Snapshot
Jan. 4, 2025 - Jan. 10, 2025
CISA Known Exploited Vulnerabilities |
||||
|---|---|---|---|---|
| No issues added to the CISA Known Exploited Vulnerability list. | ||||
Newswires |
||||
|
Eagerbee Malware Targets Middle Eastern Government and ISPs
The Eagerbee malware framework is seeing new variants being used against government entities and ISPs in the Middle East. |
Jan. 6, 2025 |
|||
Vulnerabilities In The News |
||||
| CVE | Summary | Severity | Vendor | Risk Context |
| CVE-2024-12583 (1) | The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versi... | CRITICAL |
Remote Code Execution |
|
| CVE-2024-9140 (1) | Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. | CRITICAL | Risk Context N/A | |
| CVE-2021-26855 (2) | Microsoft Exchange Server Remote Code Execution Vulnerability | CRITICAL | Microsoft |
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
| CVE-2024-10957 (1) | The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from... | HIGH | Risk Context N/A | |
| CVE-2024-43405 (6) | Nuclei is a vulnerability scanner powered by YAML based templates. | HIGH | Projectdiscovery |
Remote Code Execution |
| CVE-2024-49113 (1) | Windows Lightweight Directory Access Protocol Denial of Service Vulnerability | HIGH |
Public Exploits Available |
|
| CVE-2024-43452 (1) | Windows Registry Elevation of Privilege Vulnerability | HIGH | Microsoft | Risk Context N/A |
| CVE-2024-9138 (1) | Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2... | HIGH | Risk Context N/A | |
| CVE-2024-12856 (1) | The Four-Faith router models F3x24 and F3x36 are affected by an operating system command injection vulnerability. | HIGH |
Actively Exploited Remote Code Execution |
|
| CVE-2024-3393 (1) | A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated... | N/A | Palo Alto Networks |
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
CISA Known Exploited Vulnerabilities
CISA added 0 vulnerabilities to the known exploited vulnerabilities list.
In The News
Vulnerabilities receiving the most attention in traditional news media.
CVE-2024-12583 |
|
CRITICAL CVSS 9.90 EPSS Score 0.06 EPSS Percentile 25.55 |
|
Remote Code Execution |
|
Published: Jan. 4, 2025 |
|
The Dynamics 365 Integration plugin for WordPress is vulnerable to Remote Code Execution and Arbitrary File Read in all versions up to, and including, 1.3.23 via Twig Server-Side Template Injection. This is due to missing input validation and sanitization on the render function. This makes it possible for authenticated attackers, with Contributor-level access and above, to execute code on the server. |
|
Headlines |
| Back to top ↑ |
CVE-2024-9140 |
|
CRITICAL CVSS 9.80 EPSS Score 0.04 EPSS Percentile 11.28 |
|
Risk Context N/A |
|
Published: Jan. 3, 2025 |
|
Moxa’s cellular routers, secure routers, and network security appliances are affected by a critical vulnerability, CVE-2024-9140. This vulnerability allows OS command injection due to improperly restricted commands, potentially enabling attackers to execute arbitrary code. This poses a significant risk to the system’s security and functionality. |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2021-26855 |
|
CRITICAL CVSS 9.10 EPSS Score 97.51 EPSS Percentile 99.99 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Used In Ransomware Public Exploits Available |
|
Published: March 3, 2021 |
|
Microsoft Exchange Server Remote Code Execution Vulnerability |
|
Vendor Impacted: Microsoft |
|
Product Impacted: Exchange Server |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-10957 |
|
HIGH CVSS 8.80 EPSS Score 0.06 EPSS Percentile 29.45 |
|
Risk Context N/A |
|
Published: Jan. 4, 2025 |
|
The UpdraftPlus: WP Backup & Migration Plugin plugin for WordPress is vulnerable to PHP Object Injection in all versions from 1.23.8 to 1.24.11 via deserialization of untrusted input in the 'recursive_unserialized_replace' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in the vulnerable software, which means this vulnerability has no impact unless another plugin or theme containing a POP chain is installed on the site. If a POP chain is present via an additional plugin or theme installed on the target system, it may allow the attacker to perform actions like delete arbitrary files, retrieve sensitive data, or execute code depending on the POP chain present. An administrator must perform a search and replace action to trigger the exploit. |
|
Headlines |
| Back to top ↑ |
CVE-2024-43405 |
|
HIGH CVSS 7.80 EPSS Score 0.05 EPSS Percentile 23.19 |
|
Remote Code Execution |
|
Published: Sept. 4, 2024 |
|
Nuclei is a vulnerability scanner powered by YAML based templates. Starting in version 3.0.0 and prior to version 3.3.2, a vulnerability in Nuclei's template signature verification system could allow an attacker to bypass the signature check and possibly execute malicious code via custom code template. The vulnerability is present in the template signature verification process, specifically in the `signer` package. The vulnerability stems from a discrepancy between how the signature verification process and the YAML parser handle newline characters, combined with the way multiple signatures are processed. This allows an attacker to inject malicious content into a template while maintaining a valid signature for the benign part of the template. CLI users are affected if they execute custom code templates from unverified sources. This includes templates authored by third parties or obtained from unverified repositories. SDK Users are affected if they are developers integrating Nuclei into their platforms, particularly if they permit the execution of custom code templates by end-users. The vulnerability is addressed in Nuclei v3.3.2. Users are strongly recommended to update to this version to mitigate the security risk. As an interim measure, users should refrain from using custom templates if unable to upgrade immediately. Only trusted, verified templates should be executed. Those who are unable to upgrade Nuclei should disable running custom code templates as a workaround. |
|
Vendor Impacted: Projectdiscovery |
|
Product Impacted: Nuclei |
|
Quotes
|
|
Headlines
|
| Back to top ↑ |
CVE-2024-49113 |
|
HIGH CVSS 7.50 EPSS Score 0.05 EPSS Percentile 18.91 |
|
Public Exploits Available |
|
Published: Dec. 12, 2024 |
|
Windows Lightweight Directory Access Protocol (LDAP) Denial of Service Vulnerability |
|
Headlines |
| Back to top ↑ |
CVE-2024-43452 |
|
HIGH CVSS 7.50 EPSS Score 0.09 EPSS Percentile 40.04 |
|
Risk Context N/A |
|
Published: Nov. 12, 2024 |
|
Windows Registry Elevation of Privilege Vulnerability |
|
Vendor Impacted: Microsoft |
|
Products Impacted: Windows Server 2008, Windows 11 22h2, Windows 10 21h2, Windows 11 24h2, Windows 10 22h2, Windows Server 2022, Windows Server 2019, Windows Server 2022 23h2, Windows 11 23h2, Windows 10 1809, Windows Server 2025 |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-9138 |
|
HIGH CVSS 7.20 EPSS Score 0.04 EPSS Percentile 11.01 |
|
Risk Context N/A |
|
Published: Jan. 3, 2025 |
|
Moxa’s cellular routers, secure routers, and network security appliances are affected by a high-severity vulnerability, CVE-2024-9138. This vulnerability involves hard-coded credentials, enabling an authenticated user to escalate privileges and gain root-level access to the system, posing a significant security risk. |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
CVE-2024-12856 |
|
HIGH CVSS 7.20 EPSS Score 0.05 EPSS Percentile 18.38 |
|
Actively Exploited Remote Code Execution |
|
Published: Dec. 27, 2024 |
|
The Four-Faith router models F3x24 and F3x36 are affected by an operating system (OS) command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this firmware version has default credentials which, if not changed, would effectively change this vulnerability into an unauthenticated and remote OS command execution issue. |
|
Headlines |
| Back to top ↑ |
CVE-2024-3393 |
|
CVSS Not Assigned EPSS Score 1.18 EPSS Percentile 84.81 |
|
CISA Known Exploited Actively Exploited Remote Code Execution Public Exploits Available |
|
Published: Dec. 27, 2024 |
|
A Denial of Service vulnerability in the DNS Security feature of Palo Alto Networks PAN-OS software allows an unauthenticated attacker to send a malicious packet through the data plane of the firewall that reboots the firewall. Repeated attempts to trigger this condition will cause the firewall to enter maintenance mode. |
|
Vendor Impacted: Palo Alto Networks |
|
Product Impacted: Pan-Os |
|
Quotes
|
|
Headlines |
| Back to top ↑ |
Accelerate Security Teams
Schedule a free consultation with a vulnerability expert to discuss your use cases and to see a demo.
