VulnCheck KEV: CVE-2024-40711

Veeam Backup and Replication contains a deserialization vulnerability allowing an unauthenticated user to perform remote code execution...

Metasploit Weekly Wrap-Up 04/19/24

Welcome Ryan and the new CrushFTP module It's not every week we add an awesome new exploit module to the Framework while adding the original discoverer of the vulnerability to the Rapid7 team as well. We're very excited to welcome Ryan Emmons to the Emergent Threat Response team, which works...

Siemens Scalance W1750D Buffer Copy without Checking Size of Input (CVE-2023-45614)

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

CVE-2024-25331

DIR-822 Rev. B Firmware v2.02KRB09 and DIR-822-CA Rev. B Firmware v2.03WWb01 suffer from a LAN-Side Unauthenticated Remote Code Execution RCE vulnerability elevated from HNAP Stack-Based Buffer Overflow...

TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection

!/usr/bin/env python TELSAT marKoni FM Transmitter 1.9.5 Root Command Injection PoC Exploit Vendor: TELSAT Srl Product web page: https://www.markoni.it Affected version: Markoni-D Compact FM Transmitters Markoni-DH Exciter+Amplifiers FM Transmitters Markoni-A Analogue Modulator FM Transmitters...

VulnCheck KEV: CVE-2021-3577

An unauthenticated remote code execution vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an attacker on the same network unauthorized access to the device...

CVE-2018-25095 Duplicator < 1.3.0 - Unauthenticated RCE

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

PT-2024-22: (Unauth Remote Code Execution) in MyQ Print Server

The vulnerability was identified in MyQ Print Server, versions 8.2 patch 43. An Unauthenticated Remote Code Execution vulnerability can be exploited by an attacker to gain elevated privileges on the target server. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 25.12.20...

Exploit for Missing Authorization in Zoneminder

CVE-2023-26035 Unauthenticated RCE in ZoneMinder Snapshots - P...

Digital Communications Technologies Syrus 4G IoT Security Breach

Digital Communications Technologies Syrus 4G IoT is a device for vehicle remote monitoring and Internet of Things IoT applications from Digital Communications Technologies. Digital Communications Technologies Syrus 4G IoT suffers from a security vulnerability that originates from the ability to...

CVE-2023-45614

There are buffer overflow vulnerabilities in the underlying CLI service that could lead to unauthenticated remote code execution by sending specially crafted packets destined to the PAPI Aruba's access point management protocol UDP port 8211. Successful exploitation of these vulnerabilities resul...

Aruba Networks ArubaOS and InstantOS Security Vulnerabilities

Aruba Networks ArubaOS and Aruba Networks InstantOS are both products of Aruba Networks, Inc. Aruba Networks InstantOS is an Arch Linux-based distribution. Aruba Networks ArubaOS and InstantOS have security vulnerabilities that stem from a buffer overflow vulnerability in the underlying CLI servi...

Deserialization of untrusted data

Frigate is an open source network video recorder. Prior to version 0.13.0 Beta 3, an unsafe deserialization vulnerability was identified in the endpoints used to save configurations for Frigate. This can lead to unauthenticated remote code execution. This can be performed through the UI at /confi...

Frigate Code Issue Vulnerability

Frigate is a complete local NVR designed for home assistants with AI object detection by Blake Blackshear Personal Developer. A code issue vulnerability exists in versions prior to Frigate 0.13.0 Beta 3 that stems from the presence of an insecure deserialization vulnerability that could lead to...

K000137368: Overview of F5 vulnerabilities (October 26, 2023)

Security Advisory Description On October 26, 2023, F5 announced the following security issues. This document is intended to serve as an overview of these vulnerabilities and security exposures to help determine the impact to your F5 devices. You can find the details of each issue in the associate...

CVE-2023-43208

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679...

CVE-2023-43208

NextGen Healthcare Mirth Connect (before 4.4.1) is affected by a deserialization of untrusted data vulnerability that allows unauthenticated remote code execution. Root cause: an incomplete patch of CVE-2023-37679 left a gadget chain bypassing the original deny list, enabling RCE via crafted HTTP...

CVE-2023-43762

Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server backend. This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15...

PT-2023-5291 · Rockwell Automation · Factorytalk View Machine Edition

Name of the Vulnerable Software and Affected Versions: Rockwell Automation FactoryTalk View Machine Edition affected versions not specified Description: The issue arises from improper verification of user input, allowing an unauthenticated attacker to achieve remote code execution via crafted...