The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-7954 Severity: 9.8 CRITICAL Impacted Products: porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16porte_plume plugin used by SPIP before 4.30-alpha2, 4.2.13, and 4.1.16 Description: Arbitrary code execution vulnerability. A remote and unauthenticated attacker can execute arbitrary PHP as the SPIP user by sending a crafted HTTP request.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-38189 Severity: 8.8 HIGH Impacted Products: Various Microsoft products including Windows 10, Server 2019, Office 365. Description: An attacker could exploit this vulnerability to execute arbitrary code. An attacker would need to craft a malicious Microsoft Office Project file and lure a user to open it on a system with a specific configuration.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-6782 Severity: 9.8 CRITICAL Impacted Products: Calibre 6.9.0 ~ 7.14.0 Description: Improper access control in Calibre 6.9.0 ~ 7.14.0 allow unauthenticated attackers to achieve remote code execution. Remediation: Follow developer guidance. More Info: CVE-2024-6782 PoC: https://starlabs.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. N.B. this week, there were a few prototype pollution vulns on open source projects that basically nobody uses. I’ve compiled them this time but in future, if an impacted product has no users, you won’t see it here.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3273 Severity: 9.8: CRITICAL Impacted Products: D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Description: Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3273 Severity: 9.8: CRITICAL Impacted Products: D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Description: Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. This week, I moved the post release day from Sunday to Monday. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4879 Severity: Awaiting analysis Impacted Products: ServiceNow, self hosted - SN-hosted platforms have been patched. Description: ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…