NVD disclosure day

Published threat advisories for December 18, 2024

CVE-2024-56145

Craft CMS Remote Code Execution Advisory.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A vulnerability in Craft CMS could allow remote code execution if the `register_argc_argv` PHP setting is enabled. This could affect systems and data, posing a business risk to organizations using the platform.

NVD published: December 18, 2024 • CISA KEV

CVE advisoryKnown Exploit

CVE-2024-12686

BeyondTrust PRA/RS Command Injection Vulnerability.

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

A vulnerability in Privileged Remote Access and Remote Support allows an attacker with administrative privileges to inject commands, potentially leading to unauthorized execution as a site user. This presents a risk of system compromise and data exposure for affected organizations.

NVD published: December 18, 2024 • CISA KEV