NVD disclosure day

Published threat advisories for November 26, 2024

CVE advisoryKnown Exploit

CVE-2024-49035

Microsoft Partner Center Privilege Escalation Vulnerability

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

An improper access control vulnerability affects Microsoft Partner Center, allowing an unauthenticated attacker to gain elevated privileges over a network. This could lead to unauthorized access to sensitive data and system modifications, posing a significant business risk.

NVD published: • CISA KEV
CVE advisoryKnown Exploit

CVE-2024-11680

ProjectSend Improper Authentication Allows Configuration Changes

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An improper authentication vulnerability in ProjectSend allows unauthenticated attackers to modify application configurations. This could lead to unauthorized account creation, malicious file uploads, and JavaScript injection, impacting system integrity and data security.

NVD published: • CISA KEV