Tag: Bulletins

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a — n/a   The Vayu Blocks – Gutenberg Blocks for WordPress & WooCommerce plugin for WordPress is vulnerable to unauthorized arbitrary plugin installation and activation due to a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description8 Published CVSS Score Source Info SailPoint Technologies–IdentityIQ  IdentityIQ 8.4 and all 8.4 patch levels prior to 8.4p2, IdentityIQ 8.3 and all 8.3 patch levels prior to 8.3p5, IdentityIQ 8.2 and all 8.2 patch levels…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Beauty Parlour Management System  A vulnerability, which was classified as critical, has been found in 1000 Projects Beauty Parlour Management System 1.0. This issue affects some unknown processing…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info acnoo — flutter_api  Authentication Bypass Using an Alternate Path or Channel vulnerability in Acnoo Acnoo Flutter API allows Authentication Bypass.This issue affects Acnoo Flutter API: from n/a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Admin–Verbalize WP  Unrestricted Upload of File with Dangerous Type vulnerability in Admin Verbalize WP Upload a Web Shell to a Web Server.This issue affects Verbalize WP: from…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Acespritech Solutions Pvt. Ltd.–Social Link Groups  Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in Acespritech Solutions Pvt. Ltd. Social Link Groups…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info adobe — animate  Animate versions 23.0.7, 24.0.4 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result in arbitrary code execution in the context…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info n/a–n/a  An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE  A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info CIRCUTOR–CIRCUTOR Q-SMT  CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Siemens–Industrial Edge Management Pro  A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info abcd-community — abcd  A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Adobe–Acrobat Reader  Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Liquid Web–GiveWP  Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. 2024-08-19 10 CVE-2024-37099 audit@patchstack.com  webdevmattcrom–GiveWP Donation…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 10Web Form Builder Team–Form Maker by 10Web  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10web–Slider by 10Web Responsive Image Slider  The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Apache Software Foundation–Apache SeaTunnel Web  Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 202ecommerce–paypal  In the module “PayPal Official” for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 1Panel-dev–1Panel  1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts.…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Adobe–Bridge  Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 2code — wpqa_builder  The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info access_management_specialist_project — access_management_specialist  An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. 2024-06-24 7.5 CVE-2024-37677cve@mitre.org…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 3uu–Shariff Wrapper  The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info actpro — extra_product_options_for_woocommerce  Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. 2024-06-10 8.8 CVE-2024-35727audit@patchstack.com…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme–XStore Core  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core:…

Read more →

< div id=”high_v”>   High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info ASKEY–5G NR Small Cell  ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info ASUS–ExpertWiFi  ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme–XStore Core  Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. 2024-05-17 9.8 CVE-2024-33552audit@patchstack.com 8theme–XStore Core  Unrestricted…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info academy_lms — academy_lms Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. 2024-05-06 7.1 CVE-2024-33912audit@patchstack.com brevo_for_woocommerce — sendinblue_for_woocommerce Improper Limitation of a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme — xstore Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info abdul_hakeem — build_app_online Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. 2024-04-25 9.8 CVE-2023-51478audit@patchstack.com…

Read more →

High Vulnerabilities  PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 10web — slider_by_10web  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web:…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — adobe_commerce  Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution…

Read more →

High Vulnerabilities   PrimaryVendor — Product Description Published CVSS Score Source & Patch Info acowebs — pdf_invoices_and_packing_slips_for_woocommerce  Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce:…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info N/A — N/A   Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info academylms — academy_lms_-_elearning_and_online_course_solution_for_wordpress   The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acowebs — pdf_invoices_and_packing_slips_for_woocommerce   The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info progress — openedge   In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication…

Read more →

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info agronholm — cbor2 cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info wp_swings — coupon_referral_program   Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program. This issue affects Coupon Referral Program: from n/a through 1.7.2.…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info allegro_ai — clearml Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access,…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 60indexpage_project — 60indexpage A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 60indexpage — 60indexpage   A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php…

Read more →

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info argoproj — argo-cd Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15…

Read more →

&#xA0; High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abocms — abo.cms SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. 2024-01-06…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 7-card — fakabao A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info awslabs — sandbox-accounts-for-events “Sandbox Accounts for Events” provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 52north — 52north_wps An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — cyber_protect_home_office Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. 2023-12-12…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info arm — bifrost_gpu_kernel_driver Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info checkpoint — endpoint_security Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 1e — platform The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info contec — solarview_compact_firmware An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. 2023-10-27 9.8…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info projectworlds_pvt._limited — online_art_gallery   Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘fnm’ parameter of the header.php resource does not…

Read more →