悪用活動を確認
CVE-2023-2796 Myeventon Eventon privilege escalation
- 公開エクスプロイトまたは PoC あり
- 悪用活動が関連付け
- インターネット公開 CMS への影響
WordPress プラグインの露出と公開エクスプロイト — PoC 流通後はインターネット公開 CMS への大規模標的化が一般的です。
日次の脆弱性動向:KEV 追加、公開 exploit、重大開示、EPSS リスクの変化。
最優先の 3 件の変化 — アナリストによる短評。CVE ダンプではありません。
悪用活動を確認
WordPress プラグインの露出と公開エクスプロイト — PoC 流通後はインターネット公開 CMS への大規模標的化が一般的です。
悪用活動を確認
Shelly Pro 4pm Firmware memory safety に公開エクスプロイトまたは PoC が関連 — 日和見的スキャンと続く標的型活動を想定してください。
重大な露出リスク
新たな重大 Fobybus Social-media-skeleton RCE(CVSS 10)— 公開直後のウィンドウ。成熟した悪用チェーンの前にインターネットスキャンが先行しがちです。
CISA KEV — 実環境での悪用が確認
本ダイジェストではこのカテゴリに該当なし。
install/aiz-uploader/upload in Campcodes Online Matrimonial Website System Script 3.3 allows XSS via a crafted SVG document.
A Cross Site Scripting (XSS) vulnerability in Adiscon Aiscon LogAnalyzer through 4.1.13 allows a remote attacker to execute arbitrary cod...
A vulnerability was found in PHP Jabbers Shuttle Booking Software 1.0.
A vulnerability was found in PHP Jabbers Service Booking Script 1.0.
A vulnerability was found in PHP Jabbers Night Club Booking Software 1.0.
A vulnerability classified as problematic has been found in PHP Jabbers Cleaning Business 1.0.
A vulnerability classified as problematic was found in PHP Jabbers Taxi Booking 2.0.
A vulnerability, which was classified as problematic, has been found in PHP Jabbers Rental Property Booking 2.0.
A vulnerability has been found in Academy LMS 6.0 and classified as problematic.
Shelly 4PM Pro four-channel smart switch 0.11.0 allows an attacker to trigger a BLE out of bounds read fault condition that results in a...
Unauth.
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauth...
本ダイジェストではこのカテゴリに該当なし。
A SQL injection vulnerability exists in Control ID IDSecure 4.7.26.0 and prior, allowing unauthenticated attackers to write PHP files on...
Connected IO v2.1.0 and prior has an argument injection vulnerability in its AT command message in its communication protocol, enabling a...
Connected IO v2.1.0 and prior has a misconfiguration in their MQTT broker used for management and device communication, which allows devi...
An issue in Harrison Chase langchain v.0.0.194 allows an attacker to execute arbitrary code via the python exec calls in the PALChain, af...
CloudExplorer Lite is an open source, lightweight cloud management platform.
MindsDB's AI Virtual Database allows developers to connect any AI/ML model to any datasource.
Knowage is an open source analytics and business intelligence suite.
An arbitrary file overwrite vulnerability in NoMachine Free Edition and Enterprise Client for macOS before v8.8.1 allows attackers to ove...
social-media-skeleton is an uncompleted social media project.
PHPGurukul Online Security Guards Hiring System v.1.0 is vulnerable to SQL Injection via osghs/admin/search.php.