In Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a high severity vulnerability CVE-2024-34108 was detected. This improper input validation vulnerability allows attackers to execute arbitrary code within the context of the current user. Although no user interaction is required for exploitation, admin privileges are needed, and the scope of the attack is changed. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34108.
Read more E-commerceIn Magento versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier a critical severity vulnerability CVE-2024-34107 was detected. This vulnerability relates to improper access control and allows attackers to bypass security measures and view minor unauthorized information. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34107.
Read more E-commerceIn Joomla versions 3.0.0 to 3.10.15, 4.0.0 to 4.4.5, and 5.0.0 to 5.1.1 a medium severity vulnerability CVE-2024-21731 was detected. This vulnerability allows attackers to embed harmful scripts that can run within a user’s web browser, posing significant security risks. To fix this problem, users should upgrade Joomla to versions 3.10.16, 4.4.6, and 5.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21731.
In Joomla versions 4.0.0 to 4.4.5 and 5.0.0 to 5.1.1 a medium severity vulnerability CVE-2024-21730 was detected. This vulnerability allows attackers to inject malicious scripts that would be executed in the user’s browser, posing a security risk. To fix this problem, users should upgrade Joomla to versions 4.4.6 and 5.1.2. For more details, https://avd.aquasec.com/nvd/2024/cve-2024-21730.
Read more CMSIn Magento versions before 20.10.1 a medium severity vulnerability CVE-2024-41676 was detected. This vulnerability allows attackers to view sensitive files in GitLab. To fix this problem, users should upgrade Magento to version 20.10.1 or higher. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41676.
Read more E-commerceIn all WooCommerce versions up to, and including 3.5.1 a medium severity vulnerability CVE-2024-6458 was detected. Attackers with basic access can change post titles without permission. This can also lead to harmful scripts being saved, which can affect admins who view these posts. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-6458.
Read more E-commerceIn Magento versions prior to 20.10.1 a medium severity vulnerability CVE-2024-41676 was detected. There is a security issue where admins can accidentally add harmful code in these settings: design/header/welcome, design/header/logo_src, design/header/logo_src_small, and design/header/logo_alt. These settings allow text or image URLs but may unintentionally include dangerous code. This issue is fixed in version 20.10.1 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-41676.
Read more E-commerceIn Dolibarr ERP CRM versions before 19.0.2-php8.2 a high severity vulnerability CVE-2024-40137 was detected. A vulnerability in the Computed field parameter of the Users Module Setup in Dolibarr ERP CRM allows remote code execution. This issue is fixed in versions 19.0.2-php8.2 and later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-40137.
In Joomla versions 3.0.0-3.10.15-elts, 4.0.0-4.4.5, 5.0.0-5.1.1 a low severity vulnerability CVE-2024-26279 was detected. This vulnerability allows attackers to access sensitive data via cross-scripting. There is no fix to this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-26279/.
Read more CMS