NVD disclosure day

Published threat advisories for September 4, 2024

CVE advisoryKnown Exploit

CVE-2024-20439

Cisco Smart Licensing Utility: Administrative Access Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An unauthenticated, remote attacker can gain administrative access to the Cisco Smart Licensing Utility by using a static, undocumented credential. This grants the attacker control over the application's API, posing a business risk to organizations using the affected utility. <tool_code print(google_search.search(queri

NVD published: • CISA KEV
CVE advisoryCRITICAL

CVE-2024-7078

SQL Injection Vulnerability in Semtek Sempos Affects Data Integrity.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Semtek Sempos software may allow attackers to inject malicious SQL commands, potentially leading to unauthorized access to or modification of business data. This poses a risk to data integrity and confidentiality. Organizations using the affected software should prioritize mitigation efforts.

NVD published:

CVE advisoryCRITICAL

CVE-2024-7076

SQL Injection Vulnerability in Semtek Sempos Allows Unauthorized Data Access.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A SQL injection vulnerability in Semtek Sempos enables attackers to access and alter sensitive business data, potentially disrupting operations. This impacts organizations using the affected software, risking data integrity and system availability. The business risk is substantial due to the potential for unauthorized

NVD published: