悪用活動を確認
CVE-2024-50477 Stacksmarket Stacks Mobile App Builder Auth Bypass
- 公開エクスプロイトまたは PoC あり
- 悪用活動が関連付け
- 認証バイパス — 未認証アクセスのリスク
Stacksmarket Stacks Mobile App Builder Auth Bypass に公開エクスプロイトまたは PoC が関連 — 日和見的スキャンと続く標的型活動を想定してください。
日次の脆弱性動向:KEV 追加、公開 exploit、重大開示、EPSS リスクの変化。
最優先の 3 件の変化 — アナリストによる短評。CVE ダンプではありません。
悪用活動を確認
Stacksmarket Stacks Mobile App Builder Auth Bypass に公開エクスプロイトまたは PoC が関連 — 日和見的スキャンと続く標的型活動を想定してください。
悪用活動を確認
Microsoft Defender For Endpoint privilege escalation に公開エクスプロイトまたは PoC が関連 — 日和見的スキャンと続く標的型活動を想定してください。
重大な露出リスク
新たな重大 Genetechsolutions Pie Register Auth Bypass(CVSS 10)— 公開直後のウィンドウ。成熟した悪用チェーンの前にインターネットスキャンが先行しがちです。
CISA KEV — 実環境での悪用が確認
本ダイジェストではこのカテゴリに該当なし。
In the Production Environment extension in Netmake ScriptCase through 9.12.006 (23), shell injection in the SSH connection settings allow...
Sudo before 1.9.17p1, when used with a sudoers file that specifies a host that is neither the current host nor ALL, allows listed users t...
Sudo Inclusion of Functionality from Untrusted Control Sphere
Improper input validation in Microsoft Office Outlook allows an authorized attacker to execute code locally.
Use after free in Microsoft Office PowerPoint allows an unauthorized attacker to execute code locally.
Improper access control in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally.
Authentication Bypass Using an Alternate Path or Channel vulnerability in Stacks Stacks Mobile App Builder stacks-mobile-app-builder allo...
Discourse is an open source platform for community discussion.
本ダイジェストではこのカテゴリに該当なし。
Cryptographic issue occurs due to use of insecure connection method while downloading.
Adobe Connect versions 24.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could lead to arbitrary co...
An authentication bypass vulnerability exists in the WordPress Pie Register plugin ≤ 3.7.1.4 that allows unauthenticated attackers to imp...
Hard-coded login credentials were found in HPE Networking Instant On Access Points, allowing anyone with knowledge of it to bypass normal...
SQL injection vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter.
Heap-based buffer overflow in Windows SPNEGO Extended Negotiation allows an unauthorized attacker to execute code over a network.
The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sb_file_d...
The Support Board plugin for WordPress is vulnerable to unauthorized access/modification/deletion of data due to use of hardcoded default...
Adobe Experience Manager (MS) versions 6.5.23.0 and earlier are affected by a Deserialization of Untrusted Data vulnerability that could...
ColdFusion versions 2025.2, 2023.14, 2021.20 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE')...