cve,link,title,description,vendor,products,cvssv3_base_score,cvssv3_base_severity,epss_current,exploited
CVE-2024-0012,https://securityvulnerability.io/vulnerability/CVE-2024-0012,Authentication Bypass Vulnerability Affects Palo Alto Networks PAN-OS Software,"A critical vulnerability, CVE-2024-0012, affects Palo Alto Networks PAN-OS software, with an authentication bypass allowing unauthenticated attackers to gain administrator privileges. This could lead to administrative actions, configuration tampering, and other vulnerabilities being exploited. Another targeted vulnerability is CVE-2024-9474, which allows PAN-OS administrators to escalate their privileges and perform actions on the firewall with root privileges. The exploitation of these vulnerabilities poses a significant risk, and attackers have been actively exploiting them in a small number of management web interfaces exposed to the internet. Therefore, action must be taken by affected organizations to secure and update their systems.",Palo Alto Networks,"Cloud Ngfw,Pan-os,Prisma Access",9.8,CRITICAL,0.9661300182342529,true
CVE-2024-23113,https://securityvulnerability.io/vulnerability/CVE-2024-23113,Fortinet FortiOS Vulnerability Allows Unauthorized Code Execution,"The CVE-2024-23113 vulnerability in Fortinet's FortiOS, FortiProxy, FortiPAM, and FortiSwitchManager products is being actively exploited in the wild, with information from the CISA and Wiz researchers confirming this. The vulnerability allows unauthorized code execution via specially crafted packets, impacting a wide range of FortiOS versions. The potential impact is significant, leading to remote code or command execution by an unauthenticated attacker. The recommended mitigation is to upgrade or migrate to a fixed release, with specific versions provided for each affected product. Additionally, workarounds are available to mitigate the risk while waiting to apply the patch. The urgency of addressing this vulnerability is underscored by the observed rates of exploitation and the potential for significant disruption and compromise.",Fortinet,"Fortiswitchmanager,FortiOS,Fortipam,Fortiproxy",9.8,CRITICAL,0.01841999962925911,true
CVE-2024-10924,https://securityvulnerability.io/vulnerability/CVE-2024-10924,Authentication Bypass Vulnerability in Two-Factor Authentication,"The Really Simple Security (Free, Pro, and Pro Multisite) plugins for WordPress are affected by a critical authentication bypass vulnerability, tracked as CVE-2024-10924, with a high CVSS score of 9.8. This vulnerability can allow unauthenticated attackers to log in as any existing user on the site, including administrators, when the ""Two-Factor Authentication"" setting is enabled. It affects over 4 million WordPress sites. The vulnerability was patched in version 9.1.2, released after responsible disclosure, but there is a risk of exploitation due to the large number of affected sites. Exploitation could lead to hijacking of WordPress sites and further use for criminal purposes. There is no mention of known exploits by ransomware groups at this time.",Really Simple Plugins,"Really Simple Security Pro Multisite,Really Simple Security – Simple And Performant Security (formerly Really Simple Ssl),Really Simple Security Pro",9.8,CRITICAL,0.0004400000034365803,true
CVE-2024-47575,https://securityvulnerability.io/vulnerability/CVE-2024-47575,Specially crafted requests can execute arbitrary code or commands in FortiManager,"A critical vulnerability identified as CVE-2024-47575 in Fortinet's FortiManager tool has been actively exploited by an unknown threat actor known as UNC5820, impacting over 50 systems across various industries. This vulnerability, rated 9.8 out of 10 on the CVSS, allows remote attackers to execute arbitrary code or commands by exploiting a missing authentication function in the FortiManager software. The attacker used this flaw to gain unauthorized access and steal sensitive information from compromised FortiManager devices, including configuration data, usernames, and passwords. While no follow-on attacks have been observed to date, the potential impact of this exploitation is severe, considering the widespread use of FortiGate devices for protecting critical infrastructure and data in enterprise environments. The security response includes a patch release from Fortinet, urging organizations to apply the update, review access logs for suspicious activity, and implement network segmentation and continuous monitoring as mitigation measures.",Fortinet,Fortimanager,9.8,CRITICAL,0.05178999900817871,true
CVE-2024-38812,https://securityvulnerability.io/vulnerability/CVE-2024-38812,vCenter Server Heap Overflow Vulnerability,"CVE-2024-38812 is a critical unauthenticated heap-overflow vulnerability in VMware vCenter Server that may potentially lead to remote code execution. The vulnerability affects vCenter Server versions 8.0 and 7.0, as well as VMware Cloud Foundation versions 5.x and 4.x. There are no known exploitations of this vulnerability in the wild, and VMware has released patches to fix the issue. Organizations are advised to promptly apply the recommended patches to mitigate the risk of exploitation.",VMware,"Vmware Vcenter Server,Vmware Cloud Foundation",9.8,CRITICAL,0.0009299999801442027,true
CVE-2024-50334,https://securityvulnerability.io/vulnerability/CVE-2024-50334,Scoold API Injection Vulnerability,"Scoold is a Q&A and a knowledge sharing platform for teams. A semicolon path injection vulnerability was found on the /api;/config endpoint. By appending a semicolon in the URL, attackers can bypass authentication and gain unauthorised access to sensitive configuration data. Furthermore, PUT requests on the /api;/config endpoint while setting the Content-Type: application/hocon header allow unauthenticated attackers to file reading via HOCON file inclusion. This allows attackers to retrieve sensitive information such as configuration files from the server, which can be leveraged for further exploitation. The vulnerability has been fixed in Scoold 1.64.0. A workaround would be to disable the Scoold API with scoold.api_enabled = false.",Erudika,Scoold,5.3,MEDIUM,0.0004600000102072954,false