Sep 9, 2024 – Vulnerability Alerts!

Daily Cyber Vulnerabilities Roundup: Today’s Tidbits of Trouble

Ah, another day, another set of vulnerabilities to keep the cyber security folk on their toes (and perhaps sipping a little too much tea). If you thought yesterday was thrilling, hold onto your keyboards because today we’ve got a juicy selection of vulnerabilities leaking like awfully constructed garden hoses! Let’s dive in, shall we?

Critical Vulnerabilities in Focus

CVE-2024-8584 requires your immediate attention! The Orca HCM from LEARNING DIGITAL has sprung a serious leak, allowing unauthenticated attackers to create accounts with admin privileges. Yes, really! It’s like handing out free keys to the kingdom. You can find more information here.

CVE-2024-37288 slinks into the spotlight next with a staggering vulnerability lurking within Kibana—a deserialization issue that could lead to arbitrary code execution. If you’re using Elastic Security’s built-in AI tools, you might want to triple-check your configurations here.

Medium Severity Mayhem

CVE-2024-8601 is strutting around in the TechExcel Back Office Software, where improper access controls on API endpoints might let attackers snoop around confidential info. Not ideal, eh? Read more here.

CVE-2024-45203 has been found in the “@cosme” app, affecting Android and iOS versions, enabling the phishers to lead users to arbitrary websites. Phishing season is open, folks! More on this here.

WordPress Woes

The world of WordPress plugins isn’t looking rosy either with several entries including daunting findings like:

  • CVE-2024-7918 – The Pocket Widget WordPress plugin sports some pesky stored XSS vulnerabilities that could spice up admin privileges here.
  • CVE-2024-7687 – AZIndex plugin missing CSRF checks, leading to hilarious mischief. More details here.
  • CVE-2024-6910 – EventON plugin is also caught in the crossfire of XSS issues, consistently failing to escape settings here.

But, of course, dear readers, these vulnerabilities are just the tip of a rather large iceberg. If you want to stay in the loop or see live alerts as they come in (because let’s face it, who wouldn’t?), feel free to reach out. Stay safe out there, and remember: a vulnerable system is a crying shame!

Share This Post:

Facebook
Twitter
LinkedIn
Pinterest
Email
WhatsApp
Picture of Adam Cooke
Adam Cooke
As the Operations and Compliance Manager, Adam oversees all aspects of the business, ensuring operational efficiency and regulatory compliance. Committed to high standards, he ensures everyone is heard and supported. With a strong background in the railway industry, Adam values rigorous standards and safety. Outside of work, he enjoys dog walking, gardening, and exploring new places and cuisines.
What our clients say:
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue
Subscribe to our newsletter

Sign up to receive updates, promotions, and sneak peaks of upcoming products. Plus 20% off your next order.

Promotion nulla vitae elit libero a pharetra augue