Category: alerts

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 2code — wpqa_builder  The WPQA Builder WordPress plugin before 6.1.1 does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks 2024-07-03 8.8 CVE-2024-2376contact@wpscan.com ABB–ASPECT Enterprise (ASP-ENT-x)  Default credential in… Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info access_management_specialist_project — access_management_specialist  An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive information. 2024-06-24 7.5 CVE-2024-37677cve@mitre.org aimeos–ai-client-html  ai-client-html is an Aimeos e-commerce HTML client component. Debug information revealed sensitive information from… Read more

Progress Software released a security bulletin to address a vulnerability in MOVEit Transfer. A cyber threat actor could exploit this vulnerability to take control of an affected system. Users and administrators are encouraged to review the following bulletin and apply the necessary updates: MOVEit Transfer Critical Security Alert Bulletin – June 2024 – (CVE-2024-5806) Read more

Today, CISA, in partnership with the Federal Bureau of Investigation, Australian Signals Directorate’s Australian Cyber Security Centre, and Canadian Cyber Security Center, released Exploring Memory Safety in Critical Open Source Projects. This guidance was crafted to provide organizations with findings on the scale of memory safety risk in selected open source software (OSS). This joint… Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 3uu–Shariff Wrapper  The Shariff Wrapper plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 4.6.13 via the shariff3uu_fetch_sharecounts function. This allows unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of… Read more

Today, CISA released Barriers to Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: Identifying Challenges and Opportunities, a detailed report exploring challenges to SSO adoption by small and medium-sized businesses (SMBs). The report also identifies potential ways to overcome these challenges and improve an SMB’s level of security.  CISA also released a related blog… Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info actpro — extra_product_options_for_woocommerce  Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6. 2024-06-10 8.8 CVE-2024-35727audit@patchstack.com adfinis–document-merge-service  Document Merge Service is a document template merge service providing an API to manage… Read more

 Microsoft has released security updates to address vulnerabilities in multiple products. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system.   Users and administrators are encouraged to review the following advisory and apply the necessary updates:   Microsoft Security Update Guide for June Read more

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info 8theme–XStore Core  Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in 8theme XStore Core allows PHP Local File Inclusion.This issue affects XStore Core: from n/a through 5.3.8. 2024-06-04 8.5 CVE-2024-33557audit@patchstack.com 8theme–XStore  Improper Limitation of a Pathname to a… Read more

  High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source & Patch Info ASKEY–5G NR Small Cell  ASKEY 5G NR Small Cell fails to properly filter user input for certain functionality, allowing remote attackers with administrator privilege to execute arbitrary system commands on the remote server. 2024-05-27 7.2 CVE-2024-5403twcert@cert.org.tw Astrotalks–Astrotalks  SQL injection vulnerability in… Read more