In WP SHAPES plugin for WordPress versions up to and including 1.0.0 a medium severity vulnerability CVE-2024-9619 was detected. This vulnerability allows authenticated attackers with Author-level access or higher to inject arbitrary web scripts through SVG file uploads, which execute when users access the SVG file. No patched version has been officially released at this time. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-9619.
Read more CMS
In Mattermost versions 10.1.x up to10.1.2, 10.0.x up to10.0.2, 9.11.x up to 9.11.4, and 9.5.x up to 9.5.12 a medium severity vulnerability CVE-2024-48872 was detected. This vulnerability allows attackers to bypass the “Max failed attempts” restriction by sending a large number of simultaneous login requests, enabling multiple login attempts before being blocked. Currently, there is no fix version for this issue. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-48872.
Read more Communication
In Mattermost Android Mobile Apps versions 2.21.0 and prior a medium severity vulnerability CVE-2024-11358 was detected. This vulnerability allows attackers with local access to access files via file providers. To address this issue, users should upgrade to version 2.22.0. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-11358.
Read more Communication
In Metabase versions including 1.52.0 and before 1.52.2.5 a medium severity vulnerability CVE-2024-55951 was detected. This vulnerability allows sandboxed users to see field filter values from other sandboxed users. To address this issue, users should upgrade to version 1.52.2.5. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-55951.
Read more Data Analytics
In Kanboard versions prior to 1.2.43 a medium severity vulnerability CVE-2024-55603 was detected. This vulnerability allows attackers to use expired sessions as they remain valid due to improper verification of session lifetime in the database. To address this issue, users should upgrade Kanboard to version 1.2.43. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-55603.
Read more Project Management
In Elasticsearch versions starting from 8.16.0 before 8.16.2 a medium severity vulnerability CVE-2024-12539 was detected. This vulnerability allows attackers to bypass Document Level Security controls and access restricted documents due to improper authorization checks. To address this issue, users should upgrade Elasticsearch to version 8.16.2. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-12539.
Read more Data Analytics
In MinIO versions from RELEASE.2022-06-25T15-50-16Z to RELEASE.2024-12-13T22-19-12Z a critical severity vulnerability CVE-2024-55949 was found. This vulnerability allows attackers to gain higher privileges. To address this issue, users are advised to upgrade to MinIO version RELEASE.2024-12-13T22-19-12Z or later. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-55949.
In Next.js versions 9.5.5 through 14.2.14 a high severity vulnerability CVE-2024-51479 was detected. This vulnerability allows attackers to bypass authorization checks in middleware based on the pathname, potentially granting unauthorized access to pages directly under the application’s root directory. To address this issue, users should upgrade Next.js to version 14.2.15 or later. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-51479.
Read more Application Development
In the Keycloak versions before 25.0.0 and before 26.0.6 a medium severity vulnerability CVE-2024-10973 was detected. This vulnerability allows attackers on adjacent networks to access sensitive information due to unencrypted data transmission. To fix this issue, users should upgrade Keycloak to version 26.0.6 or higher. For more details, visit https://nvd.nist.gov/vuln/detail/cve-2024-10973.
Read more Security