Alireza Gharib Blog

CVE ID : CVE-2023-48739 Published : Jan. 2, 2025, 3:15 p.m. | 55 minutes ago Description : Missing Authorization vulnerability in Porto Theme Porto Theme – Functionality allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Porto Theme – Functionality: from n/a before 2.12.1. Severity: 5.3 | MEDIUM Visit the link for more details, such…

CVE ID : CVE-2023-47807 Published : Jan. 2, 2025, 3:15 p.m. | 55 minutes ago Description : Missing Authorization vulnerability in 10Web 10WebAnalytics allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10WebAnalytics: from n/a through 1.2.12. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details, affected products, timeline, and…

CVE ID : CVE-2023-47778 Published : Jan. 2, 2025, 3:15 p.m. | 55 minutes ago Description : Missing Authorization vulnerability in LuckyWP LuckyWP Scripts Control allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects LuckyWP Scripts Control: from n/a through 1.2.1. Severity: 4.3 | MEDIUM Visit the link for more details, such as CVSS details,…

CVE ID : CVE-2023-45633 Published : Jan. 2, 2025, 3:15 p.m. | 55 minutes ago Description : Missing Authorization vulnerability in IDX IMPress Listings allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects IMPress Listings: from n/a through 2.6.2. Severity: 6.5 | MEDIUM Visit the link for more details, such as CVSS details, affected products,…

CVE ID : CVE-2023-45272 Published : Jan. 2, 2025, 3:15 p.m. | 55 minutes ago Description : Missing Authorization vulnerability in 10Web 10Web Map Builder for Google Maps allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 10Web Map Builder for Google Maps: from n/a through 1.0.73. Severity: 5.4 | MEDIUM Visit the link for…

CVE ID : CVE-2024-39623 Published : Jan. 2, 2025, 1:15 p.m. | 2 hours, 55 minutes ago Description : Cross-Site Request Forgery (CSRF) vulnerability in CridioStudio ListingPro allows Authentication Bypass.This issue affects ListingPro: from n/a through 2.9.4. Severity: 8.8 | HIGH Visit the link for more details, such as CVSS details, affected products, timeline, and more… Go…

CVE-2024-12108: Progress WhatsUp Gold Vulnerability CVE-2024-12108 with a CVSS score of 9.6 is a critical security vulnerability affecting WhatsUp Gold, a network monitoring software developed by Progress Software Corporation.Affected VersionsThe vulne … Read more Published Date: Jan 02, 2025 (2 hours, 10 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-12108 CVE-2024-12987 CVE-2024-49112 CVE-2024-21182 Go to…

CVE-2024-49112 POC Code Released The CVE-2024-49112 vulnerability, identified as LDAPNightmare, has seen the release of a Proof-of-Concept (PoC) code by SafeBreach Labs. This particular security flaw is critical as it affects the Win … Read more Published Date: Jan 02, 2025 (4 hours, 28 minutes ago) Vulnerabilities has been mentioned in this article. CVE-2024-12987 CVE-2024-49112 CVE-2024-21182 Go…

Publication Date: 2024/10/01 6:35 PM PDT AWS is aware of CVE-2024-0132 and CVE-2024-0133, issues affecting the NVIDIA container toolkit 1.16. At this time, the following services require customer action. If we become aware of additional impact, we will update this bulletin. Amazon Elastic Container Service (Amazon ECS) Amazon ECS has released updated ECS GPU-optimized Amazon Machine Images (AMIs) with…

Publication Date: 2024/12/11 2:00PM PST AWS is aware of CVE-2022-1471 in SnakeYaml software, included in DynamoDB local jar and Docker distributions from version 1.21 and version 2.0. If leveraged, this issue could allow an actor to perform remote code execution using the SnakeYaml’s Constructor(), as the software does not restrict the types that can be…