CVE-2024-42423 : DELL WYSE PROPRIETARY OS 2311/2402 CITRIX WORKSPACE APP AUTHORIZATION
Description Citrix Workspace App version 23.9.0.24.4 on Dell ThinOS 2311 contains an Incorrect Authorization vulnerability when Citrix CEB is enabled
CVE-2024-6342 : ZYXEL NAS326/NAS542 UP TO 5.21 HTTP POST REQUEST OS COMMAND INJECTION
Description **UNSUPPORTED WHEN ASSIGNED** A command injection vulnerability in the export-cgi program of Zyxel NAS326 firmware versions through V5.21(AAZF.18)C0 and
CVE-2024-8601 : TECHEXCEL SOFTWARE SOLUTIONS BACK OFFICE SOFTWARE 0.X API ENDPOINT AUTHORIZATION
Description This vulnerability exists in TechExcel Back Office Software versions prior to 1.0.0 due to improper access controls on certain
What Is The Role Of API Gateways In API Security?
API gateways play a key role in today’s digital security, acting as an essential safety net to protect APIs from
CVE-2024-37288 : ELASTIC KIBANA 8.15.0 YAML PARSER DESERIALIZATION
Description A deserialization issue in Kibana can lead to arbitrary code execution when Kibana attempts to parse a YAML document
CVE-2024-8584 : LEARNING DIGITAL ORCA HCM UP TO 10.X ACCESS CONTROL
Description Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to
CVE-2024-36138 : NODE.JS UP TO 18.20.3/20.15.0/22.4.0 ON WINDOWS INCOMPLETE FIX CVE-2024-27980 CHILD_PROCESS.SPAWN/CHILD_PROCESS.SPAWNSYNC COMMAND INJECTION
Description Bypass incomplete fix of CVE-2024-27980, that arises from improper handling of batch files with all possible extensions on Windows
CVE-2024-40681 : IBM MQ OPERATOR 2.0.26/3.2.4 QUEUE MANAGER PRIVILEGES ASSIGNMENT
Description IBM MQ Operator 2.0.26 and 3.2.4 could allow an authenticated user in a specifically defined role, to bypass security
CVE-2024-8567 : ITSOURCECODE PAYROLL MANAGEMENT SYSTEM 1.0 AJAX.PHP ID SQL INJECTION
Description A vulnerability, which was classified as critical, has been found in itsourcecode Payroll Management System 1.0. This issue affects
CVE-2024-8565 : SOURCECODESTERS CLINICS PATIENT MANAGEMENT SYSTEM 2.0 /PRINT_DISEASES.PHP DISEASE/FROM/TO SQL INJECTION
Description A vulnerability was found in SourceCodesters Clinics Patient Management System 2.0. It has been rated as critical. This issue
CVE-2024-8523 : LMXCMS UP TO 1.4 SQL COMMAND EXECUTION MODULE ADMIN.PHP FORMATDATA DATA CODE INJECTION
Description A vulnerability was found in lmxcms up to 1.4 and classified as critical. Affected by this issue is the
CVE-2024-25584 : OPEN-XCHANGE OX DOVECOT PRO UP TO 2.3.21 DATA COMMAND DATA AUTHENTICITY
Description Dovecot accepts dot LF DOT LF symbol as end of DATA command. RFC requires that it should always be
What GDPR 2.0 Means For Businesses In 2024?
GDPR 2.0, the forthcoming update to the General Data Protection Regulation, is set to redefine data privacy and security standards
CVE-2024-8521 : WAVELOG UP TO 1.8.0 LIVE QSO /QSO INDEX MANUAL CROSS SITE SCRIPTING
Description A vulnerability, which was classified as problematic, was found in Wavelog up to 1.8.0. Affected is the function index
CVE-2024-6445 : DATAFLOWX TECHNOLOGY DATADIODEX UP TO 3.4.X PATH TRAVERSAL
Description Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in DataFlowX Technology DataDiodeX allows Path Traversal.
CVE-2024-34155 : GOOGLE GO UP TO 1.22.6/1.23.0 GO-PARSER PARSE RESOURCE CONSUMPTION
Description Calling any of the Parse functions on Go source code which contains deeply nested literals can cause a panic
CVE-2024-40711 : VEEAM BACKUP & REPLICATION UP TO 12.1.2.172 REMOTE CODE EXECUTION
Description A deserialization of untrusted data vulnerability with a malicious payload can allow an unauthenticated remote code execution (RCE). References
CVE-2024-40865 : APPLE VISIONOS UP TO 1.2 VIRTUAL KEYBOARD PRIVILEGE ESCALATION
Description The issue was addressed by suspending Persona when the virtual keyboard is active. This issue is fixed in visionOS
CVE-2024-8395 : FLYCASS COCKPIT ACCESS SECURITY SYSTEM/KNOWN CREWMEMBER SQL INJECTION
Description FlyCASS CASS and KCM systems did not correctly filter SQL queries, which made them vulnerable to attack by outside
CVE-2024-38486 : DELL SMARTFABRIC OS10 SOFTWARE UP TO 10.5.5.10/10.5.6.X COMMAND INJECTION
Description Dell SmartFabric OS10 Software, version(s) 10.5.5.4 through 10.5.5.10 and 10.5.6.x , contain(s) an Improper Neutralization of Special Elements used
CVE-2024-8480 : IMAGE OPTIMIZER, RESIZER AND CDN PLUGIN UP TO 7.2.7 ON WORDPRESS SIRV_SAVE_PREVENTED_SIZES AUTHORIZATION
Description The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due
What Is GraphQL API And How To Secure Them?
GraphQL API security is critical to protecting your application from threats and vulnerabilities. GraphQL, with its simple and efficient data
CVE-2024-7261 : ZYXEL NWA1123ACV3/WAC500/WAX655E/WBE530/USG LITE 60AX COOKIE HOST OS COMMAND INJECTION
Description The improper neutralization of special elements in the parameter “host” in the CGI program of Zyxel NWA1123ACv3 firmware version
CVE-2024-1621 : NT-WARE UNIFLOW ONLINE UP TO 2024.1.0 REGISTRATION VERIFICATION OF SOURCE
Description The registration process of uniFLOW Online (NT-ware product) apps, prior to and including version 2024.1.0, can be compromised when