CVE-2024-7437
published 2024-08-03CVE-2024-7437: A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file…
PriorityP425medium4.3CVSS 3.1
AVNACLPRLUINSUCNILAN
EPSS
0.44%
35.3th percentile
A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. Affected is an unknown function of the file /index.php?action=profile;u=2;area=showalerts;do=remove of the component Delete User Handler. The manipulation of the argument aid leads to improper control of resource identifiers. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| simplemachines | simple_machines_forum | — | — |
| simplemachines | smf | — | — |
CVSS provenance
nvdv3.14.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
nvdv4.05.3MEDIUMCVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:N/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
arXiv
BACFuzz: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications
arxiv_fulltext·2025-07-21
BACFuzz: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications
: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications
I Putu Arya Dharmaadi
University of Groningen
Groningen
Netherlands
[email protected]
Mohannad Alhanahnah
Chalmers University
Gothenburg
Sweden
[email protected]
Van-Thuan Pham
The University of Melbourne
Melbourne
Australia
[email protected]
Fadi Mohsen
University of Groningen
Groningen
Netherlands
[email protected]
Fatih Turkmen
University of Groningen
Groningen
Netherlands
[email protected]
Dharmaadi et al.
## Abstract
Broken Access Control (BAC) remains one of the most critical and widespread vulnerabilities in web applications, allowing attackers to access unauthorized resources or perform privileged actions. Despite its severity, BAC is underexplored in au
Bugzilla
CVE-2024-52616 avahi: Avahi Wide-Area DNS Predictable Transaction IDs
bugzilla·2024-11-15·CVSS 5.3
CVE-2024-52616 [MEDIUM] CVE-2024-52616 avahi: Avahi Wide-Area DNS Predictable Transaction IDs
CVE-2024-52616 avahi: Avahi Wide-Area DNS Predictable Transaction IDs
The sequential increment of DNS transaction IDs makes Avahi vulnerable to DNS spoofing, allowing attackers to inject malicious DNS records. This can compromise the integrity of DNS responses, redirecting users to potentially harmful domains. This vulnerability poses a greater risk as it directly undermines the integrity of DNS resolution, affecting all systems using Avahi for wide-area DNS queries unless mitigations are applied.
Discussion:
This issue has been addressed in the following products:
Red Hat Enterprise Linux 9
Via RHSA-2025:7437 https://access.redhat.com/errata/RHSA-2025:7437
2024-08-03
Published