High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info n/a–n/a An issue was discovered in Atos Eviden iCare 2.7.1 through 2.7.11. The application exposes a web interface locally. In the worst-case scenario, if the application is…
Category: Bulletins
Vulnerability Summary for the Week of September 23, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Dover Fueling Solutions (DFS)–ProGauge MAGLINK LX CONSOLE A specially crafted POST request to the ProGauge MAGLINK LX CONSOLE UTILITY sub-menu can allow a remote attacker to inject…
Vulnerability Summary for the Week of September 16, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info CIRCUTOR–CIRCUTOR Q-SMT CIRCUTOR Q-SMT in its firmware version 1.0.4, could be affected by a denial of service (DoS) attack if an attacker with access to the web…
Vulnerability Summary for the Week of September 9, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Siemens–Industrial Edge Management Pro A vulnerability has been identified in Industrial Edge Management Pro (All versions < V1.9.5), Industrial Edge Management Virtual (All versions < V2.3.1-1). Affected…
Vulnerability Summary for the Week of September 2, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info abcd-community — abcd A vulnerability classified as problematic has been found in ABCD ABCD2 up to 2.2.0-beta-1. This affects an unknown part of the file /common/show_image.php. The…
Vulnerability Summary for the Week of August 26, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Adobe–Acrobat Reader Acrobat Reader versions 127.0.2651.105 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the…
Vulnerability Summary for the Week of August 19, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info Liquid Web–GiveWP Deserialization of Untrusted Data vulnerability in Liquid Web GiveWP allows Object Injection.This issue affects GiveWP: from n/a through 3.14.1. 2024-08-19 10 CVE-2024-37099 audit@patchstack.com webdevmattcrom–GiveWP Donation…
Vulnerability Summary for the Week of August 12, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 10Web Form Builder Team–Form Maker by 10Web Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in 10Web Form Builder Team Form Maker…
Vulnerability Summary for the Week of August 5, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info Patch Info 10web–Slider by 10Web Responsive Image Slider The Slider by 10Web – Responsive Image Slider plugin for WordPress is vulnerable to time-based SQL Injection via the ‘id’ parameter…
Vulnerability Summary for the Week of July 29, 2024
High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info Apache Software Foundation–Apache SeaTunnel Web Web Authentication vulnerability in Apache SeaTunnel. Since the jwt key is hardcoded in the application, an attacker can forge any token to log…