CVE-2024-2024
published 2024-06-14CVE-2024-2024: The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function…
PriorityP261high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
3.30%
87.0th percentile
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected
27 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| cobbler_project | cobbler | >= 3.0.0 < 3.2.3 | 3.2.3 |
| cobbler_project | cobbler | >= 3.3.0 < 3.3.7 | 3.3.7 |
| fortinet | fortios | — | — |
| fortinet | fortiproxy | — | — |
| github.com | dapr_dapr | >= 1.13.0 < 1.13.3 | 1.13.3 |
| jenkins | appspider_plugin | — | — |
| jenkins | bitbucket_branch_source_plugin | — | — |
| jenkins | build_monitor_view_plugin | — | — |
| jenkins | delphix_plugin | — | — |
| jenkins | gitbucket_plugin | — | — |
| jenkins | html_publisher_plugin | — | — |
| jenkins | improper_input_sanitization_in_html_publisher_plugin | — | — |
| jenkins | mq_notifier_plugin | — | — |
| jenkins | owasp_dependency-check_plugin | — | — |
| jenkins | subversion_partial_release_manager_plugin | — | — |
| jenkins | tls_certificate_validation_in_delphix_plugin | — | — |
| linux | linux_kernel | >= 0 < 4.15.0-246.258 | 4.15.0-246.258 |
| litestar | litestar | 0 – 2.10.0 | — |
| msrc | cbl2_kernel_5.15.164.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.167.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.186.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.200.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_kernel_5.15.202.1-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv5.5MEDIUM
vendor_msrc8.8HIGH
vendor_redhat8.1HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
osv·2026-01-29·CVSS 5.5
CVE-2022-48986 linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
linux, linux-aws, linux-aws-hwe, linux-hwe, linux-kvm, linux-oracle vulnerabilities
Several security issues were discovered in the Linux kernel.
An attacker could possibly use these to compromise the system.
This update corrects flaws in the following subsystems:
- Media drivers;
- NVME drivers;
- File systems infrastructure;
- Timer subsystem;
- Memory management;
- Packet sockets;
(CVE-2022-48986, CVE-2024-27078, CVE-2024-49959, CVE-2024-50195,
CVE-2024-56606, CVE-2024-56756, CVE-2025-39993)
GHSA
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
ghsa·2024-11-18
CVE-2024-47533 [CRITICAL] CWE-287 cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
cobbler allows anyone to connect to cobbler XML-RPC server with known password and make changes
### Summary
utils.get_shared_secret() always returns -1 - allows anyone to connect to cobbler XML-RPC as user '' password -1 and make any changes.
### Details
utils.py get_shared_secret:
```
def get_shared_secret() -> Union[str, int]:
"""
The 'web.ss' file is regenerated each time cobblerd restarts and is used to agree on shared secret interchange
between the web server and cobblerd, and also the CLI and cobblerd, when username/password access is not required.
For the CLI, this enables root users to avoid entering username/pass if on the Cobbler server.
:return: The Cobbler secret which enables full access to Cobbler.
"""
try:
with open("/var/lib/cobbler/web.ss", 'rb', encoding='utf-8') as
GHSA
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
ghsa·2024-08-09
CVE-2024-42370 [HIGH] CWE-74 Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
Withdrawn Advisory: Litestar has an environment Variable injection in `docs-preview.yml` workflow
## Withdrawn Advisory
This advisory has been withdrawn because the confidentiality, integrity, and availability impacts of the vulnerability affect Litestar's CI/CD environment rather than the `litestar` package. While the information in the advisory is still valid, users of the `litestar` package are not affected and do not need to receive Dependabot alerts.
## Original Advisory
### Summary
Litestar's `docs-preview.yml` workflow is vulnerable to Environment Variable injection which may lead to secret exfiltration and repository manipulation.
### Environment Variable injection (`GHSL-2024-177`)
The [`docs-preview.yml` workflow](https://github.com/litestar-org/litestar/blob/ffaf5616b19f6f0
GHSA
GHSA-9ww7-2j6q-jpw4: The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' f
ghsa_unreviewed·2024-06-14
CVE-2024-2024 [HIGH] CWE-22 GHSA-9ww7-2j6q-jpw4: The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' f
The Folders Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'handle_folders_file_upload' function in all versions up to, and including, 3.0.2. This makes it possible for authenticated attackers, with author access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
GHSA
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
ghsa·2024-06-02
CVE-2024-35189 [MEDIUM] CWE-200 Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
Sensitive Data Disclosure Vulnerability in Connection Configuration Endpoints
The Fides webserver has a number of endpoints that retrieve `ConnectionConfiguration` records and their associated `secrets` which _can_ contain sensitive data (e.g. passwords, private keys, etc.). These `secrets` are stored encrypted at rest (in the application database), and the associated endpoints are not meant to expose that sensitive data in plaintext to API clients, as it could be compromising.
Fides's developers have available to them a Pydantic field-attribute (`sensitive`) that they can annotate as `True` to indicate that a given secret field should not be exposed via the API. The application has an internal function that uses `sensitive` annotations to mask the sensitive fields with a `"**********"`
OSV
Dapr API Token Exposure in github.com/dapr/dapr
osv·2024-05-24
CVE-2024-35223 Dapr API Token Exposure in github.com/dapr/dapr
Dapr API Token Exposure in github.com/dapr/dapr
Dapr API Token Exposure in github.com/dapr/dapr
Fortinet
Cross site scripting vulnerability in SSL VPN web UI
vendor_fortinet·2025-03-14·CVSS 7.5
CVE-2024-26006 [HIGH] CWE-79 Cross site scripting vulnerability in SSL VPN web UI
FG-IR-23-485: Cross site scripting vulnerability in SSL VPN web UI
An improper neutralization of input during web page Generation vulnerability [CWE-79] in FortiOS version 7.4.3 and below, version 7.2.7 and below, version 7.0.13 and below and FortiProxy version 7.4.3 and below, version 7.2.9 and below, version 7.0.16 and below web SSL VPN UI may allow a remote unauthenticated attacker to perform a Cross-Site Scripting attack via a malicious samba server.
CVEs: CVE-2024-26006
CWEs: CWE-79
CVSS: 7.5 (high)
Affected products: FortiOS, FortiProxy
Red Hat
kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
vendor_redhat·2024-11-19·CVSS 7.8
CVE-2024-50264 [HIGH] CWE-416 kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
In the Linux kernel, the following vulnerability has been resolved:
vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans
During loopback communication, a dangling pointer can be created in
vsk->trans, potentially leading to a Use-After-Free condition. This
issue is resolved by initializing vsk->trans to NULL.
A dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition.
Package: kernel (Red Hat Enterprise Linux 6) - Not affected
Package: kernel (Red Hat Enterprise Linux 7) - Out of support scope
Package: kernel-rt (Red Hat Enterprise Linux 7) - Out of support scope
Package: kernel-rt (Red Hat Enterprise Linux 9) - Affected
Red Hat
Oracle Fusion Middleware: From CVEorg collector
vendor_redhat·2024-10-15·CVSS 7.5
CVE-2024-21234 [HIGH] Oracle Fusion Middleware: From CVEorg collector
Oracle Fusion Middleware: From CVEorg collector
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3, IIOP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle WebLogic Server accessible data. CVSS 3.1 Base Score 7.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
GitLab
Missing Initialization of a Variable in Wireshark
vendor_gitlab·2024-10-10·CVSS 5.5
CVE-2024-9780 [MEDIUM] CWE-456 Missing Initialization of a Variable in Wireshark
Missing Initialization of a Variable in Wireshark
ITS dissector crash in Wireshark 4.4.0 allows denial of service via packet injection or crafted capture file
Affected products: Wireshark
Affected versions: >=4.4.0, <4.4.1 (affected)
Solution: Upgrade to version 4.4.1 or above.
Microsoft
Chromium: CVE-2024-8194 Type Confusion in V8
vendor_msrc·2024-09-10·CVSS 8.8
CVE-2024-8194 [HIGH] Chromium: CVE-2024-8194 Type Confusion in V8
Chromium: CVE-2024-8194 Type Confusion in V8
Description: This CVE was assigned by Chrome. Microsoft Edge (Chromium-based) ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information.
FAQ: Why is this Chrome CVE included in the Security Update Guide?
The vulnerability assigned to this CVE is in Chromium Open Source Software (OSS) which is consumed by Microsoft Edge (Chromium-based). It is being documented in the Security Update Guide to announce that the latest version of Microsoft Edge (Chromium-based) is no longer vulnerable.
How can I see the version of the browser?
In your Microsoft Edge browser, click on the 3 dots (...) on the very right-hand side of the window
Click on Help and Feedback
Click on About Microsoft Edge
FAQ: What is
Microsoft
drm/amdgpu: Fix the null pointer dereference to ras_manager
vendor_msrc·2024-08-13·CVSS 5.5
CVE-2024-43908 [MEDIUM] CWE-476 drm/amdgpu: Fix the null pointer dereference to ras_manager
drm/amdgpu: Fix the null pointer dereference to ras_manager
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Remediation: CBL-Mariner Releases
Reference: https://l
Red Hat
kernel: ionic: fix kernel panic due to multi-buffer handling
vendor_redhat·2024-07-29·CVSS 5.5
CVE-2024-42083 [MEDIUM] kernel: ionic: fix kernel panic due to multi-buffer handling
kernel: ionic: fix kernel panic due to multi-buffer handling
In the Linux kernel, the following vulnerability has been resolved:
ionic: fix kernel panic due to multi-buffer handling
Currently, the ionic_run_xdp() doesn't handle multi-buffer packets
properly for XDP_TX and XDP_REDIRECT.
When a jumbo frame is received, the ionic_run_xdp() first makes xdp
frame with all necessary pages in the rx descriptor.
And if the action is either XDP_TX or XDP_REDIRECT, it should unmap
dma-mapping and reset page pointer to NULL for all pages, not only the
first page.
But it doesn't for SG pages. So, SG pages unexpectedly will be reused.
It eventually causes kernel panic.
Oops: general protection fault, probably for non-canonical address 0x504f4e4dbebc64ff: 0000 [#1] PREEMPT SMP NOPTI
CPU: 3 PID: 0 Comm:
Microsoft
tty: add the option to have a tty reject a new ldisc
vendor_msrc·2024-07-09·CVSS 5.5
CVE-2024-40966 [MEDIUM] tty: add the option to have a tty reject a new ldisc
tty: add the option to have a tty reject a new ldisc
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
Linux: Linux
Customer Action Required: Yes
Red Hat
kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
vendor_redhat·2024-05-30·CVSS 5.5
CVE-2024-36933 [MEDIUM] CWE-457 kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
kernel: nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
In the Linux kernel, the following vulnerability has been resolved:
nsh: Restore skb->{protocol,data,mac_header} for outer header in nsh_gso_segment().
syzbot triggered various splats (see [0] and links) by a crafted GSO
packet of VIRTIO_NET_HDR_GSO_UDP layering the following protocols:
ETH_P_8021AD + ETH_P_NSH + ETH_P_IPV6 + IPPROTO_UDP
NSH can encapsulate IPv4, IPv6, Ethernet, NSH, and MPLS. As the inner
protocol can be Ethernet, NSH GSO handler, nsh_gso_segment(), calls
skb_mac_gso_segment() to invoke inner protocol GSO handlers.
nsh_gso_segment() does the following for the original skb before
calling skb_mac_gso_segment()
1. reset skb->network_header
2. save the original skb->{mac_heaeder,mac_l
Red Hat
keycloak: path transversal in redirection validation
vendor_redhat·2024-04-16·CVSS 8.1
CVE-2024-1132 [HIGH] CWE-22 keycloak: path transversal in redirection validation
keycloak: path transversal in redirection validation
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a wildcard in the Valid Redirect URIs field, and requires user interaction within the malicious URL.
A flaw was found in Keycloak, where it does not properly validate URLs included in a redirect. This issue could allow an attacker to construct a malicious request to bypass validation and access other URLs and sensitive information within the domain or conduct further attacks. This flaw affects any client that utilizes a
Red Hat
argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
vendor_redhat·2024-03-18·CVSS 7.5
CVE-2024-21662 [HIGH] CWE-307 argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
argo-cd: Bypassing Rate Limit and Brute Force Protection Using Cache Overflow
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Prior to versions 2.8.13, 2.9.9, and 2.10.4, an attacker can effectively bypass the rate limit and brute force protections by exploiting the application's weak cache-based mechanism. This loophole in security can be combined with other vulnerabilities to attack the default admin account. This flaw undermines a patch for CVE-2020-8827 intended to protect against brute-force attacks. The application's brute force protection relies on a cache mechanism that tracks login attempts for each user. This cache is limited to a `defaultMaxCacheSize` of 1000 entries. An attacker can overflow this cache by bombarding it with login attempts for differen
Red Hat
kernel: wifi: iwlwifi: fix a memory corruption
vendor_redhat·2024-02-29·CVSS 7.8
CVE-2024-26610 [HIGH] CWE-680 kernel: wifi: iwlwifi: fix a memory corruption
kernel: wifi: iwlwifi: fix a memory corruption
In the Linux kernel, the following vulnerability has been resolved:
wifi: iwlwifi: fix a memory corruption
iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that
if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in
bytes, we'll write past the buffer.
A memory corruption flaw was found in the Linux kernel Intel Wireless WiFi Next Gen AGN module. This issue could allow a local user to crash the system.
Statement: Red Hat Enterprise Linux 9 is not affected by this vulnerability.
Mitigation: To mitigate this issue, prevent the iwlwifi module from being loaded. Please see https://access.redhat.com/solutions/41278 for how to blacklist a kernel module to prevent it from loading automatically.
Package: kernel (R
Suricata
ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)
suricata·2022-04-26·CVSS 7.5
CVE-2022-21449 [HIGH] ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)
ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)
Rule: alert tls $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT [ConnectWise CRU] Java ECDSA (Psychic) TLS Signature (CVE-2022-21449)"; flow:established,to_client; tls.certs; content:"|04 03 00 08 30 06 02 01 00 02 01 00|"; tag:session,5,packets; reference:url,github.com/thack1/CVE-2022-21449; reference:cve,2022-21449; classtype:targeted-activity; sid:2036377; rev:3; metadata:created_at 2022_04_26, cve CVE_2022_21449, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_04_25;)
Suricata
ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023
suricata·2020-06-11·CVSS 8.8
CVE-2018-13023 [HIGH] ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023
ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET EXPLOIT Mi Router 3 Remote Code Execution CVE-2018-13023"; flow:established,to_server; http.method; content:"GET"; http.uri; content:"/cgi-bin/luci/|3b|stok="; fast_pattern; content:"&sns=sns&grant=1&guest_user_id=guid&timeout="; distance:0; reference:url,blog.securityevaluators.com/show-mi-the-vulns-exploiting-command-injection-in-mi-router-3-55c6bcb48f09; reference:cve,2018-13023; classtype:attempted-admin; sid:2030311; rev:3; metadata:affected_product Linux, attack_target IoT, created_at 2020_06_11, cve CVE_2018_13023, deployment Perimeter, confidence High, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2024_03_07, mitre_tactic_id
Suricata
ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound
suricata·2019-06-11·CVSS 9.8
CVE-2018-11138 [CRITICAL] ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound
ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound
Rule: alert http $EXTERNAL_NET any -> $HTTP_SERVERS any (msg:"ET EXPLOIT Dell KACE Attempted Remote Command Injection Inbound"; flow:established,to_server; http.method; content:"POST"; http.uri; content:"/krashrpt.php"; fast_pattern; endswith; http.request_body; content:"kuid=|60|"; startswith; reference:url,unit42.paloaltonetworks.com/new-mirai-variant-adds-8-new-exploits-targets-additional-iot-devices/; reference:cve,CVE-2018-11138; classtype:attempted-admin; sid:2027457; rev:5; metadata:attack_target IoT, created_at 2019_06_11, deployment Perimeter, performance_impact Low, signature_severity Major, tag CISA_KEV, updated_at 2024_04_13, mitre_tactic_id TA0008, mitre_tactic_name Lateral_Movement, mitre_technique_id T1210, mit
No public exploits indexed.
Bugzilla
CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
bugzilla·2024-09-23·CVSS 5.3
CVE-2024-47176 [MEDIUM] CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
CVE-2024-47176 cups-browsed: cups-browsed binds on UDP INADDR_ANY:631 trusting any packet from any source
The `cups-browsed` component is responsible for discovering printers on a network and adding them to the system. In order to do so, the service uses two distinct protocols. For the first one, the service binds on all interfaces on UDP port 631 and accepts a custom packet from any untrusted source. This is exploitable from outside the LAN if the computer is exposed on the public internet. The service also listens for DNS-SD / mDNS advertisements trough AVAHI. n both cases, when a printer is discovered by either the UDP packet or mDNS, its IPP or IPPS url is automatically contacted by cups-browsed and a `Get-Printer-Attributes` request is sent to it. Among other things, this leaks its k
Bleepingcomputer
Windows Kernel bug fixed last month exploited as zero-day since August
blogs_bleepingcomputer·2024-03-02·CVSS 7.8
[HIGH] Windows Kernel bug fixed last month exploited as zero-day since August
## Windows Kernel bug fixed last month exploited as zero-day since August
## Sergiu Gatlan
Microsoft explains that successful exploitation enables local attackers to gain SYSTEM privileges in low-complexity attacks that don't require user interaction.
"To exploit this vulnerability, an attacker would first have to log on to the system. An attacker could then run a specially crafted application that could exploit the vulnerability and take control of an affected system," Redmond says .
The company patched the vulnerability on February 13 and updated the advisory on Wednesday, February 28, to confirm that CVE-2024-21338 had been exploited in the wild, but it didn't disclose any details regarding the attacks.
## Patched six months after initial report
However, Avast told BleepingCompute
https://plugins.trac.wordpress.org/browser/folders/tags/3.0/includes/media.replace.php#L1311https://www.wordfence.com/threat-intel/vulnerabilities/id/fa1d953f-6a5c-46af-a1a5-2c4f90da679a?source=cvehttps://plugins.trac.wordpress.org/browser/folders/tags/3.0/includes/media.replace.php#L1311https://www.wordfence.com/threat-intel/vulnerabilities/id/fa1d953f-6a5c-46af-a1a5-2c4f90da679a?source=cve
2024-06-14
Published