Security Vulnerabilities - CVEs Published In July 2024
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability.
CVSS Score
4.3
EPSS Score
0.001
Published
2024-07-10
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
CVSS Score
7.5
EPSS Score
0.004
Published
2024-07-10
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
CVSS Score
6.1
EPSS Score
0.006
Published
2024-07-10
CVE-2024-5910
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
Known exploited
CVSS Score
9.8
EPSS Score
0.91
Published
2024-07-10
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-10
Sensitive information disclosure in NetScaler Console
CVSS Score
8.8
EPSS Score
0.858
Published
2024-07-10
Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.
CVSS Score
5.4
EPSS Score
0.002
Published
2024-07-10
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.
CVSS Score
4.3
EPSS Score
0.13
Published
2024-07-10
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.
CVSS Score
9.1
EPSS Score
0.084
Published
2024-07-10
CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Known exploited
CVSS Score
9.8
EPSS Score
0.943
Published
2024-07-10