Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2023-1166	USM Premium < 16.3 - Admin+ Stored XSS Description: The USM-Premium WordPress plugin before 16.3 does not sanitize and escape some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example, in multisite setup). CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-0873	Kanban Boards for WordPress < 2.5.21 - Admin+ Stored XSS Description: The Kanban Boards for WordPress plugin before 2.5.21 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup) CVSS: LOW (0.0) EPSS Score: 0.06% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-0588	Catalyst Connect Zoho CRM Client Portal < 2.1.0 - Reflected XSS Description: The Catalyst Connect Zoho CRM Client Portal WordPress plugin before 2.1.0 does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin. CVSS: LOW (0.0) EPSS Score: 0.08% Source: CVE November 28th, 2024 (5 months ago)
CVE-2023-0003	Cortex XSOAR: Local File Disclosure Vulnerability in the Cortex XSOAR Server Description: A file disclosure vulnerability in the Palo Alto Networks Cortex XSOAR server software enables an authenticated user with access to the web interface to read local files from the server. CVSS: MEDIUM (6.5) EPSS Score: 0.12% Source: CVE November 28th, 2024 (5 months ago)
	Microsoft re-releases Exchange updates after fixing mail delivery Description: Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...] Source: BleepingComputer November 27th, 2024 (5 months ago)
	Hackers abuse popular Godot game engine to infect thousands of PCs Description: Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. [...] Source: BleepingComputer November 27th, 2024 (5 months ago)
	Hackers exploit ProjectSend flaw to backdoor exposed servers Description: Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. [...] Source: BleepingComputer November 27th, 2024 (5 months ago)
	Zello asks users to reset passwords after security incident Description: Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. [...] Source: BleepingComputer November 27th, 2024 (5 months ago)
	Microsoft says it's not using your Word, Excel data for AI training Description: Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company's artificial intelligence (AI) models. [...] Source: BleepingComputer November 27th, 2024 (5 months ago)
	[io.github.openfeign.querydsl:querydsl-jpa] Querydsl vulnerable to HQL injection trough orderBy Description: Summary The order by method enables injecting HQL queries. This may cause blind HQL injection, which could lead to leakage of sensitive information, and potentially also Denial Of Service. This vulnerability is present since the original querydsl repository(https://github.com/querydsl/querydsl) where it was assigned preliminary CVE identifier CVE-2024-49203. Details Vulnerable code may look as follows: @GetMapping public List<Test> getProducts(@RequestParam("orderBy") String orderBy) { JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test); PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test"); OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.get(orderBy)); JPAQuery<Test> orderedQuery = query.orderBy(order); return orderedQuery.fetch(); } Where vulnerability is either caused by pathBuilder.get(orderBy) or the orderBy(order) method itself, based on where the security checks are expected. PoC Full POC code is available in repository: https://github.com/CSIRTTrizna/CVE-2024-49203/ When we take a look at source code shown in Details section the functionality is as follows: Create JPAQuery object instance: JPAQuery<Test> query = new JPAQuery<Test>(entityManager).from(test); Create OrderSpecifier object instance: PathBuilder<Test> pathBuilder = new PathBuilder<>(Test.class, "test"); OrderSpecifier order = new OrderSpecifier(Order.ASC, pathBuilder.ge... Source: Github Advisory Database (Maven) November 27th, 2024 (5 months ago)