In Dolibarr version 21.0.0-beta a medium severity vulnerability CVE-2024-55228 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Title parameter of the Product module. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55228.
Read more ERPIn WooCommerce PDF Invoices, Packing Slips, Delivery Notes, and Shipping Labels plugin versions 4.7.1 and prior a medium severity vulnerability CVE-2025-24644 was detected. This vulnerability allows attackers to execute a stored cross-site scripting (XSS) attack due to improper neutralization of input during web page generation. To address this issue, users should update the WooCommerce PDF Invoices, Packing Slips, Delivery Notes and Shipping Labels plugin to version 4.7.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24644.
Read more E-commerceIn WC Product Table WooCommerce Product Table Lite versions 3.8.7 and prior a medium severity vulnerability CVE-2025-24596 was detected. This vulnerability allows attackers to exploit incorrectly configured access control security levels, leading to unauthorized actions. To address this issue, users should upgrade WordPress WooCommerce Product Table Lite wordpress plugin to a version 3.9.0 or later. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24596.
Read more E-commerceIn Umbraco versions from 14.0.0 before 14.3.2 and from 15.0.0 before 15.1.2 a medium severity vulnerability CVE-2025-24012 was detected. This vulnerability allows attackers to exploit cross-site scripting (XSS) when viewing certain localized backoffice components. To address this issue, users should upgrade Umbraco to versions 14.3.2 or 15.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24012.
Read more CMSIn Umbraco version 14.3.1 a medium severity vulnerability CVE-2024-55488 was detected. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload, resulting in stored cross-site scripting (XSS). Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55488.
Read more CMSIn Meta Data and Taxonomies Filter plugin for WordPress versions up to and including 1.3.3.6 a medium severity vulnerability CVE-2024-13340 was detected. This vulnerability allows authenticated attackers with contributor-level access and above to inject arbitrary web scripts into pages via the ‘mdf_results_by_ajax’ shortcode, due to insufficient input sanitization and output escaping on user-supplied attributes. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-13340.
Read more CMSIn Directus versions prior to 11.2.0 a medium severity vulnerability CVE-2025-24353 was detected. This vulnerability allows attackers to exploit the item sharing feature to specify an arbitrary role, potentially escalating privileges and accessing fields that should otherwise remain hidden. To address this issue, users should upgrade Directus to version 11.2.0. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24353.
Read more CMSIn Umbraco versions 14.0.0 up to 14.3.1 and 15.0.0 up to 15.1.1 a medium severity vulnerability CVE-2025-24011 was detected. This vulnerability allows attackers to determine if an account exists by analyzing response codes and timing from the management API. To address this issue, users should upgrade Umbraco to versions 14.3.2 or 15.1.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2025-24011.
Read more CMSIn SuiteCRM version 7.12.7 a high severity vulnerability CVE-2022-45186 was detected. This vulnerability allows authenticated users to recover arbitrary fields from the database. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2022-45186.
Read more CRM