CVE-2024-54724

CVE-2024-54724

Título es
CVE-2024-54724

Jue, 09/01/2025 – 20:15

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2024-54724

Descripción en
PHPYun before 7.0.2 is vulnerable to code execution through backdoor-restricted arbitrary file writing and file inclusion.

09/01/2025
09/01/2025
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
Pendiente de análisis

Referencias

  • http://phpyun.com

  • https://github.com/la12138la/detail/blob/main/1.md

    • Enviar en el boletín
    Off

    CVE-2024-46505

    CVE-2024-46505

    Título es
    CVE-2024-46505

    Jue, 09/01/2025 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-46505

    Descripción en
    Infoblox BloxOne v2.4 was discovered to contain a business logic flaw due to thick client vulnerabilities.

    09/01/2025
    09/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://jayaramyalla.medium.com/bloxone-business-logic-flaw-due-to-thick-client-vulnerabilities-cve-2024-46505-04a4f1966f4b

    • Enviar en el boletín
    Off

    CVE-2024-42898

    CVE-2024-42898

    Título es
    CVE-2024-42898

    Jue, 09/01/2025 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-42898

    Descripción en
    A cross-site scripting (XSS) vulnerability in Nagios XI 2024R1.1.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page.

    09/01/2025
    09/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/simalamuel/Research/tree/main/CVE-2024-42898

  • Security Disclosures


    • Enviar en el boletín
    Off

    CVE-2024-56114

    CVE-2024-56114

    Título es
    CVE-2024-56114

    Jue, 09/01/2025 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56114

    Descripción en
    Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account.

    09/01/2025
    09/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56114

  • https://www.e-connectsolutions.com

    • Enviar en el boletín
    Off

    CVE-2024-56113

    CVE-2024-56113

    Título es
    CVE-2024-56113

    Jue, 09/01/2025 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-56113

    Descripción en
    Smart Toilet Lab – Motius 1.3.11 is running with debug mode turned on (DEBUG = True) and exposing sensitive information defined in Django settings file through verbose error page.

    09/01/2025
    09/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/Henkel-CyberVM/CVEs/tree/main/CVE-2024-56113

  • https://smarttoilet.pratt.duke.edu

    • Enviar en el boletín
    Off

    CVE-2024-55494

    CVE-2024-55494

    Título es
    CVE-2024-55494

    Jue, 09/01/2025 – 20:15

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-55494

    Descripción en
    A cross-site scripting (XSS) vulnerability in Opencode Mobile Collect Call v5.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the op_func parameter at /occontrolpanel/index.php.

    09/01/2025
    09/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.10

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://github.com/hassan-mohammed/security-findings/tree/main/CVEs/CVE-2024-55494

  • https://github.com/hassan-mohammed/security-findings/tree/main/CVEs/CVE-2024-55494

    • Enviar en el boletín
    Off

    CVE-2024-54887

    CVE-2024-54887

    Título es
    CVE-2024-54887

    Jue, 09/01/2025 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-54887

    Descripción en
    TP-Link TL-WR940N V3 and V4 with firmware 3.16.9 and earlier contain a buffer overflow via the dnsserver1 and dnsserver2 parameters at /userRpm/Wan6to4TunnelCfgRpm.htm. This vulnerability allows an authenticated attacker to execute arbitrary code on the remote device in the context of the root user.

    09/01/2025
    09/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • http://tp-link.com

  • https://github.com/JBince/vulnerability-research/tree/main/CVE-2024-54887

    • Enviar en el boletín
    Off

    CVE-2024-54762

    CVE-2024-54762

    Título es
    CVE-2024-54762

    Jue, 09/01/2025 – 20:15

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2024-54762

    Descripción en
    Ruoyi v.4.7.9 and before contains an authenticated SQL injection vulnerability. This is because the filterKeyword method does not completely filter SQL injection keywords, resulting in the risk of SQL injection.

    09/01/2025
    09/01/2025
    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    Pendiente de análisis

    Referencias

  • https://github.com/yangzongzhuan/RuoYi/

  • https://locrian-lightning-dc7.notion.site/CVE-2024-54762-1748e5e2b1a280b4a549dcce2c4823e8

    • Enviar en el boletín
    Off

    CVE-2025-22824

    CVE-2025-22824

    Título es
    CVE-2025-22824

    Jue, 09/01/2025 – 16:16

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22824

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Lucia Intelisano Live Flight Radar allows Stored XSS.This issue affects Live Flight Radar: from n/a through 1.0.

    09/01/2025
    09/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/live-flight-radar/vulnerability/wordpress-live-flight-radar-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off

    CVE-2025-22823

    CVE-2025-22823

    Título es
    CVE-2025-22823

    Jue, 09/01/2025 – 16:16

    Tipo
    CWE-79

    Gravedad 2.0 Txt
    Pendiente de análisis

    Título en

    CVE-2025-22823

    Descripción en
    Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Justin Twerdy Genesis Style Shortcodes allows DOM-Based XSS.This issue affects Genesis Style Shortcodes: from n/a through 1.0.

    09/01/2025
    09/01/2025
    Vector CVSS:3.1
    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

    Gravedad 3.1 (CVSS 3.1 Base Score)
    6.50

    Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
    MEDIUM

    Referencias

  • https://patchstack.com/database/wordpress/plugin/genesis-style-shortcodes/vulnerability/wordpress-genesis-style-shortcodes-plugin-1-0-cross-site-scripting-xss-vulnerability?_s_id=cve

    • Enviar en el boletín
    Off