In Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2 a high severity vulnerability CVE-2024-27187 was detected. Improper access controls allow backend users to overwrite their usernames, even when this action is disallowed. To fix this vulnerability, users need to upgrade to version 4.4.7 or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-27187.
Read more CMS
In Joomla versions 4.0.0-4.4.6 and 5.0.0-5.1.2 a medium severity vulnerability CVE-2024-6322 was detected. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. To fix the issue, users must upgrade Joomla to version 4.4.7 or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-27186.
Read more CMS
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier a high severity vulnerability CVE-2024-39406 was detected. This vulnerability allows attackers to perform Path Traversal, potentially leading to arbitrary file system read. To address this issue, it is recommended to apply the latest security patches. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39406.
Read more E-commerce
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier a critical severity vulnerability CVE-2024-39397 was detected. This vulnerability allows attackers to execute arbitrary code by uploading a malicious file, which can then be executed on the server. To address this issue, users must apply the latest security updates. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39397.
In WordPress File Upload plugin for WordPress, all versions up to and including 4.24.8 a high severity vulnerability CVE-2024-7301 was detected. The issue allows unauthenticated attackers to inject arbitrary web scripts into SVG files due to insufficient input sanitization and output escaping, leading to script execution whenever a user accesses the file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7301.
Read more Supply Chain Management (SCM)
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8 and 2.4.4-p9 a medium severity vulnerability CVE-2024-39415 was detected. This vulnerability allows attackers to bypass security features and access minor information without user interaction. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9 and 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39415.
Read more E-commerce
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a medium severity vulnerability CVE-2024-39410 was detected. This vulnerability allows attackers to perform unauthorized actions on behalf of a user by tricking them into interacting with a malicious request. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39410.
Read more E-commerce
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a high severity vulnerability CVE-2024-39401 was detected. This vulnerability lets an admin attacker accidentally run harmful commands on the system due to how special input elements are handled, needing user interaction to trigger the problem. To fix this issue, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39401.
Read more E-commerce
In Joomla versions 4.0.0 to 4.4.5 and 5.0.0 to 5.1.1 a medium severity vulnerability CVE-2024-21729 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) attacks due to inadequate input validation in the accessiblemedia field. To address this issue, it is recommended to update to Joomla version 4.4.6 or 5.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21729.
Read more CMS