CVE-2024-45088

CVE-2024-45088 affects IBM Maximo Asset Management 7.6.1.3 and is a stored cross-site scripting vulnerability. According to IBM and Red Hat sources, authenticated users can inject arbitrary JavaScript into the Maximo Web UI, potentially altering functionality and leading to credentials disclosure...

PT-2024-35152 · Unknown · Stirling-Pdf

Name of the Vulnerable Software and Affected Versions: Stirling-PDF versions prior to 0.32.0 Description: The issue in Stirling-PDF allows any unauthenticated user to execute JavaScript code in the context of the user due to the Merge functionality taking untrusted user input file name and using ...

CVE-2024-10988

The CVE-2024-10988 entry affects code-projects E-Health Care System v1.0, where the vulnerability lies in the file /Doctor/doctor_login.php. The root cause is improper handling of the email parameter, enabling SQL injection that can be triggered remotely and may affect multiple parameters. Severa...

PT-2024-31241 · Mgt Commerce Gmbh · Cloudpanel

Name of the Vulnerable Software and Affected Versions: MGT-COMMERCE GmbH CloudPanel versions 2.0.0 through 2.4.2 Description: An Improper Authorization Access Control Misconfiguration issue allows low-privilege users to bypass access controls, gaining unauthorized access to sensitive configuratio...

PT-2024-33493 · Umbrel · Umbrel

Name of the Vulnerable Software and Affected Versions: Umbrel versions prior to 1.2.2 Description: The login functionality of Umbrel contains a reflected cross-site scripting XSS vulnerability in use-auth.tsx. An attacker can specify a malicious redirect query parameter to trigger the...

CVE-2024-44765

An Improper Authorization Access Control Misconfiguration vulnerability in MGT-COMMERCE GmbH CloudPanel v2.0.0 to v2.4.2 allows low-privilege users to bypass access controls and gain unauthorized access to sensitive configuration files and administrative functionality...

Huawei HarmonyOS Privilege Issue Vulnerability (CNVD-2025-13357)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS suffers from a privilege issue vulnerability that stems from a privilege control in the ability module. An attacker could exploit this...

Winos 4.0 Malware Infects Gamers Through Malicious Game Optimization Apps

Cybersecurity researchers are warning that a command-and-control C&C framework called Winos is being distributed within gaming-related applications like installation tools, speed boosters, and optimization utilities. "Winos 4.0 is an advanced malicious framework that offers comprehensive...

CVE-2024-51516

Permission control vulnerability in the ability module Impact: Successful exploitation of this vulnerability may cause features to function abnormally...

CVE-2024-45164

Akamai SIA Secure Internet Access Enterprise ThreatAvert, in SPS Security and Personalization Services before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticat...

PT-2024-16508 · Unknown · Datatables +1

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting an unknown functionality of the file /admin/assets/plugins/DataTables/media/unit testing/templates/comple...

CVE-2024-47308

Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through = 3.1.2...

CVE-2024-43323

Missing Authorization vulnerability in ReviewX ReviewX allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ReviewX: from n/a through 1.6.28...

CVE-2024-43341

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5...

CVE-2024-43341

Missing Authorization vulnerability in CozyThemes Hello Agency allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Hello Agency: from n/a through 1.0.5...

CVE-2024-43219

Missing Authorization vulnerability in ووکامرس فارسی Persian WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Persian WooCommerce: from n/a through 7.1.6...

CVE-2024-38744

Missing Authorization vulnerability in Upqode Plum: Spin Wheel & Email Pop-up allows Accessing Functionality Not Properly Constrained by ACLs, Stored XSS.This issue affects Plum: Spin Wheel & Email Pop-up: from n/a through 2.0...

CVE-2024-37463

Missing Authorization vulnerability in CRM Perks CRM Perks Forms allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects CRM Perks Forms: from n/a through 1.1.5...

CVE-2024-37470 WordPress Woffice Core plugin <= 5.4.8 - Unauthenticated Broken Access Control vulnerability

Missing Authorization vulnerability in WofficeIO Woffice Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woffice Core: from n/a through 5.4.8...

CVE-2024-37510

CVE-2024-37510 concerns WordPress plugin Charitable (Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress) with versions up to 1.8.1.7. The root cause is a missing authorization check that allows users to access functionality not constrained by ACLs. The vulnerabil...