PT-2024-33493 · Umbrel · Umbrel

Name of the Vulnerable Software and Affected Versions: Umbrel versions prior to 1.2.2 Description: The login functionality of Umbrel contains a reflected cross-site scripting XSS vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the...

PT-2024-31241 · Mgt Commerce Gmbh · Cloudpanel

Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE GmbH CloudPanel versions 2.0.0 through 2.4.2 Description: An Improper Authorization Access Control Misconfiguration issue allows low-privilege users to bypass access controls, gaining unauthorized access to sensitive configuratio...

Huawei HarmonyOS Privilege Issue Vulnerability (CNVD-2025-13357)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a privilege issue vulnerability that stems from a privilege control in the ability module. An attacker could exploit this...

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Cybersecurity researchers are warning that a command-and-control C&C framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities. "Winos 4.0 is an advanced malicious framework that offers comprehensive...

CVE-2024-51516

Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally...

CVE-2024-45164

Akamai SIA Secure Internet Access Enterprise ThreatAvert, in SPS Security and Personalization Services before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticat...

PT-2024-16508 · Unknown · Datatables +1

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit testing/templates/comple...

CVE-2024-47308

Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through = 3.1.2...

CVE-2024-43341

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5...

CVE-2024-43323

Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28...

CVE-2024-43341

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5...

CVE-2024-43219

Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6...

CVE-2024-38744

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...

CVE-2024-37463

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5...

CVE-2024-37470 WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8...

CVE-2024-37510

CVE-2024-37510 concerns WordPress plugin Charitable (Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress) with versions up to 1.8.1.7. The root cause is a missing authorization check that allows users to access functionality not constrained by ACLs. The vulnerabil...

CVE-2024-38737

Technical details about CVE-2024-38737 are not present in the provided connected documents. Public information in these sources does not specify affected versions, root cause, impact, or remediation. Monitor for updates from official advisories and CVE records.

CVE-2024-38783

CVE-2024-38783 concerns the WordPress plugin Arconix FAQ (

CVE-2024-43159 WordPress Masteriyo LMS plugin <= 1.11.6 - Broken Access Control vulnerability

Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.11.6...

CVE-2024-43159

CVE-2024-43159 is a Missing Authorization vulnerability in WordPress Masteriyo LMS plugin affecting versions up to 1.11.6. Public details describe that access to functionality is not properly constrained by ACLs, enabling unauthorized access. Available connected sources consistently state the iss...