NVD disclosure day
CVE-2024-7104
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A code injection vulnerability in ww.Winsure software allows attackers to execute unauthorized code, potentially leading to data compromise and operational disruption. This affects organizations using the ww.Winsure software and puts their systems and data at risk.
CVE-2024-7098
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An XML injection flaw in SFS Consulting ww.Winsure allows unauthorized data access or system disruption. This impacts organizations by potentially exposing sensitive information or hindering operations. The business risk involves unauthorized control or data compromise.
CVE-2024-6401
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A vulnerability in InsureE GL software enables unauthorized data manipulation. This SQL injection flaw allows attackers to insert malicious commands, potentially compromising sensitive data and impacting financial reporting and system integrity. The risk to affected organizations is significant.