Wöchentliches Briefing: Top 5 Hacker-relevante Schwachstellen

Image cover for blog post.

28.03.2025

Profile image of ENTRYZERO

ENTRYZERO

Alle 15 Minuten tritt eine neue Schwachstelle auf, was zu durchschnittlich etwa 650 neuen Schwachstellen pro Woche führt – eine überwältigende Rate, die schwer zu bewältigen ist. Die durchschnittlichen Kosten eines Sicherheitsvorfalls sind weltweit auf ein Rekordhoch von 4,45 Millionen US-Dollar gestiegen. Um Organisationen zu helfen, ihre Ressourcen effektiv zuzuweisen und sich auf die risikoreichsten Schwachstellen zu konzentrieren, entwickeln wir einen neuartigen, entscheidungsbaum-basierten Priorisierungsansatz. Dieser wird auf Basis von über 100.000 Schwachstellen- und Bedrohungsinformationen trainiert und erweitert Industriestandards wie CVSS und EPSS, um das Echtzeitrisiko und den Kontext neuer Schwachstellen besser zu erfassen (ein großes Dankeschön an CVE Program, NVD und VulnCheck für die Bereitstellung umfassender und aktueller CVE-Daten). In dieser Serie präsentieren wir die Top 5 Schwachstellen der Woche, basierend auf einem Teilbaum unseres Modells.

Kalenderwoche 13 2025

Top 5

  1. Kubernetes Ingress-Nginx Controller | Unauthenticated Remote Attack | Improper Input Validation and Improper Isolation Vulnerabilities | CVE-2025-1974, CVE-2025-1097 | Details1, Details2, PoC1, PoC2

  2. Google Chromium | Unauthenticated Remote Attack | Sandbox Escape Vulnerability | CVE-2025-2783 | Details, PoC

  3. Next.js | Unauthenticated Remote Attack | Middleware Bypass Vulnerability | CVE-2025-29927 | Details, PoC

  4. Microsoft Active Directory | Authenticated Remote Attack | Improper Access Control Vulnerability | CVE-2025-21293 | Details, PoC

  5. CrushFTP | Unauthenticated Remote Attack | Improper Authentication Vulnerability | CVE-2025-2825 | Details, PoC

Vulnerability Statistics

  • Total: 1054
  • Critical: 23
  • High: 47
  • Medium: 106
  • Low: 10
  • Unknown: 868

Kalenderwoche 12 2025

Top 5

  1. GitHub Action tj-actions/changed-files | Unauthenticated Remote Attack | Embedded Malicious Code Vulnerability | CVE-2025-30066 | Details, PoC

  2. HUSKY - WooCommerce plugin for WordPress | Unauthenticated Remote Attack | Arbitrary Local File Inclusion Vulnerability | CVE-2025-1661 | Details, PoC

  3. Apache Tomcat | Unauthenticated Remote Attack | Ambiguous Path Equivalence Vulnerability | CVE-2025-24813 | Details, PoC

  4. Windows File Explorer | Unauthenticated Remote Attack | Sensitive Information Exposure Vulnerability | CVE-2025-24071 | Details, PoC

  5. Veeam Backup & Replication | Authenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-23120 | Details, PoC

Vulnerability Statistics

  • Total: 811
  • Critical: 16
  • High: 43
  • Medium: 70
  • Low: 20
  • Unknown: 662

Kalenderwoche 11 2025

Top 5

  1. D-Link DIR-859 Router | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-57045 | Details, PoC

  2. Ivanti Endpoint Manager (EPM) | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-13161 | Details, PoC

  3. GitLab | Unauthenticated Remote Attack | Authentication Bypass Vulnerabilities | CVE-2025-25291, CVE-2025-25292 | Details, PoC

  4. Apache Camel | Unauthenticated Remote Attack | Code Injection Vulnerabilities | CVE-2025-27636, CVE-2025-29891 | Details, PoC

  5. Fortinet FortiOS and FortiProxy | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-24472 | Details

Vulnerability Statistics

  • Total: 743
  • Critical: 17
  • High: 139
  • Medium: 141
  • Low: 23
  • Unknown: 423

Kalenderwoche 10 2025

Top 5

  1. JSONpath-Plus | Unauthenticated Remote Attack | Improper Input Sanitization Vulnerability | CVE-2025-1302 | Details, PoC

  2. Hewlett Packard Insight Remote Support | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-53676 | Details, PoC

  3. Exim Internet Mailer | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-26794 | Details, PoC

  4. Elastic Kibana | Authenticated Remote Attack | Prototype Pollution Vulnerability | CVE-2025-25012 | Details

  5. Zohocorp ManageEngine ADSelfService Plus | Authenticated Remote Attack | Session Mishandling Vulnerability | CVE-2025-1723 | Details

Vulnerability Statistics

  • Total: 905
  • Critical: 28
  • High: 104
  • Medium: 153
  • Low: 10
  • Unknown: 610

Kalenderwoche 09 2025

Top 5

  1. Angular-base64-upload Library | Unauthenticated Remote Attack | Unrestricted File Upload Vulnerability | CVE-2024-42640 | Details, PoC

  2. Ivanti Endpoint Manager (EPM) | Unauthenticated Remote Attack | Path Traversal Vulnerabilities | CVE-2024-13159, CVE-2024-13160 | Details, PoC1, PoC2

  3. Microsoft Partner Center | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-49035 | Details

  4. BIG-IP iControl REST | Authenticated Remote Attack | Command Injection Vulnerability | CVE-2025-20029 | Details, PoC

  5. Oracle WebLogic Server | Unauthenticated Remote Attack | Missing Authentication Vulnerability | CVE-2025-21535 | Details

Vulnerability Statistics

  • Total: 1475
  • Critical: 27
  • High: 123
  • Medium: 227
  • Low: 41
  • Unknown: 1057

Kalenderwoche 08 2025

Top 5

  1. PostgreSQL Libpq | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-1094 | Details, PoC

  2. Microsoft Power Pages | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2025-24989 | Details

  3. Juniper Session Smart Conductor and WAN Assurance Managed Routers | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-21589 | Details

  4. NetScaler Console and Agent | Authenticated Remote Attack | Improper Privilege Management Vulnerability | CVE-2024-12284 | Details

  5. Adobe Commerce and Magento | Unauthenticated Remote Attack | Improper Authorization Vulnerability | CVE-2025-24434 | Details

Vulnerability Statistics

  • Total: 681
  • Critical: 8
  • High: 49
  • Medium: 174
  • Low: 11
  • Unknown: 439

Kalenderwoche 07 2025

Top 5

  1. Zimbra Collaboration | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-25064 | Details

  2. Windows Lightweight Directory Access Protocol (LDAP) | Unauthenticated Remote Attack | Heap-based Buffer Overflow Vulnerability | CVE-2025-21376 | Details

  3. Palo Alto Networks PAN-OS | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2025-0108 | Details, PoC

  4. Zyxel Customer premise equipment (CPE) | Authenticated Remote Attack | Command Injection and Insecure Default Credentials Vulnerabilities | CVE-2025-0890, CVE-2024-40890, CVE-2024-40891 | Details, PoC

  5. Microsoft Windows WinSock and Storage Link | Local Attack | Heap-based Buffer Overflow and Link Following Vulnerabilities | CVE-2025-21418, CVE-2025-21391 | Details

Vulnerability Statistics

  • Total: 881
  • Critical: 12
  • High: 120
  • Medium: 112
  • Low: 24
  • Unknown: 613

Kalenderwoche 06 2025

Top 5

  1. SimpleHelp | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-57727 | Details, PoC

  2. Cisco Identity Services Engine (ISE) | Authenticated Remote Attack | Untrusted Deserialization and Improper Authorization Vulnerabilities | CVE-2025-20124, CVE-2025-20125 | Details

  3. 7-Zip | Remote Attack | Mark of the Web Bypass Vulnerability | CVE-2025-0411 | Details, PoC

  4. Advantive VeraCore | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-25181 | Details, PoC

  5. Veeam Backup | Unauthenticated Remote Attack | Code Injection Vulnerability | CVE-2025-23114 | Details

Vulnerability Statistics

  • Total: 734
  • Critical: 13
  • High: 53
  • Medium: 144
  • Low: 10
  • Unknown: 514

Kalenderwoche 05 2025

  1. Microsoft Windows | Unauthenticated Remote Attack | NTLMv2 Hash Disclosure Spoofing Vulnerability | CVE-2024-43451 | Details, PoC

  2. VMware Avi Load Balancer | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2025-22217 | Details

  3. Oracle JD Edwards EnterpriseOne Tools | Unauthenticated Remote Attack | Code Injection Vulnerability | CVE-2025-21524 | Details

  4. QNAP QTS and QuTS hero | Unauthenticated Remote Attack | Link Following Vulnerability | CVE-2024-53691 | Details, PoC

  5. Liferay Portal | Unauthenticated Remote Attack | Cross-Site Scripting (XSS) Vulnerability | CVE-2024-25608 | Details

Kalenderwoche 04 2025

  1. Mitel MiCollab | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-41713 | Details, PoC

  2. Next.js | Unauthenticated Remote Attack | Authorization Bypass Vulnerability | CVE-2024-46982 | Details, PoC

  3. SonicWall SMA1000 Appliance Management Console (AMC) and Central Management Server (CMS) | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2025-23006 | Details

  4. Jenkins Bitbucket Server Integration and OpenID Connect Authentication Plugins | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Cross-Site Request Forgery (CSRF) and Incorrect Default Permissions | CVE-2025-24398, CVE-2025-24399 | Details

  5. Linear eMerge e3-Series | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-9441 | Details, PoC

Kalenderwoche 03 2025

  1. Microsoft Configuration Manager | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-43468 | Details, PoC

  2. Fortinet FortiOS | Unauthenticated Remote Attack | Authorization Bypass Vulnerability | CVE-2024-55591 | Details, PoC

  3. Kubernetes kubelet | Authenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-10220 | Details, PoC

  4. Windows OLE | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2025-21298 | Details

  5. Oracle Agile PLM Framework | Unauthenticated Remote Attack | Incorrect Authorization Vulnerability | CVE-2024-21287 | Details

Kalenderwoche 02 2025

  1. Aviatrix Controller | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-50603 | Details, PoC

  2. WordPress GiveWP Donation Plugin and Fundraising Platform | Unauthenticated Remote Attack | PHP Object Injection Vulnerability | CVE-2024-8353 | Details, PoC

  3. Ivanti Connect Secure, Policy Secure, and ZTA Gateways | Unauthenticated Remote Attack | Stack-Based Buffer Overflow Vulnerabilities | CVE-2025-0282, CVE-2025-0283 | Details

  4. Oracle WebLogic Server | Unauthenticated Remote Attack | Improper Deserialization Vulnerability | CVE-2020-2883 | Details, PoC

  5. SonicWall SonicOS SSLVPN | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-53704 | Details

Kalenderwoche 01 2025

  1. Windows Lightweight Directory Access Protocol (LDAP) | Unauthenticated Remote Attack | Denial of Service Vulnerability | CVE-2024-49113 | Details, PoC

  2. Apache Traffic Control | Authenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-45387 | Details, PoC

  3. Oracle WebLogic Server | Unauthenticated Remote Attack | Java Naming and Directory Interface (JNDI) Injection Vulnerability | CVE-2024-21182 | Details, PoC

  4. Progress WhatsUp Gold | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Authentication Bypass and LDAP Configuration | CVE-2024-12106, CVE-2024-12108 | Details

  5. D-Link DIR-845L router | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-33112 | Details

Kalenderwoche 52 2024

  1. Apache Tomcat | Unauthenticated Remote Attack | Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability | CVE-2024-56337 | Details, PoC

  2. Splunk Enterprise | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-36991 | Details, PoC

  3. Craft CMS | Unauthenticated Remote Attack | Code Injection Vulnerability | CVE-2024-56145 | Details, PoC

  4. libxml2 | Unauthenticated Remote Attack | External Entity Injection Vulnerability | CVE-2024-40896 | Details

  5. Adobe ColdFusion | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-53961 | Details

Kalenderwoche 51 2024

  1. Apache Tomcat | Unauthenticated Remote Attack | Time-of-check Time-of-use (TOCTOU) Race Condition Vulnerability | CVE-2024-50379 | Details, PoC

  2. BeyondTrust Privileged Remote Access (PRA) and Remote Support (RS) | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-12356 | Details

  3. Spring Framework | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-38819 | Details, PoC

  4. Sophos Firewall | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Code Injection, Weak Credentials and SQL Injection | CVE-2024-12727, CVE-2024-12728, CVE-2024-12729 | Details

  5. Kerio Control | Unauthenticated Remote Attack | HTTP Response Splitting Vulnerability | CVE-2024-52875 | Details, PoC

Kalenderwoche 50 2024

  1. Cleo Harmony, VLTrader and LexiCom | Unauthenticated Remote Attack | Unrestricted File Upload and Download Vulnerability | CVE-2024-50623 | Details, PoC

  2. Ivanti Cloud Service Appliance | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-11639 | Details

  3. WordPress Plugins - Widget Options, WP Umbrella, My Geo Posts | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Improper Input Sanitization, Arbitrary File Upload and Deserialization of Untrusted Data | CVE-2024-8672, CVE-2024-12209, CVE-2024-52433 | Details1, Details2, Details3, PoC1, PoC2, PoC3

  4. Microsoft Windows LDAP and Common Log File Systems | Unauthenticated Remote Attack | Multiple Vulnerabilities Including Remote Code Execution and Heap-based Buffer Overflow | CVE-2024-49112, CVE-2024-49138 | Details1, Details2

  5. Apache Struts | Unauthenticated Remote Attack | Unrestricted File Upload Vulnerability | CVE-2024-53677 | Details

Kalenderwoche 49 2024

  1. Zabbix Server | Authenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-42327 | Details, PoC

  2. ProjectSend | Unauthenticated Remote Attack | Improper Authentication Vulnerability | CVE-2024-11680 | Details, PoC

  3. SailPoint IdentityIQ | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-10905 | Details

  4. TP-Link Archer, Deco, and Tapo Series Routers | Authenticated Remote Attack | Command Injection Vulnerability | CVE-2024-53375 | Details, PoC

  5. 7-Zip Zstandard Decompression | Unauthenticated Remote Attack | Integer Underflow Vulnerability | CVE-2024-11477 | Details, PoC

Kalenderwoche 48 2024

  1. CleanTalk Spam Protection and Firewall Plugin for WordPress | Unauthenticated Remote Attack | Authorization Bypass Vulnerability | CVE-2024-10542 | Details, PoC

  2. OpenSSL | Unauthenticated Remote Attack | Memory Corruption and Command Injection Vulnerabilities | CVE-2024-5535, CVE-2022-2274, CVE-2022-1292, CVE-2022-2068 | Details, PoC1, PoC2

  3. Zyxel ATP and USG Flex Firewall | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-42057 | Details

  4. QNAP QuRouter | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2024-48860, CVE-2024-48861 | Details

  5. Kubernetes Kubelet | Authenticated Remote Attack | Path Traversal Vulnerability | Details

Kalenderwoche 47 2024

  1. Palo Alto PAN-OS | Unauthenticated Remote Attack | Authentication Bypass and Command Injection Vulnerabilities | CVE-2024-0012, CVE-2024-9474 | Details1, Details2, PoC1, PoC2

  2. WordPress WP Time Capsule Backup and Staging Plugin | Unauthenticated Remote Attack | Arbitrary File Upload Vulnerability | CVE-2024-8856 | Details, PoC

  3. WordPress Really Simple Security Plugin | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-10924 | Details, PoC

  4. Citrix Session Recording | Authenticated Remote Attack | Authenticated Remote Attack | CVE-2024-8069 | Details, PoC

  5. SAP BusinessObjects Business Intelligence Platform | Unauthenticated Remote Attack | Missing Authentication Check Vulnerability | CVE-2024-41730 | Details, PoC

Kalenderwoche 46 2024

  1. Rocket.Chat | Unauthenticated Remote Attack | Server-Side Request Forgery (SSRF) Vulnerability | CVE-2024-39713 | Details, PoC

  2. D-Link NAS Devices | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-10914 | Details, PoC

  3. Fortinet FortiManager | Unauthenticated Remote Attack | Missing Authentication Vulnerability | CVE-2024-47575 | Details, PoC

  4. Nginx UI | Unauthenticated Remote Attack | Logrotate Misconfiguration Vulnerability | CVE-2024-49368 | Details, PoC

  5. LiteSpeed Cache | Unauthenticated Remote Attack | Insufficiently Protected Credentials Vulnerability | CVE-2024-44000 | Details, PoC

Kalenderwoche 45 2024

  1. Jenkins Command Line Interface | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-23987 | Details, PoC

  2. ScienceLogic SL1 | Unauthenticated Remote Attack | Remote Code Execution Vulnerability | CVE-2024-9537 | Details

  3. Cisco Ultra-Reliable Wireless Backhaul Access Points | Unauthenticated Remote Attack | Improper Input Validation Vulnerability | CVE-2024-20418 | Details

  4. HPE Aruba Networking Access Points | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-42509 | Details

  5. Symphony PHP framework | Unauthenticated Remote Attack | Improper Input Validation Vulnerability | CVE-2024-50340 | Details, PoC

Kalenderwoche 44 2024

  1. CyberPanel | Unauthenticated Remote Attack | Authentication Bypass and Command Injection Vulnerabilities | CVE-2024-51567, CVE-2024-51378 | Details, PoC1, PoC2

  2. RoundCube Webmail | Unauthenticated Remote Attack | Cross-Site Scripting (XSS) Vulnerability | CVE-2024-37383 | Details, PoC

  3. PyTorch | Unauthenticated Remote Attack | Insecure Deserialization Vulnerability | CVE-2024-48063 | Details, PoC

  4. Microsoft Sharepoint | Authenticated Remote Attack | Insecure Deserialization Vulnerability | CVE-2024-38094 | Details

  5. Microsoft Windows Server | Authenticated Remote Attack | Elevation of Privilege Vulnerability | CVE-2024-43532 | Details

Kalenderwoche 43 2024

  1. Grafana | Authenticated Remote Attack | Code Injection Vulnerability | CVE-2024-9264 | Details, PoC1, PoC2

  2. pfSense | Unauthenticated Remote Attack | Cross-Site Scripting (XSS) Vulnerability | CVE-2024-46538 | Details, PoC

  3. Fortinet FortiManager | Unauthenticated Remote Attack | Missing Authentication Vulnerability | CVE-2024-47575 | Details1, Details2

  4. WordPress TI WooCommerce Wishlist Plugin | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-43917 | Details, PoC

  5. WordPress Premium ARForms Form Builder Plugin | Unauthenticated Remote Attack | Unauthenticated File Upload Vulnerability | CVE-2024-4620 | Details, PoC

Kalenderwoche 42 2024

  1. ConnectWise ScreenConnect | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-1709 | Details

  2. GitHub Enterprise Server | Unauthenticated Remote Attack | Improper Verification of Cryptographic Signature | CVE-2024-9487 | Details

  3. Ruby SAML | Unauthenticated Remote Attack | Improper Verification of SAML Response Signature | CVE-2024-45409 | Details, PoC

  4. Mozilla Firefox and Firefox ESR | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-9680 | Details, PoC

  5. Veeam Backup and Replication | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2024-40711 | Details, PoC

Kalenderwoche 41 2024

  1. Palo Alto Networks Expedition | Unauthenticated Remote Attack | OS and SQL Injection Vulnerabilities | CVE-2024-9463, CVE-2024-9464, CVE-2024-9465 | Details, PoC1, PoC2

  2. Mozilla Firefox and Firefox ESR | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-9680 | Details

  3. Fortinet FortiOS, FortiPAM, FortiProxy, and FortiWeb | Unauthenticated Remote Attack | Format String Vulnerability | CVE-2024-23113 | Details

  4. Windows RDP | Unauthenticated Remote Attack | Use After Free Vulnerability | CVE-2024-43582 | Details

  5. PostgreSQL pgAdmin | Unauthenticated Remote Attack | Insufficiently Protected Credentials in OAuth2 Authentication | CVE-2024-9014 | Details, PoC

Kalenderwoche 40 2024

  1. Cisco IOS XE | Unauthenticated Remote Attack | Improper Resource Management Vulnerability | CVE-2024-20467 | Details

  2. OpenPrinting CUPS | Unauthenticated Remote Attack | Binding to an Unrestricted IP Address and Input Validation Vulnerabilities | CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177 | Details, PoC1, PoC2

  3. Check Point Quantum Security Gateways | Unauthenticated Remote Attack | Information Disclosure Vulnerability | CVE-2024-24919 | Details, PoC

  4. Synacor Zimbra Collaboration | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-45519 | Details, PoC

  5. Broadcom VMware vCenter Server | Unauthenticated Remote Attack | Heap Overflow Vulnerability | CVE-2024-38812 | Details

Kalenderwoche 39 2024

  1. OpenPrinting CUPS | Unauthenticated Remote Attack | Binding to an Unrestricted IP Address and Input Validation Vulnerabilities | CVE-2024-47176, CVE-2024-47076, CVE-2024-47175, CVE-2024-47177 | Details, PoC

  2. Aruba Access Points | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2024-42505, CVE-2024-42506, CVE-2024-42507 | Details

  3. Cisco Smart Licensing Utility | Unauthenticated Remote Attack | Use of Hard-coded Credentials Vulnerability | CVE-2024-20439 | Details, PoC

  4. MediaTek Wi-Fi Chipsets | Unauthenticated Remote Attack | Out-of-Bounds Write Vulnerability | CVE-2024-20017 | Details, PoC

  5. Keycloak | Authenticated Remote Attack | Improper Signature Verification Vulnerability | CVE-2024-8698 | Details

Kalenderwoche 38 2024

  1. Apache HugeGraph | Unauthenticated Remote Attack |  Improper Access Control Vulnerability | CVE-2024-27348 | Details, PoC

  2. Ivanti Endpoint Manager | Unauthenticated Remote Attack | Improper Deserialization of Untrusted Data Vulnerability | CVE-2024-29847 | Details, PoC

  3. Thinkphp | Unauthenticated Remote Attack | Improper Deserialization of Untrusted Data Vulnerability | CVE-2024-44902 | Details, PoC

  4. Raisecom Gateway Devices | Unauthenticated Remote Attack | Command Injection Vulnerability | Details, PoC

  5. Broadcom vCenter Server | Unauthenticated Remote Attack | Heap Overflow Vulnerability | Details

Kalenderwoche 37 2024

  1. Kemp LoadMaster | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-1212 | Details, PoC

  2. Qualitor ITSM | Unauthenticated Remote Attack | Arbitrary File Upload Vulnerability | CVE-2024-44849 | Details, PoC

  3. Apache OFBiz | Unauthenticated Remote Attack | Server-Side Request Forgery Vulnerability | CVE-2024-45507 | Details, PoC

  4. SonicWall SonicOS | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-40766 | Details

  5. GitLab CE/EE | Authenticated Remote Attack | Pipeline Execution Vulnerability | CVE-2024-6678 | Details

Kalenderwoche 36 2024

  1. Cisco Smart Licensing Utility | Unauthenticated Remote Attack | Sensitive Information in Log Files and Static Admin Credentials Vulnerabilities | CVE-2024-20439, CVE-2024-20440 | Details, PoC1, PoC2

  2. Veeam Backup & Replication | Unauthenticated Remote Attack | Remote Code Execution Vulnerability | CVE-2024-40711 | Details

  3. Ivanti Virtual Traffic Manager | Unauthenticated Remote Attack | Admin Authentication Bypass Vulnerability | CVE-2024-7593 | Details, PoC

  4. Zyxel APs and Security Router Devices | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-7261 | Details

  5. WhatsUp Gold | Unauthenticated Remote Attack | SQL Injection Vulnerability | CVE-2024-6670 | Details, PoC

Kalenderwoche 35 2024

  1. Wordpress Litespeed Cache | Unauthenticated Remote Attack | Incorrect Privilege Assignment Vulnerability | CVE-2024-28000 | Details, PoC

  2. AVTECH IP Cameras | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-7029 | Details, PoC

  3. Apache OFBiz | Unauthenticated Remote Attack | Path Traversal and Incorrect Authorization Vulnerabilities | CVE-2024-32113, CVE-2024-38856 | Details, PoC1, PoC2

  4. Google Chromium V8 | Unauthenticated Remote Attack | Confusion and Inappropriate Implementation Vulnerabilities | CVE-2024-5274, CVE-2024-7965 | Details, Details, PoC1

  5. SonicWall SonicOS | Unauthenticated Remote Attack | Improper Access Control Vulnerability | CVE-2024-40766 | Details

Kalenderwoche 34 2024

  1. GitHub Enterprise Server | Unauthenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-6800 | Details

  2. Ingress Nginx Controller | Authenticated Remote Attack | Annotation Validation Bypass Vulnerability | CVE-2024-7646 | Details, PoC

  3. ServiceNow | Unauthenticated Remote Attack | Input Validation and Incomplete List of Disallowed Inputs Vulnerabilities | CVE-2024-5217, CVE-2024-4879 | Details, PoC1, PoC2

  4. Dahua IP Cameras, Video Intercom, NVR, XVR devices | Unauthenticated Remote Attack | Authentication Bypass Vulnerabilities | CVE-2021-33044, CVE-2021-33045 | Details, PoC

  5. Apache HTTP Server | Unauthenticated Remote Attack | Substitution Encoding Vulnerabilities | CVE-2024-38474, CVE-2024-38475 | Details, PoC

Kalenderwoche 33 2024

  1. TOTOLINK EX1800T and A3700R | Unauthenticated Remote Attack | Command Injection Vulnerabilities | CVE-2024-34257, CVE-2023-46574 | Details, PoC1, PoC2

  2. Windows 10, 11, and Server | Unauthenticated Remote Attack | TCP/IP Buffer Overflow Vulnerability in IPv6 Stack | CVE-2024-38063 | Details, PoC

  3. VMware ESXi | Authenticated Remote Attack | Authentication Bypass Vulnerability | CVE-2024-37085 | Details, PoC

  4. SolarWinds Web Help Desk | Unauthenticated Remote Attack | Deserialization of Untrusted Data Vulnerability | CVE-2024-28986 | Details

  5. Ivanti Virtual Traffic Manager | Unauthenticated Remote Attack | Admin Authentication Bypass Vulnerability | CVE-2024-7593 | Details

Kalenderwoche 32 2024

  1. Cacti Network Monitoring and Fault Management Framework | Unauthenticated Remote Attack | Command Injection Vulnerability | CVE-2024-29895 | Details, PoC

  2. Jenkins | Unauthenticated Remote Attack | Path Traversal Vulnerability | CVE-2024-43044 | Details, PoC

  3. ServiceNow | Unauthenticated Remote Attack | Input Validation and Incomplete List of Disallowed Inputs Vulnerabilities | CVE-2024-5217, CVE-2024-4879 | Details, PoC1, PoC2

  4. Progress WhatsUpGold | Unauthenticated Remote Attack | Improper Path Validation Vulnerability | CVE-2024-4885 | Details, PoC

  5. Apache OFBiz | Unauthenticated Remote Attack | Path Traversal and Incorrect Authorization Vulnerabilities | CVE-2024-32113, CVE-2024-38856 | Details, PoC1, PoC2

Alle Rechte vorbehalten von ENTRYZERO GmbH

Website by Sanico Software

IMPRESSUM: ENTRYZERO GmbH, Konrad-Zuse-Straße 18, 44801 Bochum, Sitz: Bochum, Registergericht: Amtsgericht Bochum, HRB Nr.: 21709, USt-IdNr: DE369315057, Geschäftsführer: Dr. Mohamad Sbeiti, Samet Gökbayrak, Tel.: +49 234 94426026, E-Mail: info@entryzero.ai

DATENSCHUTZERKLÄRUNG: Diese Website erhebt keine personenbezogenen Daten. Wir verwenden keine Cookies, Tracker, Formulare oder ähnliche Technologien. Durch den Besuch unserer Website erklären Sie sich jedoch damit einverstanden, dass bei jeder Seitenanfrage die folgenden nicht-personenbezogenen Informationen zu statistischen Zwecken, zur Erkennung/Verhinderung von Eindringversuchen und zur Fehlerbehebung auf dem Webserver gespeichert werden: angeforderte Adresse (URL), Anfragedatum und -uhrzeit, IP-Adresse des Clients, User-Agent und Referer. Es werden keine Informationen an Dritte weitergegeben oder mit Dritten geteilt

Logo of the German Ministry