SecuriTricks - 2024-06-12

Title	Published	Tags	Description	Number of indicators
Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day	June 12, 2024, 1:01 p.m.	black basta 2024-06-12	Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vuln…	5
Dipping into Danger: The WARMCOOKIE backdoor	June 12, 2024, 10:41 a.m.	malware backdoor obfuscation phishing campaigns 2024-06-12 warmcookie	Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCO…	6
Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale	June 12, 2024, 10:35 a.m.	impersonation pakistan fraud 2024-06-12 smishing	Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Paki…	14
UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion	June 12, 2024, 10:34 a.m.	data theft extortion 2024-06-12 snowflake unc5537	An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database …	48

Vulnerabilities

CVE	CVSS	Published	Product impacted	Tags
CVE-2024-4898	9.8	June 12, 2024, 11:15 a.m.	InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-4898
CVE-2024-37036	9.8	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-787 2024-06-12 cybersecurity@se.com CVE-2024-37036
CVE-2024-4315	9.1	June 12, 2024, 1:15 a.m.	parisneo/lollms	security@huntr.dev CWE-98 2024-06-12 CVE-2024-4315
CVE-2024-5211	9.1	June 12, 2024, 12:15 p.m.	mintplex-labs/anything-llm	security@huntr.dev CWE-29 2024-06-12 CVE-2024-5211
CVE-2024-4845	8.8	June 12, 2024, 10:15 a.m.	Icegram Express plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-4845
CVE-2024-25949	8.8	June 12, 2024, 1:15 p.m.	Dell OS10 Networking Switches	security_alert@emc.com CWE-285 2024-06-12 CVE-2024-25949
CVE-2024-5543	8.1	June 12, 2024, 2:15 a.m.	Slideshow Gallery LITE plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-5543
CVE-2024-3183	8.1	June 12, 2024, 9:15 a.m.	FreeIPA	secalert@redhat.com CWE-916 2024-06-12 CVE-2024-3183
CVE-2024-5154	8.1	June 12, 2024, 9:15 a.m.	cri-o	secalert@redhat.com CWE-668 2024-06-12 CVE-2024-5154
CVE-2024-37300	8.1	June 12, 2024, 4:15 p.m.	JupyterHub	security-advisories@github.com CWE-863 2024-06-12 CVE-2024-37300
CVE-2024-37037	8.1	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-22 2024-06-12 cybersecurity@se.com CVE-2024-37037
CVE-2024-28964	7.8	June 12, 2024, 3:15 p.m.	Dell Common Event Enabler	security_alert@emc.com CWE-502 2024-06-12 CVE-2024-28964
CVE-2024-0865	7.8	June 12, 2024, 6:15 p.m.	UNKNOWN	CWE-798 2024-06-12 cybersecurity@se.com CVE-2024-0865
CVE-2024-2747	7.8	June 12, 2024, 6:15 p.m.	Easergy Studio	CWE-428 2024-06-12 cybersecurity@se.com CVE-2024-2747
CVE-2023-48280	7.5	June 12, 2024, 10:15 a.m.	Consensu.Io	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-48280
CVE-2024-37038	7.5	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-276 2024-06-12 cybersecurity@se.com CVE-2024-37038
CVE-2024-5896	7.3	June 12, 2024, 4:15 p.m.	SourceCodester Employee and Visitor Gate Pass Logging System	CWE-89 cna@vuldb.com 2024-06-12 CVE-2024-5896
CVE-2024-2698	7.1	June 12, 2024, 8:15 a.m.	FreeIPA	secalert@redhat.com CWE-284 2024-06-12 CVE-2024-2698
CVE-2024-34065	7.1	June 12, 2024, 3:15 p.m.	@strapi/plugin-users-permissions	security-advisories@github.com 2024-06-12 CVE-2024-34065 CWE-294
CVE-2024-0160	6.8	June 12, 2024, 7:15 a.m.	Dell Client Platform	security_alert@emc.com CWE-863 2024-06-12 CVE-2024-0160
CVE-2024-5468	6.5	June 12, 2024, 9:15 a.m.	WordPress Header Builder Plugin - Pearl	security@wordfence.com 2024-06-12 CVE-2024-5468
CVE-2023-40209	6.5	June 12, 2024, 10:15 a.m.	Highcompress Image Compressor	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-40209
CVE-2024-5674	6.5	June 12, 2024, 11:15 a.m.	WordPress Newsletter - API v1 and v2 addon plugin	security@wordfence.com 2024-06-12 CVE-2024-5674
CVE-2024-5056	6.5	June 12, 2024, 12:15 p.m.	UNKNOWN	CWE-552 2024-06-12 CVE-2024-5056 cybersecurity@se.com
CVE-2024-5313	6.5	June 12, 2024, 1:15 p.m.	UNKNOWN	CWE-668 2024-06-12 cybersecurity@se.com CVE-2024-5313
CVE-2024-23445	6.5	June 12, 2024, 2:15 p.m.	Elasticsearch	2024-06-12 CVE-2024-23445 bressers@elastic.co
CVE-2024-31881	6.5	June 12, 2024, 7:15 p.m.	IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)	psirt@us.ibm.com CWE-770 2024-06-12 CVE-2024-31881
CVE-2024-4892	6.4	June 12, 2024, 2:15 a.m.	BuddyPress plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-4892
CVE-2024-4564	6.4	June 12, 2024, 4:15 a.m.	CoDesigner WooCommerce Builder for Elementor plugin	security@wordfence.com 2024-06-12 CVE-2024-4564
CVE-2024-3559	6.4	June 12, 2024, 5:15 a.m.	Custom Field Suite plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-3559
CVE-2024-5892	6.4	June 12, 2024, 6:15 a.m.	WordPress Divi Torque Lite Theme plugin	security@wordfence.com 2024-06-12 CVE-2024-5892
CVE-2024-3925	6.4	June 12, 2024, 8:15 a.m.	Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-3925
CVE-2024-5266	6.4	June 12, 2024, 9:15 a.m.	Download Manager Pro plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-5266
CVE-2024-3492	6.4	June 12, 2024, 11:15 a.m.	WordPress Events Manager plugin	security@wordfence.com 2024-06-12 CVE-2024-3492
CVE-2024-5558	6.4	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-367 2024-06-12 cybersecurity@se.com CVE-2024-5558
CVE-2024-5893	6.3	June 12, 2024, 3:15 p.m.	SourceCodester Cab Management System	CWE-89 cna@vuldb.com 2024-06-12 CVE-2024-5893
CVE-2024-5894	6.3	June 12, 2024, 3:15 p.m.	SourceCodester Online Eyewear Shop	CWE-89 cna@vuldb.com 2024-06-12 CVE-2024-5894
CVE-2024-5895	6.3	June 12, 2024, 3:15 p.m.	SourceCodester Employee and Visitor Gate Pass Logging System	CWE-89 cna@vuldb.com 2024-06-12 CVE-2024-5895
CVE-2024-5898	6.3	June 12, 2024, 5:15 p.m.	itsourcecode Payroll Management System	CWE-89 cna@vuldb.com 2024-06-12 CVE-2024-5898
CVE-2024-5739	6.1	June 12, 2024, 7:15 a.m.	LINE for iOS	2024-06-12 CVE-2024-5739 dl_cve@linecorp.com
CVE-2024-37304	6.1	June 12, 2024, 3:15 p.m.	NuGet Gallery	security-advisories@github.com CWE-79 2024-06-12 CVE-2024-37304
CVE-2024-5559	6.1	June 12, 2024, 6:15 p.m.	UNKNOWN	CWE-327 2024-06-12 cybersecurity@se.com CVE-2024-5559
CVE-2024-37039	5.9	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-252 2024-06-12 cybersecurity@se.com CVE-2024-37039
CVE-2023-51671	5.4	June 12, 2024, 9:15 a.m.	FunnelKit Checkout	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-51671
CVE-2023-51679	5.4	June 12, 2024, 9:15 a.m.	BulkGate SMS Plugin for WooCommerce	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-51679
CVE-2023-52177	5.4	June 12, 2024, 9:15 a.m.	SoftLab Integrate Google Drive	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-52177
CVE-2023-38395	5.4	June 12, 2024, 10:15 a.m.	Afzal Multani WP Clone Menu	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-38395
CVE-2023-40672	5.4	June 12, 2024, 10:15 a.m.	Sticky Social Media Icons	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-40672
CVE-2024-2092	5.4	June 12, 2024, 10:15 a.m.	Elementor Addon Elements plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-2092
CVE-2024-37297	5.4	June 12, 2024, 3:15 p.m.	WooCommerce	security-advisories@github.com CWE-79 2024-06-12 CVE-2024-37297
CVE-2024-5759	5.4	June 12, 2024, 4:15 p.m.	Tenable Security Center	CWE-269 vulnreport@tenable.com 2024-06-12 CVE-2024-5759
CVE-2024-37040	5.4	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-120 2024-06-12 cybersecurity@se.com CVE-2024-37040
CVE-2023-51537	5.3	June 12, 2024, 9:15 a.m.	Awesome Support	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-51537
CVE-2023-40603	5.3	June 12, 2024, 10:15 a.m.	Simple Org Chart	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-40603
CVE-2023-41240	5.3	June 12, 2024, 10:15 a.m.	Pricing Deals for WooCommerce	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-41240
CVE-2023-51413	5.3	June 12, 2024, 10:15 a.m.	Piotnet Forms	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-51413
CVE-2024-31217	5.3	June 12, 2024, 3:15 p.m.	Strapi	security-advisories@github.com CWE-248 2024-06-12 CVE-2024-31217
CVE-2024-5560	5.3	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-125 2024-06-12 cybersecurity@se.com CVE-2024-5560
CVE-2024-28762	5.3	June 12, 2024, 6:15 p.m.	IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server)	psirt@us.ibm.com CWE-770 2024-06-12 CVE-2024-28762
CVE-2023-29267	5.3	June 12, 2024, 7:15 p.m.	IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)	psirt@us.ibm.com 2024-06-12 CVE-2023-29267 CWE-399
CVE-2024-28970	4.7	June 12, 2024, 7:15 a.m.	Dell Client BIOS	security_alert@emc.com CWE-787 2024-06-12 CVE-2024-28970
CVE-2024-5742	4.7	June 12, 2024, 9:15 a.m.	GNU Nano	secalert@redhat.com 2024-06-12 CVE-2024-5742 CWE-377
CVE-2024-5557	4.5	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-532 2024-06-12 cybersecurity@se.com CVE-2024-5557
CVE-2024-5553	4.4	June 12, 2024, 4:15 a.m.	Premium Addons for Elementor plugin for WordPress	security@wordfence.com 2024-06-12 CVE-2024-5553
CVE-2024-1766	4.4	June 12, 2024, 11:15 a.m.	WordPress Download Manager plugin	security@wordfence.com 2024-06-12 CVE-2024-1766
CVE-2023-51526	4.3	June 12, 2024, 9:15 a.m.	Simple Staff List	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-51526
CVE-2023-51670	4.3	June 12, 2024, 9:15 a.m.	FunnelKit FunnelKit Checkout	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-51670
CVE-2023-51680	4.3	June 12, 2024, 9:15 a.m.	Quotes for WooCommerce	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-51680
CVE-2023-52117	4.3	June 12, 2024, 9:15 a.m.	ProfileGrid	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-52117
CVE-2023-25030	4.3	June 12, 2024, 10:15 a.m.	Buy Me a Coffee	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-25030
CVE-2023-44234	4.3	June 12, 2024, 10:15 a.m.	WP GPX Map	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-44234
CVE-2023-47828	4.3	June 12, 2024, 10:15 a.m.	wpMandrill	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-47828
CVE-2023-47845	4.3	June 12, 2024, 10:15 a.m.	Grab & Save	audit@patchstack.com CWE-352 2024-06-12 CVE-2023-47845
CVE-2023-51524	4.3	June 12, 2024, 10:15 a.m.	weForms	audit@patchstack.com CWE-862 2024-06-12 CVE-2023-51524
CVE-2024-5897	4.3	June 12, 2024, 4:15 p.m.	SourceCodester Employee and Visitor Gate Pass Logging System	CWE-79 cna@vuldb.com 2024-06-12 CVE-2024-5897
CVE-2024-5891	4.2	June 12, 2024, 2:15 p.m.	Quay	secalert@redhat.com CWE-1390 2024-06-12 CVE-2024-5891
CVE-2024-5203	3.7	June 12, 2024, 9:15 a.m.	Keycloak	secalert@redhat.com CWE-352 2024-06-12 CVE-2024-5203
CVE-2024-1891	3.5	June 12, 2024, 4:15 p.m.	Tenable Security Center	CWE-79 vulnreport@tenable.com 2024-06-12 CVE-2024-1891
CVE-2024-5798	2.6	June 12, 2024, 7:15 p.m.	Vault	CWE-285 2024-06-12 CVE-2024-5798 security@hashicorp.com
CVE-2024-29181	2.3	June 12, 2024, 3:15 p.m.	Strapi	security-advisories@github.com CWE-639 2024-06-12 CVE-2024-29181
CVE-2024-36103	None	June 12, 2024, 1:15 a.m.	WRC-X5400GS-B	vultures@jpcert.or.jp 2024-06-12 CVE-2024-36103
CVE-2024-36856	None	June 12, 2024, 3:15 a.m.	RMQTT Broker	cve@mitre.org 2024-06-12 CVE-2024-36856
CVE-2024-0427	None	June 12, 2024, 6:15 a.m.	ARForms - Premium WordPress Form Builder Plugin	contact@wpscan.com 2024-06-12 CVE-2024-0427
CVE-2024-36454	None	June 12, 2024, 6:15 a.m.	IPCOM EX2 Series (V01L0x Series)	vultures@jpcert.or.jp 2024-06-12 CVE-2024-36454
CVE-2024-4924	None	June 12, 2024, 6:15 a.m.	Social Sharing Plugin WordPress plugin	contact@wpscan.com 2024-06-12 CVE-2024-4924
CVE-2024-5776	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5776
CVE-2024-5777	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5777
CVE-2024-5778	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5778
CVE-2024-5779	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5779
CVE-2024-5780	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5780
CVE-2024-5781	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5781
CVE-2024-5782	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5782
CVE-2024-5783	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5783
CVE-2024-5873	None	June 12, 2024, 8:15 a.m.	UNKNOWN	security@huntr.dev 2024-06-12 CVE-2024-5873
CVE-2024-1576	None	June 12, 2024, 2:15 p.m.	MegaBIP software	cvd@cert.pl CWE-89 2024-06-12 CVE-2024-1576
CVE-2024-1577	None	June 12, 2024, 2:15 p.m.	MegaBIP	cvd@cert.pl CWE-94 2024-06-12 CVE-2024-1577
CVE-2024-1659	None	June 12, 2024, 2:15 p.m.	MegaBIP software	cvd@cert.pl CWE-434 2024-06-12 CVE-2024-1659
CVE-2024-36263	None	June 12, 2024, 2:15 p.m.	Apache Submarine Server Core	security@apache.org CWE-89 2024-06-12 CVE-2024-36263
CVE-2024-36264	None	June 12, 2024, 2:15 p.m.	Apache Submarine Commons Utils	security@apache.org CWE-287 2024-06-12 CVE-2024-36264
CVE-2024-36699	None	June 12, 2024, 2:15 p.m.	GNU Debugger	cve@mitre.org 2024-06-12 CVE-2024-36699
CVE-2024-2300	None	June 12, 2024, 3:15 p.m.	HP Advance Mobile Applications for iOS	hp-security-alert@hp.com 2024-06-12 CVE-2024-2300
CVE-2024-36265	None	June 12, 2024, 3:15 p.m.	Apache Submarine Server Core	security@apache.org CWE-863 2024-06-12 CVE-2024-36265
CVE-2024-36691	None	June 12, 2024, 3:15 p.m.	PPGo_Jobs	cve@mitre.org 2024-06-12 CVE-2024-36691
CVE-2024-36840	None	June 12, 2024, 3:15 p.m.	Boelter Blue System Management	cve@mitre.org 2024-06-12 CVE-2024-36840
CVE-2024-36761	None	June 12, 2024, 4:15 p.m.	naga	cve@mitre.org 2024-06-12 CVE-2024-36761
CVE-2024-22855	None	June 12, 2024, 5:15 p.m.	ITSS iMLog	cve@mitre.org 2024-06-12 CVE-2024-22855
CVE-2024-2230	None	June 12, 2024, 5:15 p.m.	UNKNOWN	CWE-798 2024-06-12 cybersecurity@se.com CVE-2024-2230
CVE-2024-37878	None	June 12, 2024, 5:15 p.m.	TWCMS	cve@mitre.org 2024-06-12 CVE-2024-37878
CVE-2024-5905	None	June 12, 2024, 5:15 p.m.	Palo Alto Networks Cortex XDR agent	CWE-346 2024-06-12 CVE-2024-5905 psirt@paloaltonetworks.com
CVE-2024-5906	None	June 12, 2024, 5:15 p.m.	Palo Alto Networks Prisma Cloud Compute	CWE-79 2024-06-12 psirt@paloaltonetworks.com CVE-2024-5906
CVE-2024-5907	None	June 12, 2024, 5:15 p.m.	Palo Alto Networks Cortex XDR agent	CWE-269 2024-06-12 psirt@paloaltonetworks.com CVE-2024-5907
CVE-2024-5908	None	June 12, 2024, 5:15 p.m.	Palo Alto Networks GlobalProtect app	CWE-532 2024-06-12 psirt@paloaltonetworks.com CVE-2024-5908
CVE-2024-5909	None	June 12, 2024, 5:15 p.m.	Palo Alto Networks Cortex XDR agent	CWE-269 2024-06-12 psirt@paloaltonetworks.com CVE-2024-5909
CVE-2024-24051	None	June 12, 2024, 6:15 p.m.	Monoprice Select Mini V2	cve@mitre.org 2024-06-12 CVE-2024-24051
CVE-2024-37629	None	June 12, 2024, 6:15 p.m.	SummerNote	cve@mitre.org 2024-06-12 CVE-2024-37629
CVE-2023-49559	None	June 12, 2024, 8:15 p.m.	vektah gqlparser open-source-library	cve@mitre.org 2024-06-12 CVE-2023-49559
CVE-2024-36523	None	June 12, 2024, 9:15 p.m.	Wvp GB28181 Pro	cve@mitre.org 2024-06-12 CVE-2024-36523
CVE-2024-37665	None	June 12, 2024, 9:15 p.m.	Wvp GB28181 Pro	cve@mitre.org 2024-06-12 CVE-2024-37665
CVE-2024-3467	None	June 12, 2024, 9:15 p.m.	AVEVA PI Asset Framework Client	ics-cert@hq.dhs.gov CWE-502 2024-06-12 CVE-2024-3467
CVE-2024-3468	None	June 12, 2024, 9:15 p.m.	AVEVA PI Web API	ics-cert@hq.dhs.gov CWE-502 2024-06-12 CVE-2024-3468

» Click here to see all Vulnerabilities «

Tag : 2024-06-12

Attack Reports

Vulnerabilities