CVE-2024-57609

creationtimestamp| type| source ---|---|--- 2025-02-04 22:00:06+00:00| published-proof-of-concept| Telegram/EPMWd4WNRecTWvESTQHlRCQzOU9qSgjrCdYAHbAYrOYLHsY 2025-02-06 22:16:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhk4gs7hi225 2025-02-06 22:49:11+00:00| seen|...

CVE-2024-13607 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference

The JS Help Desk – The Ultimate Help Desk & Support Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.8.8 via the 'exportusereraserequest' due to missing validation on a user controlled key. This makes it possible for authenticat...

Daas unable to create host connection with error: "URL invalid"

Unable to create a host connection to AWS EC2 and on-premises hypervisors XenServer, VMWare, etc. with invalid URL or authentication failure when a proxy has been configured for the Network Service account...

[SECURITY] [DLA 4040-1] pam-u2f security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4040-1 [email protected] https://www.debian.org/lts/security/ Emilio Pozuelo Monfort February 03, 2025 https://wiki.debian.org/LTS -...

CVE-2024-13157

The CVE CVE-2024-13157 affects the WordPress plugin “MP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar”. It describes a Stored Cross-Site Scripting (XSS) via the Podcast RSS Feed in all versions up to and including 5.9.3. The vulnerability arises from insufficient input sanitizati...

CVE-2024-23962

CVE-2024-23962 (Alpine Halo9) : The flaw exists in the DLT interface, which listens on TCP port 3490. It permits remote attackers to disclose sensitive information due to a lack of authentication before accessing functionality. The impact is described as attackers potentially leveraging this in c...

Privilege Escalation

org.apache.solr, solr-core is vulnerable to Privilege Escalation. The vulnerability is due to the use of the "FileSystemConfigSetService" component in "standalone" or "user-managed" mode without authentication or authorization, allowing attackers to replace trusted configset files with potentiall...

CVE-2024-57519

An issue in Open5GS v.2.7.2 allows a remote attacker to cause a denial of service via the ogsdbiauthinfo function in lib/dbi/subscription.c file...

CVE-2025-24141

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked...

CVE-2025-24141

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked...

CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, macOS Sequoia 15.2, watchOS 11.2, iOS 18.2 and iPadOS 18.2. Private Browsing tabs may be accessed without authentication...

CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication...

CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication...

CVE-2024-54542

CVE-2024-54542 affects Apple Safari Private Browsing in iOS 18.2/iPadOS 18.2 (and related Safari 18.2) where Private Browsing tabs could be accessed without authentication. The NVD/Red Hat-Reddit Apple entries confirm an authentication issue fixed by the 18.2 rollups across iOS/macOS/watchOS/tvOS...

CVE-2024-54542

An authentication issue was addressed with improved state management. This issue is fixed in Safari 18.2, iOS 18.2 and iPadOS 18.2, macOS Sequoia 15.2, watchOS 11.2. Private Browsing tabs may be accessed without authentication...

CVE-2025-24141

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked...

CVE-2025-24141

An authentication issue was addressed with improved state management. This issue is fixed in iOS 18.3 and iPadOS 18.3. An attacker with physical access to an unlocked device may be able to access Photos while the app is locked...

CVE-2025-24141

Apple fixed an authentication issue in iOS 18.3 and iPadOS 18.3 that could allow an attacker with physical access to an unlocked device to access Photos when the app is locked. The vulnerability (CVE-2025-24141) is tied to improved state management in the Accessibility flow, with the impact descr...

CVE-2025-24367 Cacti allows Arbitrary File Creation leading to RCE

Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed...

About the security content of iOS 18.3 and iPadOS 18.3

About the security content of iOS 18.3 and iPadOS 18.3 This document describes the security content of iOS 18.3 and iPadOS 18.3. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...