In SuiteCRM versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-36416 was detected. This vulnerability allows attackers to deny service by logging too much data. To address this issue, users must upload the fix in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36416/.
Read more CRMIn SuiteCRM versions 7.14.4 and 8.6.1 a high severity vulnerability CVE-2024-36418 was detected. This vulnerability allows attackers to perform a remote code execution attack. To address this issue, users must upload the fix in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36418/.
Read more CRMIn WooCommerce 8.8 a medium severity vulnerability CVE-2024-37297 was detected. Attackers can exploit links to add harmful code that steals browser data. The Sourcebuster.js library reads and improperly inserts URL content into forms. To address this issue, users should update WooCommerce to versions 8.8.5 or 8.9.3. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37297.
Read more E-commerceIn SuiteCRM versions prior to 7.14.4 and prior to 8.6.1 a critical severity vulnerability CVE-2024-36410 was detected. Poor input validation in the EmailUIAjax messages count controller lets attackers exploit the system by inserting harmful SQL commands. This issue was resolved in versions 7.14.4 and 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36410/.
Read more CRMIn SuiteCRM version 8.6.1 a medium severity vulnerability CVE-2024-36419 was detected. This vulnerability allows attackers to simplify phishing attacks. To address this issue, users must install a patch in version 8.6.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-36419/.
Read more CRMIn Vault a low severity vulnerability CVE-2024-5798 was detected. This vulnerability allows attackers to log in to the system with the wrong credentials. To address this issue, users need to update to Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9. For more details, visit https://www.cvedetails.com/cve/CVE-2024-5798/.
Read more E-commerceIn PrestaShop version 8.1.5 a medium severity vulnerability CVE-2024-34717 was detected. A flaw in the invoice system lets anyone access private invoices by tweaking the URL with a random secure key. This risks data breaches and financial discrepancies. To address this issue, users should upgrade PrestaShop to versions 8.1.6. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34717.
Read more E-commerceIn PrestaShop version 8.1.5 a medium severity vulnerability CVE-2024-34717 was detected. This vulnerability allows any invoice to be downloaded anonymously by using a random secure_key in the URL. This issue is fixed in version 8.1.6, and no workarounds are known. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34717.
Read more E-commerceIn Ghost versions before 5.82.0 a high severity vulnerability CVE-2024-34448 was detected. This issue lets attackers add harmful data during a member CSV export. Unauthenticated users can input dangerous code into registration fields. Users should update to the latest version to fix this problem. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34448.
Read more CMS