Category: Bulletins

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme — xstore Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info abdul_hakeem — build_app_online Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. 2024-04-25 9.8 CVE-2023-51478audit@patchstack.com…

Read more →

High Vulnerabilities  PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 10web — slider_by_10web  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web:…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — adobe_commerce  Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution…

Read more →

High Vulnerabilities   PrimaryVendor — Product Description Published CVSS Score Source & Patch Info acowebs — pdf_invoices_and_packing_slips_for_woocommerce  Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce:…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info N/A — N/A   Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info academylms — academy_lms_-_elearning_and_online_course_solution_for_wordpress   The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acowebs — pdf_invoices_and_packing_slips_for_woocommerce   The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info progress — openedge   In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication…

Read more →

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info agronholm — cbor2 cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info wp_swings — coupon_referral_program   Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program. This issue affects Coupon Referral Program: from n/a through 1.7.2.…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info allegro_ai — clearml Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access,…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 60indexpage_project — 60indexpage A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 60indexpage — 60indexpage   A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php…

Read more →

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info argoproj — argo-cd Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abocms — abo.cms SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. 2024-01-06…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 7-card — fakabao A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info awslabs — sandbox-accounts-for-events “Sandbox Accounts for Events” provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 52north — 52north_wps An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — cyber_protect_home_office Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. 2023-12-12…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info arm — bifrost_gpu_kernel_driver Use After Free vulnerability in Arm Ltd Bifrost GPU Kernel Driver, Arm Ltd Valhall GPU Kernel Driver, Arm Ltd Arm 5th Gen GPU…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info apache — dolphinscheduler Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler. The information exposed to unauthorized actors may include sensitive data such…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info adobe — after_effects Adobe After Effects version 24.0.2 (and earlier) and 23.6 (and earlier) are affected by an out-of-bounds read vulnerability when parsing a crafted…

Read more →

 High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info checkpoint — endpoint_security Local attacker can escalate privileges on affected installations of Check Point Harmony Endpoint/ZoneAlarm Extreme Security. An attacker must first obtain the ability to…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 1e — platform The 1E-Exchange-URLResponseTime instruction that is part of the Network product pack available on the 1E Exchange does not properly validate the URL…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info contec — solarview_compact_firmware An issue in Contec SolarView Compact v.6.0 and before allows an attacker to execute arbitrary code via the texteditor.php component. 2023-10-27 9.8…

Read more →

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info projectworlds_pvt._limited — online_art_gallery   Online Art Gallery v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The ‘fnm’ parameter of the header.php resource does not…

Read more →