Subscribe, build a custom feed, or pitch a sponsorship at hello@acadenix.com
Latest intel// live feed
CVE-2023-6933 — Wpengine Better_search_replace: The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in
The Better Search Replace plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.4 via deserialization of untrusted input. This makes it possible for unauthenticated attackers to inject a PHP Object. No POP chain is present in the vulnerable plugin. If a POP chain is present via an additional plugin or theme installed on the target system, it could allow the attacker to delete arbitrary files, retrieve sensitive data, or execute c CVSSv3.1 8.8 (HIGH) · EPSS 100th percentile
CVE-2023-6846 — Filemanagerpro File_manager: The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in
The File Manager Pro plugin for WordPress is vulnerable to Arbitrary File Upload in all versions up to, and including, 8.3.4 via the mk_check_filemanager_php_syntax AJAX function. This makes it possible for authenticated attackers, with subscriber access and above, to execute code on the server. Version 8.3.5 introduces a capability check that prevents users lower than admin from executing this function. CVSSv3.1 8.8 (HIGH) · EPSS 94th percentile
CVE-2023-6700 — Cookieinformation Wp-gdpr-compliance: The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to
The Cookie Information | Free GDPR Consent Solution plugin for WordPress is vulnerable to arbitrary option updates due to a missing capability check on its AJAX request handler in versions up to, and including, 2.0.22. This makes it possible for authenticated attackers, with subscriber-level access or higher, to edit arbitrary site options which can be used to create administrator accounts. CVSSv3.1 8.8 (HIGH) · EPSS 97th percentile
CVE-2024-23054 — Plone Plone_docker_official_image: An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow
An issue in Plone Docker Official Image 5.2.13 (5221) open-source software that could allow for remote code execution due to a package listed in ++plone++static/components not existing in the public package index (npm). CVSSv3.1 9.8 (CRITICAL) · EPSS 74th percentile
CVE-2023-6676 — Nationalkeep Cybermath: Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross
Cross-Site Request Forgery (CSRF) vulnerability in National Keep Cyber Security Services CyberMath allows Cross Site Request Forgery. This issue affects CyberMath: from v1.4 before v1.5. CVSSv3.1 8.8 (HIGH) · EPSS 22th percentile
CVE-2023-6675 — Nationalkeep Cybermath: Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services
Unrestricted Upload of File with Dangerous Type vulnerability in National Keep Cyber Security Services CyberMath allows Upload a Web Shell to a Web Server. This issue affects CyberMath: from v.1.4 before v.1.5. CVSSv3.1 9.8 (CRITICAL) · EPSS 26th percentile
CVE-2024-22903 — Vinchin Vinchin_backup_and_recovery: Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the deleteUpdateAPK function. CVSSv3.1 8.8 (HIGH) · EPSS 77th percentile
CVE-2024-22902 — Vinchin Vinchin_backup_and_recovery: Backup & Recovery v7.2 was discovered to be configured with default root credentials.
Vinchin Backup & Recovery v7.2 was discovered to be configured with default root credentials. CVSSv3.1 9.8 (CRITICAL) · EPSS 63th percentile
CVE-2024-22901 — Vinchin Vinchin_backup_and_recovery: Backup & Recovery v7.2 was discovered to use default MYSQL credentials.
Vinchin Backup & Recovery v7.2 was discovered to use default MYSQL credentials. CVSSv3.1 9.8 (CRITICAL) · EPSS 62th percentile
CVE-2024-22900 — Vinchin Vinchin_backup_and_recovery: Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the setNetworkCardInfo function. CVSSv3.1 8.8 (HIGH) · EPSS 77th percentile
CVE-2024-22899 — Vinchin Vinchin_backup_and_recovery: Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution
Vinchin Backup & Recovery v7.2 was discovered to contain an authenticated remote code execution (RCE) vulnerability via the syncNtpTime function. CVSSv3.1 8.8 (HIGH) · EPSS 82th percentile
CVE-2024-21626 — Linuxfoundation Runc: In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker
runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain CVSSv3.1 8.6 (HIGH) · EPSS 97th percentile
Volatility 3 v2.5.2
Volatility 3 v2.5.2 released with new cloud storage layers (Amazon S3, Google Cloud Storage), new plugins for Linux YARA scanning and Windows MFT ADS enumeration, and improvements to ELF file dumping and registry support.
CVE-2023-6779 — Gnu Glibc: An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc
An off-by-one heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes, leading to an incorrect calculation of the buffer size to store the message, resulting in an application crash. This issue affects glibc 2.37 and newer. CVSSv3.1 8.2 (HIGH) · EPSS 71th percentile
CVE-2023-6246 — Gnu Glibc: A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library.
A heap-based buffer overflow was found in the __vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called, or called with the ident argument set to NULL, and the program name (the basename of argv[0]) is bigger than 1024 bytes, resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer. CVSSv3.1 8.4 (HIGH) · EPSS 96th percentile
CVE-2024-23507 — Instawp Instawp_connect: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in InstaWP InstaWP Connect instawp-connect.This issue affects InstaWP Connect: from n/a through <= 0.1.0.9. CVSSv3.1 8.5 (HIGH)
D-Link DAP-1650 gena.cgi SUBSCRIBE Command Injection Vulnerability
D-Link DAP-1650 contains an unauthenticated command injection vulnerability in the gena.cgi module when processing UPnP SUBSCRIBE messages, allowing remote attackers to execute arbitrary commands as root. The device is end-of-life with no patches available. Vulnerability was disclosed to vendor in December 2021 and publicly disclosed in January 2024.
D-Link DAP-1650 SUBSCRIBE ‘Callback’ Command Injection Vulnerability
D-Link DAP-1650 contains an unauthenticated command injection vulnerability in the UPnP SUBSCRIBE message handler's 'Callback' parameter, allowing remote attackers to execute arbitrary commands as root. The vulnerability was disclosed to the vendor in December 2021 but remains unpatched; the device is end-of-life with no remediation available.
Motorola MR2600 ‘SaveSysLogParams’ Command Injection Vulnerability
Exodus Intelligence disclosed a command injection vulnerability (CVE-2024-23626) in the Motorola MR2600 network appliance affecting the 'SaveSysLogParams' parameter, allowing remote authenticated attackers to execute arbitrary commands. The vulnerability was disclosed nearly 3 years after vendor notification; the product is end-of-life with no patches available.
CVE-2024-22922 — Projectworlds Visitor_management_system: An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to
An issue in Projectworlds Vistor Management Systemin PHP v.1.0 allows a remtoe attacker to escalate privileges via a crafted script to the login page in the POST/index.php CVSSv3.1 9.8 (CRITICAL) · EPSS 57th percentile
CVE-2023-40547 — Redhat Shim: A remote code execution vulnerability was found in Shim.
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP request, leading to a completely controlled out-of-bounds write primitive and complete system compromise. This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-Middle or compromise the boot server to be able to exploit this v CVSSv3.1 8.3 (HIGH) · EPSS 91th percentile
CVE-2023-6697 — Wpgmaps Wp_go_maps: The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to
The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the map id parameter in all versions up to, and including, 9.0.28 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link. CVSSv3.1 6.1 (MEDIUM) · EPSS 98th percentile
CVE-2023-36177 — Badaix Snapcast: An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute
An issue was discovered in badaix Snapcast version 0.27.0, allows remote attackers to execute arbitrary code and gain sensitive information via crafted request in JSON-RPC-API. CVSSv3.1 9.8 (CRITICAL) · EPSS 98th percentile
CVE-2023-51925 — Yonyou Yonbip: An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers
An arbitrary file upload vulnerability in the nccloud.web.arcp.taskmonitor.action.ArcpUploadAction.doAction() method of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile
CVE-2023-51924 — Yonyou Yonbip: An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers
An arbitrary file upload vulnerability in the uap.framework.rc.itf.IResourceManager interface of YonBIP v3_23.05 allows attackers to execute arbitrary code via uploading a crafted file. CVSSv3.1 9.8 (CRITICAL) · EPSS 58th percentile