior. The mitigation is available.
CVE ID: CVE-2023-6132 (High)
Microsoft has released Microsoft Edge Stable Channel (Version 121.0.2277.98) and Microsoft
Edge Extended Stable Channel (120.0.2210.167) to resolve vulnerability.
CVE ID: CVE-2024-21399 (High)
Multiple vulnerabilities have been discovered in Gessler GmbH's Equipment- WEB-MASTER. The
affected version is WEB-MASTER 7.9. The mitigation is available.
CVE ID: CVE-2024-1039 (Critical), CVE-2024-1040 (Medium)
An integer underflow vulnerability has been discovered in WebUI of Google Chrome, which
allows heap corruption via a malicious file. The affected versions are WebUI of Google
Chrome prior to 121.0.6167.85. Security updates are available.
CVE ID: CVE-2024-0808 (Critical)
A SQL injection vulnerability has been discovered in Webkul Bundle Product that allows to
execute arbitrary code. The affected version is Webkul Bundle Product 6.0.1.
CVE ID: CVE-2023-51210 (Critical)
A stack overflow vulnerability has been discovered in TOTOLINK. The affected version is
TOTOLINK A3700R_V9.1.2u.6165_20211012.
CVE ID: CVE-2024-22662 (Critical)
An authentication bypass vulnerability has been discovered in Fortra's GoAnywhere MFT. The
affected versions are Fortra GoAnywhere MFT prior to 7.4.1.
CVE ID: CVE-2024-0204 (Critical)
An authentication bypass vulnerability has been discovered in darkhttpd. The affected
versions are darkhttpd before 1.15.
CVE ID: CVE-2024-23771 (Critical)
An arbitrary code execution vulnerability has been discovered in OpenAPI loader for
Embedchain. The affected versions are OpenAPI loader ifor Embedchain before 0.1.57.
CVE ID: CVE-2024-23731 (Critical)
A session fixation vulnerability has been discovered in Enonic XP. The affected versions are
Enonic XP versions less than 7.7.4.
CVE ID: CVE-2024-23679 (Critical)
Microsoft Edge (Chromium-based) has released Microsoft Edge Stable Channel (Version
121.0.2277.83) and Microsoft Edge Extended Stable Channel (120.0.2210.160) to
resolve elevation of privilege vulnerability which can lead to a full compromise of the
browser.
CVE ID: CVE-2024-21326 (Critical)
Multiple vulnerabilities have been discovered in several Jenkins Plugins. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
CVE ID: CVE-2024-23897 (Critical), CVE-2024-23898 (High), CVE-2024-23899 (High),
CVE-2024-23900 (Medium), CVE-2024-23901 (Medium), CVE-2024-23902 (Medium), CVE-2024-23903
(Low), CVE-2023-6148 (High), CVE-2023-6147 (High), CVE-2024-23905 (High), CVE-2024-23904
(High)
Cisco has released security updates to resolve bypass vulnerability in Cisco Business 250
Series Smart Switches and Business 350 Series Managed Switches.
CVE ID: CVE-2024-20263 (Medium)
Cisco has released security updates to resolve a Cross Site Scripting (XSS) vulnerability in
the web-based management interface of Cisco Unity Connection.
CVE ID: CVE-2024-20305 (Medium)
A critical vulnerability has been discovered in multiple Cisco Unified Communications and
Contact Center Solutions products. Successful exploitation can allow to execute arbitrary
code on an affected device.
CVE ID: CVE-2024-20253 (Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system.
An unsafe reflection vulnerability has been discovered in GitHub Enterprise Server that can
lead to reflection injection. All versions of GitHub Enterprise Server prior to 3.12 are
affected.
CVE ID: CVE-2024-0200 (Critical)
A critical vulnerability has been discovered in Totolink that leads to improper access
controls. The affected version is Totolink N350RT 9.3.5u.6265.
CVE ID: CVE-2024-0570 (Critical)
Multiple vulnerabilities have been discovered in Voltronic Power's Equipment- ViewPower Pro.
The affected version is ViewPower Pro 2.0-22165.
CVE ID: CVE-2023-51570 (Critical), CVE-2023-51571 (High), CVE-2023-51572 (Critical),
CVE-2023-51573 (Critical)
An improper access control vulnerability has been discovered in APsystems' Equipment- Energy
communication Unit (ECU-C) Power Control Software. The affected versions are Energy
Communication Unit Power Control Software: C1.2.2, v3.11.4, W2.1.NA, v4.1SAA and v4.1NA.
CVE ID: CVE-2022-44037 (High)
Crestron has released a security update to address an OS command injection vulnerability in
its equipment- AM-300. The affected version is AM-300 1.4499.00018.
CVE ID: CVE-2023-6926 (High)
Multiple vulnerabilities have been discovered in Westermo's equipment- Lynx 206-F2G. The
affected versions are Lynx: Model Version L206-F2G1, and Lynx: Firmware Version 4.24. The
mitigation is available.
CVE ID: CVE-2023-40143 (Medium), CVE-2023-45222 (Medium), CVE-2023-45735 (High),
CVE-2023-45213 (Medium), CVE-2023-42765 (Medium), CVE-2023-40544 (Medium), CVE-2023-38579
(High), CVE-2023-45227 (Medium)
A weak encoding for password vulnerability has been discovered in Lantronix's Equipment-
XPort. The affected version is XPort Device Server Configuration Manager 2.0.0.13.
CVE ID: CVE-2023-7237 (Medium)
A Cross Site Scripting (XSS) vulnerability has been discovered in Orthanc's Equipment-
Osimis Web Viewer. The affected version is Osimis WebViewer 1.4.2.0-9d9eff4. The mitigation
is available.
CVE ID: CVE-2023-7238 (High)
A Remote Command Execution (RCE) vulnerability has been discovered in TOTOlink. The affected
version is TOTOlink EX1200T V4.1.2cu.5232_B20210713.
CVE ID: CVE-2023-52032 (Critical)
An arbitrary code execution vulnerability has been discovered in D-Link. The affected
version is D-Link dir815 v.1.01SSb08.bin.
CVE ID: CVE-2023-51123 (Critical)
An integer overflow vulnerability has been discovered in Redis that leads to heap overflow
and potential Remote Code Execution (RCE). Security updates are available.
CVE ID: CVE-2023-41056 (Critical)
Microsoft has released security update to address vulnerability in Microsoft Edge Stable
Channel (Version 120.0.2210.144) to resolve a vulnerability.
CVE ID: CVE-2024-0519
Google has released Chrome Stable 121 (121.0.6167.66) for iOS, Chrome Beta 121
(121.0.6167.71) for Android, Stable channel 121.0.6167.75 for Windows and Mac, and Beta
channel 121.0.6167.75 for Windows, Mac and Linux.
Trend Micro has released a security update to address local privilege escalation
vulnerabilities in Trend Micro Deep Security Agent, Platform: Windows. The affected version
is Trend Micro Deep Security Agent (Including Cloud One - Endpoint and Workload Security)
20.0.
CVE ID: CVE-2023-52337 (High), CVE-2023-52338 (High)
A SQL injection vulnerability has been discovered in soxft TimeMail. The affected versions
are soxft TimeMail up to 1.1.
CVE ID: CVE-2024-0344 (Critical)
VMware has released security updates to address a missing access control vulnerability
in VMware Aria Automation & VMware Cloud Foundation. An attacker can exploit this
vulnerability to take control of an affected system.
CVE ID: CVE-2023-34063 (Critical)
Multiple vulnerabilities have been discovered in several NetApp products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-26031 (High), CVE-2023-29258 (High), CVE-2023-45178 (High),
CVE-2023-45287 (High), CVE-2023-46167 (High), CVE-2023-6337 (High), CVE-2023-6534 (High),
CVE-2023-7104 (High)
A command injection vulnerability has been discovered in Tenda AX1803. The affected version
is Tenda AX1803 v1.0.0.1.
CVE ID: CVE-2023-51972 (Critical)
Cisco has released security update to address multiple vulnerabilities in Cisco TelePresence
Management Suite. The affected versions are Cisco TelePresence Management Suite earlier than
15.13.6.
CVE ID: CVE-2023-20248, CVE-2023-20249
A stack overflow vulnerability has been discovered in TRENDnet that leads to arbitrary
command execution. The affected version is TRENDnet TV-IP1314PI 5.5.3 200714.
CVE ID: CVE-2023-49236 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.133) to resolve
vulnerabilities.
CVE ID: CVE-2024-21337 (Medium), CVE-2024-20709, CVE-2024-20721, CVE-2024-20675
(Medium)
A buffer overflow vulnerability has been discovered in Totolink X2000R. The affected version
is Totolink X2000R 1.0.0-B20221212.1452.
CVE ID: CVE-2023-7222 (Critical)
An arbitrary code execution vulnerability has been discovered that causes Denial of Service
(DoS) in NetScout nGeniusOne. The affected version is NetScout nGeniusOne v.6.3.4.
CVE ID: CVE-2023-26999 (Critical)
An out of bounds read vulnerability has been discovered in the GitHub repository gpac/gpac.
The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
CVE ID: CVE-2024-0322 (Critical)
A stack based buffer overflow vulnerability has been discovered in the GitHub repository
gpac/gpac. The affected versions are GitHub repository gpac/gpac prior to 2.3-DEV.
CVE ID: CVE-2024-0321 (Critical)
A Server Side Request Forgery (SSRF) vulnerability has been discovered in Youke365. The
affected versions are Youke365 up to 1.5.3.
CVE ID: CVE-2024-0304 (Critical)
A vulnerability has been discovered in DeDeCMS that leads to unrestricted uploading. The
affected versions are DeDeCMS up to 5.7.112.
CVE ID: CVE-2023-7212 (Critical)
A stack based buffer overflow vulnerability has been discovered in Horner Automation's
Equipment- Cscape that allows to execute arbitrary code. The affected versions are Cscape
9.90 SP10 and prior.
CVE ID: CVE-2023-7206 (High)
Google has released Dev channel 122.0.6226.0 (Platform version: 15739.0.0) for most ChromeOS
devices, Chrome Dev 122 (122.0.6238.3) for Android and Dev channel 122.0.6238.2 for Windows,
Mac & Linux.
Juniper has released security updates to address a missing release of memory after effective
lifetime vulnerability in the Routing Protocol Daemon (RDP) of Juniper Networks Junos OS and
Junos OS Evolved that allows to cause a Denial of Service (DoS) condition.
CVE ID: CVE-2024-21611 (High)
A use after free vulnerability has been discovered in Lotos WebServer. The affected versions
are Lotos WebServer through 0.1.1.
CVE ID: CVE-2024-22088 (Critical)
A Remote Code Execution(RCE) vulnerability has been discovered in Tenda AX3. The affected
version is Tenda AX3 v16.03.12.11.
CVE ID: CVE-2023-51812 (Critical)
A path traversal vulnerability has been discovered in Arcserve UDP. The affected versions
are Arcserve UDP prior to 9.2.
CVE ID: CVE-2023-42000 (Critical)
The authentication bypass and command injection vulnerabilities have been discovered in
Ivanti Connect Secure and Ivanti Policy Secure Gateways. All versions of Version 9.x and
22.x of Ivanti Connect Secure and Ivanti Policy Secure Gateways are affected. The mitigation
is available.
CVE ID: CVE-2023-46805 (High), CVE-2024-21887 (Critical)
Cisco has released security updates to address an unauthenticated arbitrary file Upload
vulnerability in Cisco Unity Connection. An attacker can exploit this vulnerability to take
control of an affected system.
CVE ID: CVE-2024-20272 (Critical)
Drupal has released security updates to address the Cross Site Scripting (XSS) and access
bypass vulnerabilities in File entity, a third-party library used in it.
Google has released Beta channel 121.0.6167.57 for Windows, Mac & Linux, Chrome Beta 121
(121.0.6167.56) for iOS, Beta channel OS version: 15699.29.0, Browser version: 121.0.6167.49
for most ChromeOS devices, Chrome Beta 121 (121.0.6167.57) for Android and LTS channel
114.0.5735.346 (Platform Version: 15437.84.0) for most ChromeOS devices to resolve multiple
vulnerabilities.
CVE ID: CVE-2023-7024 (High), CVE-2023-5197 (High), CVE-2023-5851 (Medium),
CVE-2023-5852 (Medium), CVE-2023-5855 (Medium)
Trend Micro has released security updates to address local privilege escalation
vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service, Platform:
Windows. The affected versions are Trend Micro Apex One 2019 (On-prem) and Trend Micro Apex
One as a Service SaaS.
CVE ID: CVE-2023-52090 (High), CVE-2023-52091 (High), CVE-2023-52092 (High),
CVE-2023-52093 (High), CVE-2023-52094 (High)
Multiple vulnerabilities have been discovered in several Siemens products. Siemens has
released security updates, workarounds and mitigations to resolve these vulnerabilities.
CVE ID: CVE-2023-49621 (Critical), CVE-2023-51438 (Critical), CVE-2023-45871
(Critical), CVE-2023-45853 (Critical)
SAP has released security notes to address several critical vulnerabilities affecting
multiple products. An attacker can exploit these vulnerabilities to take control of an
affected system.
CVE ID: CVE-2023-49583 (Critical), CVE-2023-49583 (Critical), CVE-2023-50422
(Critical), CVE-2023-49583 (Critical), CVE-2023-50422 (Critical), CVE-2023-50423 (Critical),
CVE-2023-50424 (Critical)
Microsoft has released security updates to address multiple vulnerabilities in its products.
An attacker can exploit some of these vulnerabilities to take control of an affected system.
CVE ID: CVE-2024-0057 (Critical), CVE-2024-20674 (Critical)
Adobe has released security updates to address multiple vulnerabilities in Adobe Substance
3D Stager. An attacker can exploit these vulnerabilities to take control of an affected
system.
CVE ID: CVE-2024-20710 (Medium), CVE-2024-20711 (Medium), CVE-2024-20712 (Medium),
CVE-2024-20713 (Medium), CVE-2024-20714 (Medium), CVE-2024-20715 (Medium)
An improper privilege management vulnerability has been discovered in FortiOS and
FortiProxy. The affected versions are FortiOS 7.4, FortiOS 7.2, and FortiProxy 7.4. Security
updates are available.
CVE ID: CVE-2023-44250 (High)
Google has released Chrome 120 (120.0.6099.210) for Android, and Stable channel
120.0.6099.216 for Mac, Linux and 120.0.6099.216/217 to Windows to resolve vulnerability.
CVE ID: CVE-2024-0333 (High)
Schneider Electric's has released security updates to address Deserialization of untrusted
data vulnerability in Easergy Studio product. The affected versions are Easergy Studio prior
to v9.3.5.
CVE ID: CVE-2023-7032 (High)
A vulnerability has been discovered in PAN-OS software that allows to intercept SSH traffic
on the PAN-OS management network causes Machine in the Middle (MitM) attacks.
CVE ID: CVE-2023-48795
A privilege escalation vulnerability has been discovered in SpringBlade. The affected
versions are SpringBlade v.3.7.0 and before.
CVE ID: CVE-2023-47458 (Critical)
Google has released Stable channel 120.0.6099.203 (Platform version: 15662.64.0) for most
ChromeOS devices to resolve multiple vulnerabilities.
CVE ID: CVE-2023-7024 (High), CVE-2023-6508 (High), CVE-2023-6509 (High),
CVE-2023-6511 (Low), CVE-2023-39191 (Medium)
A deserialization of untrusted data vulnerability has been discovered in Presslabs Theme per
user. The affected versions are Theme per user: from n/a through 1.0.1.
CVE ID: CVE-2023-52181 (Critical)
A Remote Command Execution (RCE) vulnerability has been discovered in TOTOLINK X6000R. The
affected version is TOTOLINK X6000R v9.4.0cu.852_B20230719.
CVE ID: CVE-2023-50651 (Critical)
A stack overflow vulnerability has been discovered in TOTOLINK X2000R Gh. The affected
version is TOTOLINK X2000R Gh v1.0.0-B20230221.0948.
CVE ID: CVE-2023-51136 (Critical)
A SQL injection vulnerability has been discovered in Grupo Embras GEOSIAP ERP. The affected
version is Grupo Embras GEOSIAP ERP v2.2.167.02.
CVE ID: CVE-2023-50589 (Critical)
A Server Side Template Injection (SSTI) vulnerability has been discovered in jeecg-boot that
allows to execute arbitrary code via crafted HTTP request. The affected version is
jeecg-boot version 3.5.3.
CVE ID: CVE-2023-41544 (Critical)
Microsoft has released Microsoft Edge Stable Channel (Version 120.0.2210.121) to resolve
vulnerabilities.
CVE ID: CVE-2024-0225, CVE-2024-0224, CVE-2024-0223, CVE-2024-0222
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-2976 (Medium), CVE-2020-36518 (High), CVE-2022-42004
(Medium), CVE-2022-42003 (Medium)
Google has released Chrome Beta 121 (121.0.6167.48) for iOS, Beta channel 121.0.6167.47 for
Windows, Mac and Linux, Chrome Beta 121 (121.0.6167.47) for Android and Dev channel OS
version: 15699.25.0, Browser version: 121.0.6167.40 for most ChromeOS devices.
Android has released a security bulletin to resolve multiple vulnerabilities affecting
several Android devices. Security patch levels of 2024-01-05 or later, address all of these
issues.
Android has released a security bulletin to resolve multiple vulnerabilities affecting
several Android devices. Security patch levels of 2024-01-05 or later address all of these
issues.
Google has released Chrome 120 (120.0.6099.193) for Android and Stable channel
120.0.6099.199 for Mac & Linux and 120.0.6099.199/200 for Windows to resolve multiple
vulnerabilities.
CVE ID: CVE-2024-0222 (High), CVE-2024-0223 (High), CVE-2024-0224
(High), CVE-2024-0225 (High)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. Security updates are
available.
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system. The updates are
available.
Qualcomm has released a security bulletin to resolve multiple vulnerabilities affecting
several devices.
CVE ID: CVE-2023-33032 (Critical), CVE-2023-33030 (Critical), CVE-2023-33025
(Critical)
Multiple vulnerabilities have been discovered in several IBM products. An attacker can
exploit these vulnerabilities to take control of an affected system.
CVE ID: CVE-2023-44483 (Medium), CVE-2023-44487 (High), CVE-2023-46158
(Medium), CVE-2023-45857 (High), CVE-2021-28165 (High), CVE-2020-27216 (High)