Tag: 2024-06-12

4 Attack Reports | 120 Vulnerabilities

Attack reports

Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day

Recent analysis by a cybersecurity firm suggests that a ransomware group might have exploited a Windows privilege escalation vulnerability, CVE-2024-26169, before it was patched. The vulnerability, which was addressed in March 2024, could allow attackers to elevate their privileges. Evidence from a…
black basta
2024-06-12
Published: June 12, 2024
Linked vulnerabilities : CVE-2024-26169
Downloadable IOCs: 5

Dipping into Danger: The WARMCOOKIE backdoor

Elastic Security Labs identified a new wave of email campaigns targeting environments by deploying a novel backdoor dubbed WARMCOOKIE, which communicates via HTTP cookie parameters. The malware is an initial tool used to scout victim networks and deploy additional payloads, with hard-coded command …
malware
backdoor
obfuscation
phishing
campaigns
2024-06-12
warmcookie
Published: June 12, 2024
Downloadable IOCs: 6

Smishing Triad Is Targeting Pakistan To Defraud Banking Customers At Scale

Resecurity has identified a new activity of a cybercrime group known as Smishing Triad, which has expanded its operations to Pakistan. The group is employing tactics involving sending malicious messages impersonating Pakistan Post to customers of mobile carriers via iMessage and SMS, with the goal …
impersonation
pakistan
fraud
2024-06-12
smishing
Published: June 12, 2024
Downloadable IOCs: 14

UNC5537 Targets Snowflake Customer Instances for Data Theft and Extortion

An extensive cybercriminal campaign led by a threat actor codenamed UNC5537 has compromised numerous Snowflake customer database instances with the intent of data theft and extortion. The threat actor exploited stolen customer credentials, predominantly obtained through infostealer malware infectio…
data theft
extortion
2024-06-12
snowflake
unc5537
Published: June 12, 2024
Downloadable IOCs: 48
Click here to see more Attack Reports

Vulnerabilities

CVE-2024-4898

9.8
    InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress
  • Version(s): up to 0.1.0.38
Published: June 12, 2024

CVE-2024-37036

9.8
    UNKNOWN
Published: June 12, 2024

CVE-2024-4315

9.1
    parisneo/lollms
  • Version(s): 9.5
Published: June 12, 2024

CVE-2024-5211

9.1
    mintplex-labs/anything-llm
Published: June 12, 2024

CVE-2024-4845

8.8
    Icegram Express plugin for WordPress
  • Version(s): up to 5.7.22
Published: June 12, 2024

CVE-2024-25949

8.8
    Dell OS10 Networking Switches
  • Version(s): 10.5.6.x, 10.5.5.x, 10.5.4.x, 10.5.3.x
Published: June 12, 2024

CVE-2024-5543

8.1
    Slideshow Gallery LITE plugin for WordPress
  • Version(s): up to 1.8.1
Published: June 12, 2024

CVE-2024-3183

8.1
    FreeIPA
Published: June 12, 2024

CVE-2024-5154

8.1
    cri-o
Published: June 12, 2024

CVE-2024-37300

8.1
    JupyterHub
  • Version(s): before 5.0
    OAuthenticator
  • Version(s): before 16.3.1
Published: June 12, 2024

CVE-2024-37037

8.1
    UNKNOWN
Published: June 12, 2024

CVE-2024-28964

7.8
    Dell Common Event Enabler
  • Version(s): 8.9.10.0 and prior
Published: June 12, 2024

CVE-2024-0865

7.8
    UNKNOWN
Published: June 12, 2024

CVE-2024-2747

7.8
    Easergy Studio
Published: June 12, 2024

CVE-2023-48280

7.5
    Consensu.Io
  • Version(s): n/a, 1.0.1
Published: June 12, 2024

CVE-2024-37038

7.5
    UNKNOWN
Published: June 12, 2024

CVE-2024-5896

7.3
    SourceCodester Employee and Visitor Gate Pass Logging System
  • Version(s): 1.0
Published: June 12, 2024

CVE-2024-2698

7.1
    FreeIPA
  • Version(s): 4.11.0
Published: June 12, 2024

CVE-2024-34065

7.1
    @strapi/plugin-users-permissions
  • Version(s): before 4.24.2
Published: June 12, 2024

CVE-2024-0160

6.8
    Dell Client Platform
Published: June 12, 2024

CVE-2024-5468

6.5
    WordPress Header Builder Plugin - Pearl
  • Version(s): up to 1.3.7
Published: June 12, 2024

CVE-2023-40209

6.5
    Highcompress Image Compressor
  • Version(s): from n/a through 6.0.0
Published: June 12, 2024

CVE-2024-5674

6.5
    WordPress Newsletter - API v1 and v2 addon plugin
  • Version(s): all versions up to, and including, 2.4.5
Published: June 12, 2024

CVE-2024-5056

6.5
    UNKNOWN
Published: June 12, 2024

CVE-2024-5313

6.5
    UNKNOWN
Published: June 12, 2024

CVE-2024-23445

6.5
    Elasticsearch
  • Version(s): 8.14.0
Published: June 12, 2024

CVE-2024-31881

6.5
    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)
  • Version(s): 10.5, 11.1, 11.5
Published: June 12, 2024

CVE-2024-4892

6.4
    BuddyPress plugin for WordPress
  • Version(s): up to 12.4.1
Published: June 12, 2024

CVE-2024-4564

6.4
    CoDesigner WooCommerce Builder for Elementor plugin
  • Version(s): up to 4.4.1
Published: June 12, 2024

CVE-2024-3559

6.4
    Custom Field Suite plugin for WordPress
  • Version(s): up to 2.6.7
Published: June 12, 2024

CVE-2024-5892

6.4
    WordPress Divi Torque Lite Theme plugin
  • Version(s): up to 3.6.6
Published: June 12, 2024

CVE-2024-3925

6.4
    Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress
  • Version(s): up to 5.6.7
Published: June 12, 2024

CVE-2024-5266

6.4
    Download Manager Pro plugin for WordPress
  • Version(s): up to 3.2.92
Published: June 12, 2024

CVE-2024-3492

6.4
    WordPress Events Manager plugin
  • Version(s): up to 6.4.7.3
Published: June 12, 2024

CVE-2024-5558

6.4
    UNKNOWN
Published: June 12, 2024

CVE-2024-5893

6.3
    SourceCodester Cab Management System
  • Version(s): 1.0
Published: June 12, 2024

CVE-2024-5894

6.3
    SourceCodester Online Eyewear Shop
  • Version(s): 1.0
Published: June 12, 2024

CVE-2024-5895

6.3
    SourceCodester Employee and Visitor Gate Pass Logging System
  • Version(s): 1.0
    SourceCodoster Employee and Visitor Gate Pass Logging System
  • Version(s): 1.0
Published: June 12, 2024

CVE-2024-5898

6.3
    itsourcecode Payroll Management System
  • Version(s): 1.0
    Itsourcecode Payroll Management System
  • Version(s): 1.0
Published: June 12, 2024

CVE-2024-5739

6.1
    LINE for iOS
  • Version(s): below 14.9.0
    LINE client for iOS
  • Version(s): below 14.9.0
Published: June 12, 2024

CVE-2024-37304

6.1
    NuGet Gallery
  • Version(s): 2024.05.28
Published: June 12, 2024

CVE-2024-5559

6.1
    UNKNOWN
Published: June 12, 2024

CVE-2024-37039

5.9
    UNKNOWN
Published: June 12, 2024

CVE-2023-51671

5.4
    FunnelKit Checkout
  • Version(s): <= 3.10.3
Published: June 12, 2024

CVE-2023-51679

5.4
    BulkGate SMS Plugin for WooCommerce
  • Version(s): n/a, 3.0.2
Published: June 12, 2024

CVE-2023-52177

5.4
    SoftLab Integrate Google Drive
  • Version(s): n/a, 1.3.3
Published: June 12, 2024

CVE-2023-38395

5.4
    Afzal Multani WP Clone Menu
  • Version(s): n/a, 1.0.1
Published: June 12, 2024

CVE-2023-40672

5.4
    Sticky Social Media Icons
  • Version(s): n/a, 2.1
Published: June 12, 2024

CVE-2024-2092

5.4
    Elementor Addon Elements plugin for WordPress
  • Version(s): up to 1.13.3
Published: June 12, 2024

CVE-2024-37297

5.4
    WooCommerce
  • Version(s): 8.8, 8.8.5, 8.9.3
Published: June 12, 2024

CVE-2024-5759

5.4
    Tenable Security Center
Published: June 12, 2024

CVE-2024-37040

5.4
    UNKNOWN
Published: June 12, 2024

CVE-2023-51537

5.3
    Awesome Support
  • Version(s): n/a, 6.1.5
Published: June 12, 2024

CVE-2023-40603

5.3
    Simple Org Chart
  • Version(s): n/a, 2.3.4
Published: June 12, 2024

CVE-2023-41240

5.3
    Pricing Deals for WooCommerce
  • Version(s): n/a - 2.0.3.2
Published: June 12, 2024

CVE-2023-51413

5.3
    Piotnet Forms
  • Version(s): n/a - 1.0.29
Published: June 12, 2024

CVE-2024-31217

5.3
    Strapi
  • Version(s): before 4.22.0
Published: June 12, 2024

CVE-2024-5560

5.3
    UNKNOWN
Published: June 12, 2024

CVE-2024-28762

5.3
    IBM Db2 for Linux, UNIX and Windows (includes DB2 Connect Server)
  • Version(s): 10.5, 11.1, 11.5
Published: June 12, 2024

CVE-2023-29267

5.3
    IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server)
  • Version(s): 10.5, 11.1, 11.5
Published: June 12, 2024

CVE-2024-28970

4.7
    Dell Client BIOS
Published: June 12, 2024

CVE-2024-5742

4.7
    GNU Nano
Published: June 12, 2024

CVE-2024-5557

4.5
    UNKNOWN
Published: June 12, 2024

CVE-2024-5553

4.4
    Premium Addons for Elementor plugin for WordPress
  • Version(s): up to 4.10.33
Published: June 12, 2024

CVE-2024-1766

4.4
    WordPress Download Manager plugin
  • Version(s): up to 3.2.86
Published: June 12, 2024

CVE-2023-51526

4.3
    Simple Staff List
  • Version(s): n/a, 2.2.4
Published: June 12, 2024

CVE-2023-51670

4.3
    FunnelKit FunnelKit Checkout
  • Version(s): n/a, 3.10.3
Published: June 12, 2024

CVE-2023-51680

4.3
    Quotes for WooCommerce
  • Version(s): n/a, 2.0.1
Published: June 12, 2024

CVE-2023-52117

4.3
    ProfileGrid
  • Version(s): n/a, 5.6.6
Published: June 12, 2024

CVE-2023-25030

4.3
    Buy Me a Coffee
  • Version(s): up to 3.7
Published: June 12, 2024

CVE-2023-44234

4.3
    WP GPX Map
  • Version(s): n/a, 1.7.08
Published: June 12, 2024

CVE-2023-47828

4.3
    wpMandrill
  • Version(s): n/a, 1.33
Published: June 12, 2024

CVE-2023-47845

4.3
    Grab & Save
  • Version(s): from n/a, 1.0.4
Published: June 12, 2024

CVE-2023-51524

4.3
    weForms
  • Version(s): n/a, 1.6.18
Published: June 12, 2024

CVE-2024-5897

4.3
    SourceCodester Employee and Visitor Gate Pass Logging System
  • Version(s): 1.0
Published: June 12, 2024

CVE-2024-5891

4.2
    Quay
Published: June 12, 2024

CVE-2024-5203

3.7
    Keycloak
Published: June 12, 2024

CVE-2024-1891

3.5
    Tenable Security Center
Published: June 12, 2024

CVE-2024-5798

2.6
    Vault
  • Version(s): 1.17.0, 1.16.3, 1.15.9
    Vault Enterprise
  • Version(s): 1.17.0, 1.16.3, 1.15.9
Published: June 12, 2024

CVE-2024-29181

2.3
    Strapi
  • Version(s): before 4.19.1
Published: June 12, 2024

CVE-2024-36103

None
    WRC-X5400GS-B
  • Version(s): 1.0.10 and earlier
    WRC-X5400GSA-B
  • Version(s): 1.0.10 and earlier
Published: June 12, 2024

CVE-2024-36856

None
    RMQTT Broker
  • Version(s): 0.4.0
Published: June 12, 2024

CVE-2024-0427

None
    ARForms - Premium WordPress Form Builder Plugin
  • Version(s): before 6.4.1
Published: June 12, 2024

CVE-2024-36454

None
    IPCOM EX2 Series (V01L0x Series)
  • Version(s): V01L07NF0201 and earlier
    IPCOM VE2 Series
  • Version(s): V01L07NF0201 and earlier
Published: June 12, 2024

CVE-2024-4924

None
    Social Sharing Plugin WordPress plugin
  • Version(s): before 3.3.63
Published: June 12, 2024

CVE-2024-5776

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-5777

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-5778

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-5779

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-5780

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-5781

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-5782

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-5783

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-5873

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-1576

None
    MegaBIP software
  • Version(s): through 5.09
Published: June 12, 2024

CVE-2024-1577

None
    MegaBIP
Published: June 12, 2024

CVE-2024-1659

None
    MegaBIP software
  • Version(s): through 5.10
Published: June 12, 2024

CVE-2024-36263

None
    Apache Submarine Server Core
  • Version(s): all versions
Published: June 12, 2024

CVE-2024-36264

None
    Apache Submarine Commons Utils
  • Version(s): 0.8.0+
    Apache Submarine Commons Utils
  • Version(s): 0.8.0
    Apache Submarine Commons Utils
  • Version(s): 0.8.0 and later
Published: June 12, 2024

CVE-2024-36699

None
    GNU Debugger
  • Version(s): 8.2 - 14.2
Published: June 12, 2024

CVE-2024-2300

None
    HP Advance Mobile Applications for iOS
  • Version(s): UNKNOWN
    HP Advance Mobile Applications for Android
  • Version(s): UNKNOWN
Published: June 12, 2024

CVE-2024-36265

None
    Apache Submarine Server Core
  • Version(s): 0.8.0
Published: June 12, 2024

CVE-2024-36691

None
    PPGo_Jobs
  • Version(s): 2.8.0
Published: June 12, 2024

CVE-2024-36840

None
    Boelter Blue System Management
  • Version(s): 1.3
Published: June 12, 2024

CVE-2024-36761

None
    naga
  • Version(s): 0.14.0
Published: June 12, 2024

CVE-2024-22855

None
    ITSS iMLog
  • Version(s): 1.307
Published: June 12, 2024

CVE-2024-2230

None
    UNKNOWN
Published: June 12, 2024

CVE-2024-37878

None
    TWCMS
  • Version(s): 2.0.3
Published: June 12, 2024

CVE-2024-5905

None
    Palo Alto Networks Cortex XDR agent
Published: June 12, 2024

CVE-2024-5906

None
    Palo Alto Networks Prisma Cloud Compute
Published: June 12, 2024

CVE-2024-5907

None
    Palo Alto Networks Cortex XDR agent
Published: June 12, 2024

CVE-2024-5908

None
    Palo Alto Networks GlobalProtect app
Published: June 12, 2024

CVE-2024-5909

None
    Palo Alto Networks Cortex XDR agent
Published: June 12, 2024

CVE-2024-24051

None
    Monoprice Select Mini V2
  • Version(s): V37.115.32
Published: June 12, 2024

CVE-2024-37629

None
    SummerNote
  • Version(s): 0.8.18
Published: June 12, 2024

CVE-2023-49559

None
    vektah gqlparser open-source-library
  • Version(s): 2.5.10
Published: June 12, 2024

CVE-2024-36523

None
    Wvp GB28181 Pro
  • Version(s): 2.0
Published: June 12, 2024

CVE-2024-37665

None
    Wvp GB28181 Pro
  • Version(s): 2.0
Published: June 12, 2024

CVE-2024-3467

None
    AVEVA PI Asset Framework Client
Published: June 12, 2024

CVE-2024-3468

None
    AVEVA PI Web API
Published: June 12, 2024
Click here to see more Vulnerabilities