The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3273 Severity: 9.8: CRITICAL Impacted Products: D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Description: Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3273 Severity: 9.8: CRITICAL Impacted Products: D-Link DNS-320L, DNS-325, DNS-327L and DNS-340L up to 20240403. Description: Affected is an unknown function of the file /cgi-bin/nas_sharing.cgi of the component HTTP GET Request Handler. The manipulation of the argument system leads to command injection.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. This week, I moved the post release day from Sunday to Monday. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4879 Severity: Awaiting analysis Impacted Products: ServiceNow, self hosted - SN-hosted platforms have been patched. Description: ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-5806 Severity: Awaiting analysis Impacted Products: MOVEit Transfer: from 2023.0.0 before 2023.0.11, from 2023.1.0 before 2023.1.6, from 2024.0.0 before 2024.0.2. Description: Improper Authentication vulnerability in Progress MOVEit Transfer (SFTP module) can lead to Authentication Bypass.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4577 Severity: Awaiting Reanalysis Impacted Products: PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-4577 Severity: Awaiting Reanalysis Impacted Products: PHP versions 8.1.* before 8.1.29, 8.2.* before 8.2.20, 8.3.* before 8.3.8, when using Apache and PHP-CGI on Windows, if the system is set up to use certain code pages.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-24919 Severity: Awaiting Analysis Impacted Products: Checkpoint Security Gateway and other Checkpoint products. Description: Path traversal bug potentially allowing an attacker to read certain information on Check Point Security Gateways once connected to the internet and enabled with remote Access VPN or Mobile Access Software Blades.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-23108 Severity: Awaiting Analysis Impacted Products: Fortinet FortiSIEM version 7.1.0 through 7.1.1 and 7.0.0 through 7.0.2 and 6.7.0 through 6.7.8 and 6.6.0 through 6.6.3 and 6.5.0 through 6.5.2 and 6.4.0 through 6.4.2 Description: An improper neutralization of special elements used in an os command (‘os command injection’) allows attacker to execute unauthorized code or commands via via crafted API requests.…