Lucene search

K

WCFM Marketplace – Best Multivendor Marketplace For WooCommerce Security Vulnerabilities

openbugbounty
openbugbounty

idsenc.com Cross Site Scripting vulnerability OBB-3934477

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-10 06:32 PM
openbugbounty
openbugbounty

mobile-university-anmeldung.de Cross Site Scripting vulnerability OBB-3934476

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-10 06:25 PM
1
openbugbounty
openbugbounty

welcareorthodontics.com Cross Site Scripting vulnerability OBB-3934475

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-10 06:20 PM
1
cve
cve

CVE-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

EPSS

2024-06-10 06:15 PM
2
nvd
nvd

CVE-2024-36409

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

EPSS

2024-06-10 06:15 PM
1
nvd
nvd

CVE-2024-36410

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

EPSS

2024-06-10 06:15 PM
1
cve
cve

CVE-2024-36409

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

EPSS

2024-06-10 06:15 PM
2
impervablog
impervablog

Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware

Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...

10CVSS

8AI Score

EPSS

2024-06-10 06:05 PM
openbugbounty
openbugbounty

gurudascrafts.com Cross Site Scripting vulnerability OBB-3934473

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-10 05:41 PM
1
cvelist
cvelist

CVE-2024-36410 SuiteCRM authenticated SQL Injection in EmailUIAjax messages count controller

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in EmailUIAjax messages count controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

EPSS

2024-06-10 05:24 PM
2
cvelist
cvelist

CVE-2024-36409 SuiteCRM authenticated SQL Injection in TreeData entrypoint

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

EPSS

2024-06-10 05:21 PM
3
githubexploit
githubexploit

Exploit for CVE-2023-33105

CVE-2023-33105: Transient DOS in WLAN Host and Firmware...

7.5CVSS

7.3AI Score

0.0005EPSS

2024-06-10 05:20 PM
3
cve
cve

CVE-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

3.7CVSS

4.4AI Score

EPSS

2024-06-10 05:16 PM
2
nvd
nvd

CVE-2024-36408

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

EPSS

2024-06-10 05:16 PM
2
cve
cve

CVE-2024-36408

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

9.7AI Score

EPSS

2024-06-10 05:16 PM
2
nvd
nvd

CVE-2024-36407

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

3.7CVSS

EPSS

2024-06-10 05:16 PM
2
nvd
nvd

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

EPSS

2024-06-10 05:16 PM
2
cve
cve

CVE-2024-35728

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

5.5AI Score

EPSS

2024-06-10 05:16 PM
1
githubexploit
githubexploit

Exploit for CVE-2024-26229

CVE-2024-26229 CWE-781:...

7.8CVSS

7.1AI Score

0.0004EPSS

2024-06-10 05:02 PM
3
openbugbounty
openbugbounty

dahaboo.com Cross Site Scripting vulnerability OBB-3934472

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-10 04:59 PM
3
wallarmlab
wallarmlab

CVE-2024-29849: Veeam discloses Critical Vulnerability that allows attackers to bypass user authentication on its Backup Enterprise Manager web interface

On May 21, 2024, Veeam revealed a severe flaw across its Veeam Backup Enterprise Manager (VBEM) web interface that enables an unauthenticated attacker to log into the web interface as any user. Officially designated as CVE-2024-29849, the vulnerability presents a major threat with a CVSS V3 rating....

9.8CVSS

7.9AI Score

0.0004EPSS

2024-06-10 04:52 PM
7
cvelist
cvelist

CVE-2024-36408 SuiteCRM authenticated SQL Injection in Alerts

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the Alerts controller. Versions 7.14.4 and 8.6.1 contain a fix for this...

9.6CVSS

EPSS

2024-06-10 04:46 PM
2
cvelist
cvelist

CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

3.7CVSS

EPSS

2024-06-10 04:38 PM
3
cvelist
cvelist

CVE-2024-35728 WordPress Product Addons & Fields for WooCommerce plugin <= 32.0.20 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Themeisle PPOM for WooCommerce allows Code Inclusion.This issue affects PPOM for WooCommerce: from n/a through...

5.3CVSS

EPSS

2024-06-10 04:21 PM
1
cve
cve

CVE-2024-35680

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

5.3CVSS

5.4AI Score

EPSS

2024-06-10 04:15 PM
2
cve
cve

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

8.6CVSS

8.6AI Score

EPSS

2024-06-10 04:15 PM
3
nvd
nvd

CVE-2024-35680

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

5.3CVSS

EPSS

2024-06-10 04:15 PM
nvd
nvd

CVE-2024-35658

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

8.6CVSS

EPSS

2024-06-10 04:15 PM
nvd
nvd

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

4.9CVSS

EPSS

2024-06-10 04:15 PM
cve
cve

CVE-2024-35650

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

4.9CVSS

5.3AI Score

EPSS

2024-06-10 04:15 PM
1
nvd
nvd

CVE-2024-34800

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

7.6CVSS

EPSS

2024-06-10 04:15 PM
cve
cve

CVE-2024-34800

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

7.6CVSS

7.6AI Score

EPSS

2024-06-10 04:15 PM
2
openbugbounty
openbugbounty

newmexicoculture.org Cross Site Scripting vulnerability OBB-3934468

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-10 03:51 PM
2
cvelist
cvelist

CVE-2024-35680 WordPress YITH WooCommerce Product Add-Ons plugin <= 4.9.2 - Content Injection vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in YITH YITH WooCommerce Product Add-Ons allows Code Injection.This issue affects YITH WooCommerce Product Add-Ons: from n/a through...

5.3CVSS

EPSS

2024-06-10 03:48 PM
1
cvelist
cvelist

CVE-2024-35658 WordPress Checkout Field Editor for WooCommerce (Pro) plugin <= 3.6.2 - Unauthenticated Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in ThemeHigh Checkout Field Editor for WooCommerce (Pro) allows Functionality Misuse, File Manipulation.This issue affects Checkout Field Editor for WooCommerce (Pro): from n/a through...

8.6CVSS

EPSS

2024-06-10 03:45 PM
1
cvelist
cvelist

CVE-2024-35650 WordPress MelaPress Login Security plugin <= 1.3.0 - Remote File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Melapress MelaPress Login Security allows PHP Remote File Inclusion.This issue affects MelaPress Login Security: from n/a through...

4.9CVSS

EPSS

2024-06-10 03:43 PM
1
cvelist
cvelist

CVE-2024-34800 WordPress Crafthemes Demo Import plugin <= 3.3 - Arbitrary Plugin Installation vulnerability

Missing Authentication for Critical Function vulnerability in Aruphash Crafthemes Demo Import allows Functionality Misuse.This issue affects Crafthemes Demo Import: from n/a through...

7.6CVSS

EPSS

2024-06-10 03:41 PM
1
openbugbounty
openbugbounty

trailmasters.com Cross Site Scripting vulnerability OBB-3934467

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-10 03:30 PM
1
nvd
nvd

CVE-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

EPSS

2024-06-10 03:15 PM
1
cve
cve

CVE-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

5.4AI Score

EPSS

2024-06-10 03:15 PM
openbugbounty
openbugbounty

ww3.arb.ca.gov Cross Site Scripting vulnerability OBB-3934466

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-10 03:15 PM
2
wolfi
wolfi

CVE-2024-3154 vulnerabilities

Vulnerabilities for packages: wolfictl,...

7.2CVSS

7.3AI Score

0.0004EPSS

2024-06-10 03:14 PM
47
wolfi
wolfi

GHSA-PWCW-6F5G-GXF8 vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-10 03:14 PM
147
wolfi
wolfi

CVE-2024-28860 vulnerabilities

Vulnerabilities for packages:...

8CVSS

7.2AI Score

0.0004EPSS

2024-06-10 03:14 PM
49
wolfi
wolfi

GHSA-CJ6R-8PXJ-5JV6 vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-10 03:14 PM
146
wolfi
wolfi

GHSA-6F9G-CXWR-Q5JR vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-10 03:14 PM
130
wolfi
wolfi

GHSA-R4Q3-7G4Q-X89M vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-10 03:14 PM
137
wolfi
wolfi

GHSA-CCGV-VJ62-XF9H vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-10 03:14 PM
68
wolfi
wolfi

CVE-2020-14040 vulnerabilities

Vulnerabilities for packages: k3d,...

7.5CVSS

7.9AI Score

0.001EPSS

2024-06-10 03:14 PM
108
wolfi
wolfi

CVE-2021-36213 vulnerabilities

Vulnerabilities for packages:...

7.5CVSS

7.5AI Score

0.001EPSS

2024-06-10 03:14 PM
42
Total number of security vulnerabilities2089330