CVE-2024-9478

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2...

CVE-2024-9479

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2...

CVE-2024-9479

Improper Privilege Management vulnerability in upKeeper Solutions upKeeper Instant Privilege Access allows Privilege Escalation.This issue affects upKeeper Instant Privilege Access: before 1.2...

CVE-2024-9479

CVE-2024-9479 affects upKeeper Instant Privilege Access prior to 1.2. The root cause is improper privilege management, enabling privilege escalation with HIGH impact to confidentiality, integrity, and availability (per CVSS 4.0). Exploitation details are not provided in the sources. Remediation: ...

Information Exposure

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure via the sendinstantmessages function. An attacker can gain access to user names they should not have access to by exploiting this error message handling. Remediation Upgrade...

The vulnerability in the web interface of the Cisco Unified Communications Manager IM & Presence Service allows a perpetrator to access confidential information.

The vulnerability of the Web interface for managing the Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P is related to insufficient protection of operational data. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...

CVE-2024-52377

Unrestricted Upload of File with Dangerous Type vulnerability in bdthemes Instant Image Generator ai-image allows Upload a Web Shell to a Web Server.This issue affects Instant Image Generator: from n/a through = 1.5.2...

CVE-2024-52377

CVE-2024-52377 affects BdThemes Instant Image Generator (WordPress plugin) and allows Unrestricted Upload of a Web Shell by uploading dangerous file types. Affected versions are 1.5.4 and earlier; Patchstack reports a fix in 1.5.3, and Wordfence vulnerability listings reference patched/reduced ex...

Сrimeware and financial cyberthreats in 2025

Kaspersky's Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. We also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware...

WordPress plugin Instant Image Generator 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

HPE Issues Critical Security Patches for Aruba Access Point Vulnerabilities

Hewlett Packard Enterprise HPE has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The flaws affect Access Points running Instant AOS-8 and AOS-10 -...

WordPress Instant Image Generator (One Click Image Uploads from Pixabay, Pexels and OpenAI) plugin <= 1.5.2 - Arbitrary File Upload vulnerability

Arbitrary File Upload vulnerability discovered by stealthcopter Patchstack Alliance in WordPress Plugin Instant Image Generator versions = 1.5.2...

PT-2024-8211 · Cisco · Cisco Unified Communications Manager Im & Presence Service

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager IM & Presence Service Unified CM IM&P affected versions not specified Description: A vulnerability in the logging component could allow an authenticated, remote attacker to view sensitive information in...

CVE-2024-47464

An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could lead to a remote...

CVE-2024-47463

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47461

An authenticated command injection vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. A successful exploitation of this vulnerability results in the ability to execute arbitrary commands as a privileged user on the underlying operating system. This allows an attacker to...

CVE-2024-47462

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...

CVE-2024-47464 Authenticated Path Traversal Vulnerability Leads to a Remote Unauthorized Access to Files

An authenticated Path Traversal vulnerability exists in Instant AOS-8 and AOS-10. Successful exploitation of this vulnerability allows an attacker to copy arbitrary files to a user readable location from the command line interface of the underlying operating system, which could lead to a remote...

CVE-2024-47464

CVE-2024-47464 affects Hewlett Packard Enterprise ArubaOS Instant AOS-8 and AOS-10. It is described as an authenticated path traversal vulnerability in the CLI that could copy arbitrary files from the underlying OS to a user-readable location, potentially enabling remote unauthorized access to fi...

CVE-2024-47463 Arbitrary File Creation Vulnerability in Instant AOS-8 and AOS-10 leads to Authenticated Remote Command Execution (RCE)

An arbitrary file creation vulnerability exists in the Instant AOS-8 and AOS-10 command line interface. Successful exploitation of this vulnerability could allow an authenticated remote attacker to create arbitrary files, which could lead to a remote command execution RCE on the underlying...