In Elasticsearch a medium severity vulnerability CVE-2024-37280 was detected. This vulnerability allows attackers to cause a Denial of Service of the platform. There is no solution for this yet. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-37280/.
Read more Data Analytics
In PrestaShop version 8.1.5 a medium severity vulnerability CVE-2024-34717 was detected. A flaw in the invoice system lets anyone access private invoices by tweaking the URL with a random secure key. This risks data breaches and financial discrepancies. To address this issue, users should upgrade PrestaShop to versions 8.1.6. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34717.
Read more E-commerce
In NocoDB version starting from 0.202.6 and prior to version 0.202.10 a medium severity vulnerability CVE-2023-50717 was detected. Attackers can upload harmful HTML files, causing a cross-site scripting attack when opened in a browser. This allowed attackers to run JavaScript in the user’s context, possibly performing actions or stealing information. To fix this issue, users should upgrade to version 0.202.10. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-50717.
Read more Database
In PrestaShop version 8.1.5 a medium severity vulnerability CVE-2024-34717 was detected. This vulnerability allows any invoice to be downloaded anonymously by using a random secure_key in the URL. This issue is fixed in version 8.1.6, and no workarounds are known. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-34717.
Read more E-commerce
In WooCommerce a medium severity vulnerability CVE-2024-35634 was detected. This vulnerability allows attackers to include local PHP files by using recent purchases. There is no solution to this yet. For more details, visit https://www.cvedetails.com/cve/CVE-2024-35634/.
Read more Security
In Vault a low severity vulnerability CVE-2024-5798 was detected. This vulnerability allows attackers to log in to the system with the wrong credentials. To address this issue, users need to update to Vault and Vault Enterprise 1.17.0, 1.16.3, and 1.15.9. For more details, visit https://www.cvedetails.com/cve/CVE-2024-5798/.
Read more E-commerce
In Harbor low severity vulnerability CVE-2024-22261 was detected. This vulnerability allows attackers to leak the task IDs. There is no solution to it yet. For more details, visit Read more
Developer Tools
In NocoDB versions 0.202.9 and prior a medium severity vulnerability CVE-2023-50718 was detected. This vulnerability allows attackers with created access to attack the database. To address this issue, users need to update to version 0.202.10. For more details, visit https://avd.aquasec.com/nvd/2023/cve-2023-50718/.
Read more Database
In Sonatype Nexus Repository versions from 3.0 to 3.68.0 a high severity vulnerability CVE-2024-4956 was detected. This flaw allows attackers to manipulate file paths, accessing files outside the restricted directory. The issue is fixed in version 3.68.1. For more details, visit https://avd.aquasec.com/nvd/2024/cve-2024-4956/.
Read more Developer Tools