High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info wp_swings — coupon_referral_program Deserialization of Untrusted Data vulnerability in WP Swings Coupon Referral Program. This issue affects Coupon Referral Program: from n/a through 1.7.2.…
Tag: Bulletins
Vulnerability Summary for the Week of February 5, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info allegro_ai — clearml Lack of authentication in all versions of the fileserver component of Allegro AI’s ClearML platform allows a remote attacker to arbitrarily access,…
Vulnerability Summary for the Week of January 29, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 60indexpage_project — 60indexpage A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php…
Vulnerability Summary for the Week of January 22, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 60indexpage — 60indexpage A vulnerability classified as critical has been found in 60IndexPage up to 1.8.5. This affects an unknown part of the file /include/file.php…
Vulnerability Summary for the Week of January 15, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info argoproj — argo-cd Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The Argo CD API prior to versions 2.10-rc2, 2.9.4, 2.8.8, and 2.7.15…
Vulnerability Summary for the Week of January 8, 2024
  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info abocms — abo.cms SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. 2024-01-06…
Vulnerability Summary for the Week of January 1, 2024
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 7-card — fakabao A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality…
Vulnerability Summary for the Week of December 25, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info awslabs — sandbox-accounts-for-events “Sandbox Accounts for Events” provides multiple, temporary AWS accounts to a number of authenticated users simultaneously via a browser-based GUI. Authenticated users could…
Vulnerability Summary for the Week of December 18, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info 52north — 52north_wps An XXE (XML External Entity) vulnerability has been detected in 52North WPS affecting versions prior to 4.0.0-beta.11. This vulnerability allows the use of…
Vulnerability Summary for the Week of December 11, 2023
High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acronis — cyber_protect_home_office Local privilege escalation due to DLL hijacking vulnerability. The following products are affected: Acronis Cyber Protect Home Office (Windows) before build 40901. 2023-12-12…