New assessment for topic: CVE-2024-22026

Topic description: "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem ..."

"CVE-2024-22026 is a local privilege escalation vulnerability in Ivanti EPMM (formerly MobileIron) server versions prior to 12.1.0.0, 12.0.0.0, and 11.12.0.1 ..."

Link: https://attackerkb.com/assessments/7f7b046e-eae8-4ef0-940e-eb49334c203e

New assessment for topic: CVE-2023-50386

Topic description: "Improper Control of Dynamically-Managed Code Resources, Unrestricted Upload of File with Dangerous Type, Inclusion of Functionality from Untrusted Control Sphere vulnerability in Apache Solr.This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.4.1. ..."

"Rapid7 pen testers have noted they have encountered vulnerable versions of this software on engagements ..."

Link: https://attackerkb.com/assessments/4a8895bf-6532-45bf-bdbb-fea7a9705d34

New assessment for topic: CVE-2024-21793

Topic description: " ..."

"An unauthenticated attacker can exploit this vulnerability to execute malicious SQL statements through the BIG-IP NEXT Central Manager API (URI). ..."

Link: https://attackerkb.com/assessments/90432b58-a844-4901-94ba-16109b65f110

New assessment for topic: CVE-2024-26026

Topic description: " ..."

"BIG-IP Next is “a completely new incarnation” of F5’s BIG-IP devices/modules, which are used for managing and inspecting network and application traffic ..."

Link: https://attackerkb.com/assessments/a5768ee9-8573-4b48-8ad0-b0a97df0458c

New assessment for topic: CVE-2024-4215

Topic description: "pgAdmin <= 8.5 is affected by a multi-factor authentication bypass vulnerability ..."

"pgAdmin is vulnerable to a multi-factor authentication bypass ([CWE-287](https://cwe.mitre.org/data/definitions/287.html)) whereby an attacker with knowledge of an account’s credentials can manage files and make SQL queries regardless of whether or not the account has been configured with MFA ..."

Link: https://attackerkb.com/assessments/40f2eb9e-ea23-4efe-8af8-87efff9250d7

New assessment for topic: CVE-2024-2044

Topic description: "pgAdmin <= 8.3 is affected by a path-traversal vulnerability while deserializing users’ sessions in the session handling code ..."

"pgAdmin versions <=8.3 are vulnerable to a path traversal vulnerability in the session handling logic ..."

Link: https://attackerkb.com/assessments/010cd2a6-6916-4678-a313-7fe079646dfc

It seems the www. subdomain of AttackerKB is gone, changed the script to generate links accordingly.

Sorry for the inconvenience!

New assessment for topic: CVE-2024-4040

Topic description: "A server side template injection vulnerability in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows unauthenticated remote attackers to read files from the filesystem outside of the VFS Sandbox, bypass authentication to gain administrative access, and perform remote code execution on the server. ..."

"CVE-2024-4040 was discovered by Simon Garrelou, of Airbus CERT, and it's a server-side template injection vulnerability for the CrushFTP managed file transfer suite ..."

Link: https://www.attackerkb.com/assessments/3e0e1e02-fd8f-4036-a085-1348c36a62f8

New Rapid7 Analysis on AttackerKB topic: CVE-2024-4040

"On Friday, April 19, 2024, managed file transfer vendor CrushFTP [released information](https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/) to a private mailing list on a new zero-day vulnerability affecting CrushFTP versions below 10.7.1 and 11.1.0 (as well as legacy 9.x versions) across all platforms ..."

Link: https://www.attackerkb.com/topics/46707820-42d9-44a3-a84a-7f8465055536