The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-32651 Severity: 10.0 CRITICAL Impacted Products: changedetection.io (specifically the use of Jinja2 for server-side template rendering) Description: This CVE identifies a critical Server Side Template Injection (SSTI) vulnerability in Jinja2 used by changedetection.io, which allows for Remote Command Execution (RCE) on the server host.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3400 Severity: 10 CRITICAL Impacted Products: Palo Alto Networks PAN-OS, specifically versions 10.2.0, 11.0.0, and 11.1.0 Description: The vulnerability is a command injection flaw in the GlobalProtect feature of PAN-OS, allowing an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3400 Severity: 10 CRITICAL Impacted Products: Palo Alto Networks PAN-OS, specifically versions 10.2.0, 11.0.0, and 11.1.0 Description: The vulnerability is a command injection flaw in the GlobalProtect feature of PAN-OS, allowing an unauthenticated attacker to execute arbitrary code with root privileges on the firewall.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3094 Severity: 10.0 CRITICAL Impacted Products: xz versions 5.6.0 and 5.6.1 are directly affected. The issue impacts various distributions and software packages relying on these versions of xz, including Debian testing, unstable, and experimental distributions, OpenSUSE Tumbleweed and OpenSUSE Micro OS, Alpine (versions prior to 5.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-3094 Severity: 10.0 CRITICAL Impacted Products: xz versions 5.6.0 and 5.6.1 are directly affected. The issue impacts various distributions and software packages relying on these versions of xz, including Debian testing, unstable, and experimental distributions, OpenSUSE Tumbleweed and OpenSUSE Micro OS, Alpine (versions prior to 5.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-25153 Severity: 9.8 CRITICAL Impacted Products: Fortra FileCatalyst Workflow 5.x, before version 5.1.6 Build 114 Description: The vulnerability, found in the ‘ftpservlet’ of the FileCatalyst Workflow Web Portal, enables directory traversal. This allows for unauthorized file uploads outside the intended ‘uploadtemp’ directory, potentially leading to Remote Code Execution (RCE) on the server.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-21762 Severity: 9.8 CRITICAL Impacted Products: Fortinet FortiOS, FortiProxy various versions Description: Out-of-bounds write vulnerability enabling unauthorized code or command execution via crafted requests. Remediation: Follow Fortinet’s vendor instructions for mitigation or product discontinuation if not available.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-21378 Severity: 8.0 HIGH Impacted Products: Various versions of Microsoft 365 Apps, Office 2019, Office Long Term Servicing Channel 2021, Outlook 2016 Description: A vulnerability in Microsoft Outlook allowing remote code execution. Remediation: Microsoft has released patches.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-27198 Severity: Critical (CNA score: 9.8) Impacted Products: JetBrains TeamCity before 2023.11.4 Description: Authentication bypass allowing admin actions. Remediation: Update to TeamCity version 2023.11.4 or newer. More Info: NVD CVE-2024-27198 PoC: Rapid7 Blog CVE-2024-27199 Severity: High (CNA score: 7.…

The most featured CVEs in this week’s security newsletters, with public Proof-of-Concepts, ordered by mention count. For the most up-to-date and accurate info, visit the NIST links. Always audit PoCs thoroughly before running them. CVE-2024-1709 Severity: 10.0 CRITICAL Impacted Products: ConnectWise ScreenConnect 23.9.7 and prior Description: Authentication Bypass Using an Alternate Path or Channel vulnerability, may allow direct access to confidential information or critical systems. Remediation: Patch on-premise instances.…