NVD disclosure day

Published threat advisories for April 22, 2024

CVE advisoryKnown Exploit

CVE-2024-4040

CrushFTP Server Side Template Injection Vulnerability Leads to Server Compromise.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A server-side template injection vulnerability in CrushFTP allows unauthenticated remote attackers to read files, bypass authentication for administrative access, and execute code on the server. This impacts organizations by exposing systems to unauthorized control and data breaches, posing a significant business risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2024-27348

Apache HugeGraph Server Remote Code Execution Vulnerability

Halo Surface Signal: 3 out of 5 — possibly public-facing.

A remote command execution flaw affects Apache HugeGraph-Server, potentially allowing unauthorized attackers to compromise systems and data. This presents a business risk of system disruption and unauthorized access to sensitive information. Organizations should assess their deployments and apply vendor-recommended upg

NVD published: • CISA KEV