Threat Advisories - NVD Disclosed September 27, 2024

CVE-2024-3373

Website Template SQL Injection Vulnerability.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in a website template may allow attackers to inject malicious SQL commands, potentially leading to unauthorized access to or manipulation of data. This impacts organizations using the affected template by posing a risk to sensitive information.

NVD published: September 27, 2024

CVE advisoryCRITICAL

CVE-2024-8644

Oceanic Software ValeApp Sensitive Data Exposure

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Oceanic Software ValeApp affects how sensitive data is stored in cookies. This could allow unauthorized access to user accounts and sensitive application data. The realistic business risk includes potential data compromise and unauthorized access to company resources.

NVD published: September 27, 2024

CVE advisoryCRITICAL

CVE-2024-8643

Oceanic Software ValeApp Session Fixation Vulnerability

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A session fixation vulnerability in Oceanic Software ValeApp allows attackers to hijack user sessions. This impacts affected organizations by potentially compromising sensitive data and disrupting operations through unauthorized access. The realistic business risk includes data breaches and unauthorized system control.

NVD published: September 27, 2024