CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-12687 – Insecure YAML Deserialization
https://notcve.org/view.php?id=CVE-2024-12687
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes. This issue affects PlexTrac: from 1.61.3 before 2.8.1. • https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11839 – Insecure Deserialization via Runbooks Imports
https://notcve.org/view.php?id=CVE-2024-11839
Deserialization of Untrusted Data vulnerability in PlexTrac (Runbooks modules) which allows Object Injection and arbitrary file writes.This issue affects PlexTrac: from 1.61.3 before 2.8.1. • https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11838 – Local File Inclusion
https://notcve.org/view.php?id=CVE-2024-11838
External Control of File Name or Path vulnerability in PlexTrac allows Local Code Inclusion through use of an undocumented API endpoint.This issue affects PlexTrac: from 1.61.3 before 2.8.1. • https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0 • CWE-73: External Control of File Name or Path •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11837 – N1QL Injection
https://notcve.org/view.php?id=CVE-2024-11837
Improper Neutralization of Special Elements used in an N1QL Command ('N1QL Injection') vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1. • https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 8.6EPSS: 0%CPEs: 1EXPL: 0CVE-2024-11836 – Server-side Request Forgery
https://notcve.org/view.php?id=CVE-2024-11836
Server-Side Request Forgery (SSRF) vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1. • https://docs.plextrac.com/plextrac-documentation/master/security-advisories#release-2.11.0 • CWE-918: Server-Side Request Forgery (SSRF) •