In Joomla versions 4.0.0 to 4.4.5 and 5.0.0 to 5.1.1 a medium severity vulnerability CVE-2024-21729 was detected. This vulnerability allows attackers to execute cross-site scripting (XSS) attacks due to inadequate input validation in the accessiblemedia field. To address this issue, it is recommended to update to Joomla version 4.4.6 or 5.1.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-21729.
Read more CMS
In Nextcloud Server versions 25.0.0 to 25.0.6 and 26.0.0 to 26.0.1 a low severity vulnerability CVE-2024-37314 was detected in the Nextcloud Photos app. This vulnerability allows users to remove photos from the albums of registered users. To address this issue, it is recommended to upgrade to Nextcloud Server version 25.0.7 or 26.0.2 and Nextcloud Enterprise Server version 25.0.7 or 26.0.2. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37314.
Read more Storage
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8 and 2.4.4-p9 a medium severity vulnerability CVE-2024-39415 was detected. This vulnerability allows attackers to bypass security features and access minor information without user interaction. To fix this problem, users should upgrade Magento to versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9 and 2.4.4-p10. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39415.
Read more E-commerce
In Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39419 was detected. This problem allows someone with limited access to bypass security protections and make small changes without permission. It can be exploited without any user action. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39419.
Read more E-commerce
In Magento Open Source 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, and 2.4.4-p9 a medium severity vulnerability CVE-2024-39418 was detected. This vulnerability allows attackers to bypass security measures and gain unauthorized access to view and edit low-sensitivity information without needing any user interaction. To fix this problem, users should upgrade Magento Open Source to versions 2.4.7-p2 for 2.4.7-p1 and earlier, 2.4.6-p7 for 2.4.6-p6 and earlier, 2.4.5-p9 for 2.4.5-p8 and earlier, and 2.4.4-p10 for 2.4.4-p9 and earlier. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39418.
Read more E-commerce
In Magento Open Source versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39417 was detected. This vulnerability allows low-privileged attackers to bypass security features and access minor information without user interaction. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39417.
Read more E-commerce
In Magento versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9, and earlier a medium severity vulnerability CVE-2024-39416 was detected. This vulnerability allows low-privileged attackers to bypass security features and disclose minor information without requiring user interaction. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39416.
Read more E-commerce
In NGINX Plus versions R30 to R32 using the MQTT pre-read module a high severity vulnerability CVE-2024-39792 was detected. This vulnerability allows attackers to increase memory resource utilization through undisclosed requests. To address this issue users should upgrade NGINX Plus to versions R32 P1 or R31 P3. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2024-39792.
Read more Application Development
In Apache Airflow versions 1.10.11 and later a critical severity vulnerability CVE-2020-13927 was detected. This vulnerability allowed API requests to be made without authentication, posing significant security risks. To fix this issue, existing users need to update their configuration to [api]auth_backend = airflow.api.auth.backend.deny_all. For more details, visit https://nvd.nist.gov/vuln/detail/CVE-2020-13927.