Tag: Bulletins

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 10Web Form Builder Team–Form Maker by 10Web  Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10web–Slider by 10Web Responsive Image Slider  The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Apache Software Foundation–Apache SeaTunnel Web  Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 202ecommerce–paypal  In the module “PayPal Official” for PrestaShop 7+ releases prior to version 6.4.2 and for PrestaShop 1.6 releases prior to version 3.18.1, a malicious customer can…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 1Panel-dev–1Panel  1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts.…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 1Panel-dev–1Panel  1Panel is a web-based linux server management control panel. 1Panel contains an unspecified sql injection via User-Agent handling. This issue has been addressed in version 1.10.12-lts.…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Adobe–Bridge  Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Adobe–Bridge  Bridge versions 14.0.4, 13.0.7, 14.1 and earlier are affected by an Integer Overflow or Wraparound vulnerability that could result in arbitrary code execution in the context…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 2code — wpqa_builder  The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 2code — wpqa_builder  The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info access_management_specialist_project — access_management_specialist  An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. 2024-06-24 7.5 CVE-2024-37677cve@mitre.org…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 3uu–Shariff Wrapper  The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info actpro — extra_product_options_for_woocommerce  Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. 2024-06-10 8.8 CVE-2024-35727audit@patchstack.com…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme–XStore Core  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core:…

Read more →

< div id=”high_v”>   High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info ASKEY–5G NR Small Cell  ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info ASUS–ExpertWiFi  ASUS routers supporting custom OpenVPN profiles are vulnerable to a code execution vulnerability. An authenticated and remote attacker can execute arbitrary operating system commands by uploading…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme–XStore Core  Improper Privilege Management vulnerability in 8theme XStore Core allows Privilege Escalation.This issue affects XStore Core: from n/a through 5.3.8. 2024-05-17 9.8 CVE-2024-33552audit@patchstack.com 8theme–XStore Core  Unrestricted…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info academy_lms — academy_lms Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. 2024-05-06 7.1 CVE-2024-33912audit@patchstack.com brevo_for_woocommerce — sendinblue_for_woocommerce Improper Limitation of a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info academy_lms — academy_lms Missing Authorization vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 1.9.16. 2024-05-06 7.1 CVE-2024-33912audit@patchstack.com brevo_for_woocommerce — sendinblue_for_woocommerce Improper Limitation of a…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme — xstore Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) vulnerability in 8theme XStore allows SQL Injection.This issue affects XStore: from n/a…

Read more →