FoxyProxys

4 exploits Active since Feb 2024
CVE-2024-27956 NOMISEC CRITICAL SUSPICIOUS
WordPress Automatic Plugin <= 3.92.0 - SQL Injection
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in ValvePress Automatic allows SQL Injection.This issue affects Automatic: from n/a through 3.92.0.
1 stars
CVSS 9.9
CVE-2024-3400 NOMISEC CRITICAL SUSPICIOUS
Palo Alto Networks PAN-OS Unauthenticated Remote Code Execution
A command injection as a result of arbitrary file creation vulnerability in the GlobalProtect feature of Palo Alto Networks PAN-OS software for specific PAN-OS versions and distinct feature configurations may enable an unauthenticated attacker to execute arbitrary code with root privileges on the firewall. Cloud NGFW, Panorama appliances, and Prisma Access are not impacted by this vulnerability.
CVSS 10.0
CVE-2023-52654 NOMISEC MEDIUM WORKING POC
Linux Kernel 5.4.220-5.4.263 - File Reference Cycle via io_uring Socket Transmission
In the Linux kernel, the following vulnerability has been resolved: io_uring/af_unix: disable sending io_uring over sockets File reference cycles have caused lots of problems for io_uring in the past, and it still doesn't work exactly right and races with unix_stream_read_generic(). The safest fix would be to completely disallow sending io_uring files via sockets via SCM_RIGHT, so there are no possible cycles invloving registered files and thus rendering SCM accounting on the io_uring side unnecessary.
CVSS 4.7
CVE-2024-21345 NOMISEC HIGH SUSPICIOUS
Windows Server 2022 23H2 < 10.0.25398.709 - Heap-based Buffer Overflow
Windows Kernel Elevation of Privilege Vulnerability
CVSS 8.8