Security Vulnerabilities - CVEs Published In July 2024
A vulnerability has been found in SourceCodester Employee and Visitor Gate Pass Logging System 1.0 and classified as problematic. Affected by this vulnerability is the function save_users of the file Users.php. The manipulation leads to cross-site request forgery. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-271057 was assigned to this vulnerability.
CVSS Score
6.9
EPSS Score
0.001
Published
2024-07-10
Denial of Service in NetScaler ADC and NetScaler Gateway in NetScaler
CVSS Score
7.2
EPSS Score
0.004
Published
2024-07-10
Open redirect vulnerability allows a remote unauthenticated attacker to redirect users to arbitrary websites in NetScaler ADC and NetScaler Gateway
CVSS Score
5.1
EPSS Score
0.019
Published
2024-07-10
CVE-2024-5910
Missing authentication for a critical function in Palo Alto Networks Expedition can lead to an Expedition admin account takeover for attackers with network access to Expedition.
Note: Expedition is a tool aiding in configuration migration, tuning, and enrichment. Configuration secrets, credentials, and other data imported into Expedition is at risk due to this issue.
Known exploited
CVSS Score
9.3
EPSS Score
0.91
Published
2024-07-10
An arbitrary file upload vulnerability in Palo Alto Networks Panorama software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and crash the Panorama. Repeated attacks eventually cause the Panorama to enter maintenance mode, which requires manual intervention to bring the Panorama back online.
CVSS Score
7.0
EPSS Score
0.004
Published
2024-07-10
An improper input validation vulnerability in Palo Alto Networks PAN-OS software enables an attacker with the ability to tamper with the physical file system to elevate privileges.
CVSS Score
6.1
EPSS Score
0.001
Published
2024-07-10
Sensitive information disclosure in NetScaler Console
CVSS Score
9.4
EPSS Score
0.868
Published
2024-07-10
Decidim is a participatory democracy framework. The admin panel is subject to potential XSS attach in case the attacker manages to modify some records being uploaded to the server. This vulnerability is fixed in 0.27.6 and 0.28.1.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-07-10
GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. An authenticated user can attach a document to any item, even if the user has no write access on it. Upgrade to 10.0.16.
CVSS Score
4.3
EPSS Score
0.13
Published
2024-07-10
14Finger v1.1 was discovered to contain a remote command execution (RCE) vulnerability in the fingerprint function. This vulnerability allows attackers to execute arbitrary commands via a crafted payload.
CVSS Score
9.1
EPSS Score
0.11
Published
2024-07-10