The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4577 Severity: Awaiting Reanalysis Impacted Products: PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4577 Severity: Awaiting Reanalysis Impacted Products: PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-24919 Severity: Awaiting Analysis Impacted Products: Checkpoint Security Gateway and other Checkpoint products. Description: Path traversal bug potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-23108 Severity: Awaiting Analysis Impacted Products: Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 Description: An improper neutralization of special elements used in an os command (‘os command injection’) allows attacker to execute unauthorized code or commands via via crafted API requests.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4323 Severity: 9 CRITICAL Impacted Products: Fluent Bit versions 2.0.7 thru 3.0.3. Description: A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-32002 Severity: 9 CRITICAL Impacted Products: Git prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4 Description: Repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule’s worktree but into a .…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4547 & CVE-2024-4548 Severity: 9.8 CRITICAL Impacted Products: Delta Electronics DIAEnergie v1.10.1.8610 and prior Description: A SQL injection vulnerability exists in Delta Electronics DIAEnergie when CEBC.exe processes a ‘RecalculateHDMWYC’ or ‘RecalculateScript’ message. This message is split into four fields using ‘~’ as the separator, and an unauthenticated remote attacker can exploit this vulnerability through the fourth field to perform SQL injection.…