Tag: Bulletins

Vulnerability Summary for the Week of April 22, 2024

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info abdul_hakeem — build_app_online Improper Authentication vulnerability in Abdul Hakeem Build App Online allows Privilege Escalation.This issue affects Build App Online: from n/a through 1.0.19. 2024-04-25 9.8 CVE-2023-51478audit@patchstack.com…

Vulnerability Summary for the Week of April 15, 2024

High Vulnerabilities  PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 10web — slider_by_10web  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in 10Web Slider by 10Web allows Reflected XSS.This issue affects Slider by 10Web:…

Vulnerability Summary for the Week of April 8, 2024

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info adobe — adobe_commerce  Adobe Commerce versions 2.4.6-p4, 2.4.5-p6, 2.4.4-p7, 2.4.7-beta3 and earlier are affected by an Improper Input Validation vulnerability that could result in arbitrary code execution…

Vulnerability Summary for the Week of April 1, 2024

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info abb — symphony_plus_s+_operations  ABB has internally identified a vulnerability in the ABB VPNI feature of the S+ Control API component which may be used by several Symphony…

Vulnerability Summary for the Week of March 25, 2024

High Vulnerabilities   PrimaryVendor — Product Description Published CVSS Score Source & Patch Info acowebs — pdf_invoices_and_packing_slips_for_woocommerce  Deserialization of Untrusted Data vulnerability in Acowebs PDF Invoices and Packing Slips For WooCommerce.This issue affects PDF Invoices and Packing Slips For WooCommerce:…

Vulnerability Summary for the Week of March 18, 2024

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info N/A — N/A   Directory Traversal vulnerability in Devan-Kerman ARRP v.0.8.1 and before allows a remote attacker to execute arbitrary code via the dumpDirect in…

Vulnerability Summary for the Week of March 11, 2024

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info academylms — academy_lms_-_elearning_and_online_course_solution_for_wordpress   The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to privilege escalation in all…

Vulnerability Summary for the Week of March 4, 2024

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info acowebs — pdf_invoices_and_packing_slips_for_woocommerce   The PDF Invoices and Packing Slips For WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up…

Vulnerability Summary for the Week of February 26, 2024

  High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info progress — openedge   In OpenEdge Authentication Gateway and AdminServer prior to 11.7.19, 12.2.14, 12.8.1 on all platforms supported by the OpenEdge product, an authentication…

Vulnerability Summary for the Week of February 19, 2024

High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info agronholm — cbor2 cbor2 provides encoding and decoding for the Concise Binary Object Representation (CBOR) (RFC 8949) serialization format. Starting in version 5.5.1 and prior to…