In Ghost versions from 4.46.0 before 5.89.4 a medium severity vulnerability CVE-2024-43409 was detected. This vulnerability allows attackers to access member-only information and perform actions meant for registered users, potentially exposing personal data. To fix this problem, users should upgrade Ghost to version 5.89.5. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-43409.
Read more CMS
In Joomla! CMS versions 4.0.0-4.4.6, 5.0.0-5.1.2 a high severity vulnerability CVE-2024-27187 was detected. Improper access controls allow backend users to overwrite their usernames, even when this action is disallowed. To fix this vulnerability, users need to upgrade to version 4.4.7 or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-27187.
Read more CMS
In Grafana versions 11.1.0, 11.1.2 a medium severity vulnerability CVE-2024-27186 was detected. This vulnerability allows attackers to bypass access control for plugin data sources protected by the ReqActions json field in the plugin.json file. To fix the issue, users must upgrade Grafana to versions 11.1.1 or 11.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-6322.
Read more Data Analytics
In Joomla versions 4.0.0-4.4.6 and 5.0.0-5.1.2 a medium severity vulnerability CVE-2024-6322 was detected. This vulnerability allows attackers to inject malicious scripts into web pages viewed by other users. To fix the issue, users must upgrade Joomla to version 4.4.7 or 5.1.3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-27186.
Read more CMS
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier a high severity vulnerability CVE-2024-39406 was detected. This vulnerability allows attackers to perform Path Traversal, potentially leading to arbitrary file system read. To address this issue, it is recommended to apply the latest security patches. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39406.
Read more E-commerce
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier a critical severity vulnerability CVE-2024-39397 was detected. This vulnerability allows attackers to execute arbitrary code by uploading a malicious file, which can then be executed on the server. To address this issue, users must apply the latest security updates. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39397.
In WordPress File Upload plugin for WordPress, all versions up to and including 4.24.8 a high severity vulnerability CVE-2024-7301 was detected. The issue allows unauthenticated attackers to inject arbitrary web scripts into SVG files due to insufficient input sanitization and output escaping, leading to script execution whenever a user accesses the file. Currently, there is no fix version for this issue. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-7301.
Read more Supply Chain Management (SCM)
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a medium severity vulnerability CVE-2024-39410 was detected. This vulnerability allows attackers to perform unauthorized actions on behalf of a user by tricking them into interacting with a malicious request. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, and 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39410.
Read more E-commerce
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a high severity vulnerability CVE-2024-39401 was detected. This vulnerability lets an admin attacker accidentally run harmful commands on the system due to how special input elements are handled, needing user interaction to trigger the problem. To fix this issue, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39401.
Read more E-commerce