CyberAlerts

CVE-2024-12356

Command Injection Vulnerability in Remote Support(RS) & Privileged Remote Access (PRA)

🚨 Marked as known exploited on December 19th, 2024 (5 months ago).

Description: A critical vulnerability has been discovered in Privileged Remote Access (PRA) and Remote Support (RS) products which can allow an unauthenticated attacker to inject commands that are run as a site user.

CVSS: CRITICAL (9.8)

EPSS Score: 1.3%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12293

User Role Editor <= 4.64.3 - Cross-Site Request Forgery to Privilege Escalation

Description: The User Role Editor plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.64.3. This is due to missing or incorrect nonce validation on the update_roles() function. This makes it possible for unauthenticated attackers to add or remove roles for arbitrary users, including escalating their privileges to administrator, via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: HIGH (8.8)

EPSS Score: 0.05%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12239

PowerPack Lite for Beaver Builder <= 1.3.0.5 - Reflected Cross-Site Scripting via Navigate Parameter

Description: The PowerPack Lite for Beaver Builder plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the navigate parameter in all versions up to, and including, 1.3.0.5 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick an administrative user into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12220

SMS for WooCommerce <= 2.8.1 - Cross-Site Request Forgery to Reflected Cross-Site Scripting

Description: The SMS for WooCommerce plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.8.1. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12219

Stop Registration Spam <= 1.23 - Cross-Site Request Forgery to Cross-Site Scripting

Description: The Stop Registration Spam plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.23. This is due to missing or incorrect nonce validation. This makes it possible for unauthenticated attackers to inject malicious web scripts via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVSS: MEDIUM (6.1)

EPSS Score: 0.05%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12200

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12199

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12198

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12197

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force an Out-of-Bounds Write vulnerability. A malicious actor can leverage this vulnerability to cause a crash, cause data corruption, or execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 18th, 2024 (5 months ago)

CVE-2024-12194

DWFX File Parsing Vulnerabilities in Autodesk Navisworks Desktop Software

Description: A maliciously crafted DWFX file, when parsed through Autodesk Navisworks, can force a Memory Corruption vulnerability. A malicious actor can leverage this vulnerability to execute arbitrary code in the context of the current process.

CVSS: HIGH (7.8)

EPSS Score: 0.04%

Source: CVE

December 18th, 2024 (5 months ago)

Threat and Vulnerability Intelligence Database

Example Searches: