CVE-2026-24521

Cross-Site Request Forgery CSRF vulnerability in Timur Kamaev Kama Thumbnail kama-thumbnail allows Cross Site Request Forgery.This issue affects Kama Thumbnail: from n/a through = 3.5.1...

CVE-2023-24521

Due to insufficient input sanitization, SAP NetWeaver AS ABAP BSP Framework - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the...

CVE-2021-24521

The Side Menu Lite – add sticky fixed buttons WordPress plugin before 2.2.1 does not properly sanitize input values from the browser when building an SQL statement. Users with the administrator role or permission to manage this plugin could perform an SQL Injection attack...

CVE-2023-24521

creationtimestamp| type| source ---|---|--- 2025-03-21 14:19:07+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/8336...

CVE-2025-24521

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

CVE-2025-24521 Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

CVE-2025-24521 Keysight Ixia Vision Product Family Improper Restriction of XML External Entity Reference

External XML entity injection allows arbitrary download of files. The score without least privilege principle violation is as calculated below. In combination with other issues it may facilitate further compromise of the device. Remediation in Version 6.8.0, release date: 01-Mar-25...

CVE-2025-24521

The CVE-2025-24521 entry concerns Keysight Ixia Vision Product Family with an External XML Entity (XXE) injection vulnerability. This flaw allows an attacker to trigger arbitrary file downloads, as described in multiple sources, and is noted to potentially enable further device compromise when co...

CVE-2024-52573

A vulnerability has been identified in Teamcenter Visualization V14.2 All versions V14.2.0.14, Teamcenter Visualization V14.3 All versions V14.3.0.12, Teamcenter Visualization V2312 All versions V2312.0008, Teamcenter Visualization V2406 All versions V2406.0005, Tecnomatix Plant Simulation V2302...

Windows CLFS and five exploits used by ransomware operators

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we mentioned that the zero-day exploit we discovered was very similar to other Microsoft Windows...

CVE-2020-24521

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2020. Notes: none...

CVE-2023-24521

Due to insufficient input sanitization, SAP NetWeaver AS ABAP BSP Framework - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, allows an unauthenticated user to alter the current session of the user by injecting the malicious code over the network and gain access to the...

CVE-2023-24521

CVE-2023-24521 affects SAP NetWeaver AS ABAP (BSP Framework) versions 700–757. The issue stems from insufficient input sanitization, allowing an unauthenticated user to inject malicious code over the network to alter the current user session and access unintended data, with a limited impact on co...

Cuba Ransomware Extorted Over $60 Million in Ransom Fees from More than 100 Entities

The threat actors behind Cuba aka COLDDRAW ransomware have received more than $60 million in ransom payments and compromised over 100 entities across the world as of August 2022. In a new advisory shared by the U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of...

Vice Society Hackers Are Behind Several Ransomware Attacks Against Education Sector

A cybercrime group known as Vice Society has been linked to multiple ransomware strains in its malicious campaigns aimed at the education, government, and retail sectors. The Microsoft Security Threat Intelligence team, which is tracking the threat cluster under the moniker DEV-0832, said the gro...

Wormable Flaw, 0days Lead Sept. 2022 Patch Tuesday

This months Patch Tuesday offers a little something for everyone, including security updates for a zero-day flaw in Microsoft Windows that is under active attack, and another Windows weakness experts say could be used to power a fast-spreading computer worm. Also, Apple has also quashed a pair of...

Zero-day vulnerability leveraged to deploy Cuba Ransomware

Threat Level Attack Report For a detailed advisory, download the pdf file here Summary The threat actors behind the Cuba ransomware have stepped up their game by using a new Remote Access Trojan called ROMCOM and weaponizing a local privilege escalation vulnerabilityCVE-2022-24521. A wide range o...

CVE-2022-24521

CVE-2022-24521 is a Windows Windows Common Log File System Driver Privilege Escalation vulnerability. The CVE entry reports an elevation-of-privilege flaw in the CLFS driver; CVSS scores shown include a 2.0/2.0 base (MEDIUM) on NVD and a 3.1-based HIGH score from Microsoft, both indicating local ...

CVE-2022-24521 Windows Common Log File System Driver Elevation of Privilege Vulnerability

...

CVE-2022-24521

Windows Common Log File System Driver Elevation of Privilege Vulnerability Recent assessments: cbeek-r7 at March 21, 2025 12:29pm UTC reported: RansomHub affiliate observed in abusing this vulnerability including 3 files that were weaponizing this vulnerability:...