Attackers exploiting a patched FortiClient EMS vulnerability in the wild

Introduction During a recent incident response, Kaspersky's GERT team identified a set of TTPs and indicators linked to an attacker that infiltrated a company's networks by targeting a Fortinet vulnerability for which a patch was already available. This vulnerability is an improper filtering of S...

CVE-2024-47397

Weak authentication issue exists in AE1021 firmware versions 2.0.10 and earlier and AE1021PE firmware versions 2.0.10 and earlier. If this vulnerability is exploited, the authentication may be bypassed with an undocumented specific string...

CVE

...

GHSA-8VWH-PR89-4MW2 Laravel Pulse Allows Remote Code Execution via Unprotected Query Method

A vulnerability has been discovered in Laravel Pulse that could allow remote code execution through the public remember method in the Laravel\Pulse\Livewire\Concerns\RemembersQueries trait. This method is accessible via Livewire components and can be exploited to call arbitrary callables within t...

Adobe Experience Manager cross-site scripting vulnerability (CNVD-2025-02457)

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

PT-2024-10475 · Gstreamer +10 · Gstreamer +10

Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: The issue is related to an integer overflow in the memory reallocation process. The program attempts to reallocate memory to accommodate a certain number of elements, but if the value read from...

CVE-2024-54045

Adobe Connect versions 12.6, 11.4.7 and earlier are affected by a reflected Cross-Site Scripting XSS vulnerability. If an unauthenticated attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the...

CVE-2024-48956

Serviceware Processes 6.0 through 7.3 before 7.4 allows attackers without valid authentication to send a specially crafted HTTP request to a service endpoint resulting in remote code execution...

Cisco NX-OS Permissions, Privileges, and Access Controls (CVE-2011-2569)

Cisco Nexus OS aka NX-OS 4.2 and 5.0 and Cisco Unified Computing System with software 1.4 and 2.0 do not properly restrict command-line options, which allows local users to gain privileges via unspecified vectors, aka Bug IDs CSCtf40008, CSCtg18363, CSCtr44645, CSCts10195, and CSCts10188. This...

Apache Kafka Authorization Issues Vulnerability

Apache Kafka is an open source distributed streaming platform from the Apache Foundation in the United States. The platform is capable of acquiring real-time data for building applications that react in real time to changes in the data stream. An authorization issue vulnerability exists in Apache...

PAN-OS Firewall Vulnerability Under Active Exploitation – IoCs and Patch Released

Palo Alto Networks has released new indicators of compromise IoCs a day after the network security vendor confirmed that a zero-day vulnerability impacting its PAN-OS firewall management interface has been actively exploited in the wild. To that end, the company said it observed malicious activit...

Google Android elevation of privilege vulnerability (CNVD-2024-47701)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability that can be exploited by an attacker to elevate privileges...

PT-2024-8152 · Microsoft · Windows 11 +4

Name of the Vulnerable Software and Affected Versions: Windows Registry versions prior to the fixed version Description: The issue is related to an elevation-of-privilege vulnerability in the Windows Registry, which can be exploited to gain elevated privileges on the system. This vulnerability is...

Rockwell Automation ThinManager Denial of Service Vulnerability

Rockwell Automation ThinManager is a thin client management software from Rockwell Automation, Inc. It allows thin clients to be assigned to multiple remote desktop servers simultaneously. A denial of service vulnerability exists in Rockwell Automation ThinManager, which can be exploited by an...

Fedora 39 : podman-tui (2024-1068d5c32b)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2024-1068d5c32b advisory. release 1.2.3 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested for this issu...

Adobe Dimension out-of-bounds write vulnerability (CNVD-2024-44529)

Adobe Dimension is the United States of America Odo than Adobe company is a set of 2D and 3D composite design tools. Adobe Dimension suffers from an out-of-bounds write vulnerability that can be exploited by an attacker to execute arbitrary code...

TOTOLINK AC1200 Buffer Overflow Vulnerability

TOTOLINK AC1200 is a dual-band Wi-Fi router from China's Gion Electronics TOTOLINK. The TOTOLINK AC1200 suffers from a buffer overflow vulnerability that originates from the desc parameter in the setStaticDhcpRules method of the /cgi-bin/cstecgi.cgi page that contains a buffer overflow...

CVE-2024-45388

creationtimestamp| type| source ---|---|--- 2024-09-02 21:24:11+00:00| seen| https://t.me/cvedetector/4642 2024-09-09 11:01:47+00:00| published-proof-of-concept| https://t.me/realLulzSec/1943 2024-09-09 11:38:54+00:00| published-proof-of-concept| https://t.me/GithubRedTeam/8495 2024-09-09...

Kashipara Bus Ticket Reservation System Cross-Site Request Forgery Vulnerability

Kashipara Bus Ticket Reservation System is a bus reservation system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Bus Ticket Reservation System v1.0, which stems from /deleteTicket.php not adequately verifying that the request comes from a trusted user, and can be...

Kashipara Music Management System Cross-Site Request Forgery Vulnerability

Kashipara Music Management System is a music management system from Kashipara. A cross-site request forgery vulnerability exists in Kashipara Music Management System v1.0, which can be exploited by an attacker to spoof a malicious request and trick a victim into clicking on it to perform a...