Search Results (37092 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2024-36409 1 Salesagility 1 Suitecrm 2024-11-21 9.6 Critical
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in Tree data entry point. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36408 1 Salesagility 1 Suitecrm 2024-11-21 9.6 Critical
SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, poor input validation allows for SQL Injection in the `Alerts` controller. Versions 7.14.4 and 8.6.1 contain a fix for this issue.
CVE-2024-36395 1 Verint 1 Workforce Optimization 2024-11-21 6.1 Medium
Verint - CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CVE-2024-36393 1 Sysaid 1 Sysaid 2024-11-21 9.9 Critical
SysAid - CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2024-36278 1 Openatom 1 Openharmony 2024-11-21 3.3 Low
in OpenHarmony v4.0.0 and prior versions allow a local attacker cause apps crash through type confusion.
CVE-2024-36113 1 Discourse 1 Discourse 2024-11-21 4.9 Medium
Discourse is an open-source discussion platform. Prior to version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch, a rogue staff user could suspend other staff users preventing them from logging in to the site. The issue is patched in version 3.2.3 on the `stable` branch, version 3.3.0.beta3 on the `beta` branch, and version 3.3.0.beta4-dev on the `tests-passed` branch. No known workarounds are available.
CVE-2024-36082 1 Codepeople 1 Music Store 2024-11-21 6.5 Medium
SQL injection vulnerability in Music Store - WordPress eCommerce versions prior to 1.1.14 allows a remote authenticated attacker with an administrative privilege to execute arbitrary SQL commands. Information stored in the database may be obtained or altered by the attacker.
CVE-2024-35750 1 Wpdevart 1 Gallery 2024-11-21 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through 2.0.3.
CVE-2024-35748 1 Opmc 1 Woocommerce Dropshipping 2024-11-21 5.3 Medium
Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through 5.0.4.
CVE-2024-35742 1 Codeparrots 1 Easy Forms For Mailchimp 2024-11-21 5.3 Medium
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through 6.9.0.
CVE-2024-35741 1 Getawesomesupport 1 Awesome Support 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7.
CVE-2024-35736 1 Themeisle 1 Visualizer 2024-11-21 8.5 High
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Themeisle Visualizer.This issue affects Visualizer: from n/a through 3.11.1.
CVE-2024-35735 1 Codepeople 1 Wp Time Slots Booking Form 2024-11-21 5.3 Medium
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.2.11.
CVE-2024-35727 1 Actpro 1 Extra Product Options For Woocommerce 2024-11-21 4.3 Medium
Missing Authorization vulnerability in actpro Extra Product Options for WooCommerce.This issue affects Extra Product Options for WooCommerce: from n/a through 3.0.6.
CVE-2024-35726 1 Themekraft 1 Buddypress Woocommerce My Account Integration. Create Woocommerce Member Pages 2024-11-21 4.3 Medium
Missing Authorization vulnerability in ThemeKraft WooBuddy.This issue affects WooBuddy: from n/a through 3.4.19.
CVE-2024-35725 1 La-studioweb 1 Element Kit For Elementor 2024-11-21 4.3 Medium
Missing Authorization vulnerability in LA-Studio LA-Studio Element Kit for Elementor.This issue affects LA-Studio Element Kit for Elementor: from n/a through 1.3.6.
CVE-2024-35724 1 Bosathemes 1 Bosa Elementor Addons And Templates For Woocommerce 2024-11-21 4.3 Medium
Missing Authorization vulnerability in Bosa Themes Bosa Elementor Addons and Templates for WooCommerce.This issue affects Bosa Elementor Addons and Templates for WooCommerce: from n/a through 1.0.12.
CVE-2024-35722 1 Awplife 1 Slider Responsive Slideshow 2024-11-21 4.3 Medium
Missing Authorization vulnerability in A WP Life Slider Responsive Slideshow – Image slider, Gallery slideshow.This issue affects Slider Responsive Slideshow – Image slider, Gallery slideshow: from n/a through 1.4.0.
CVE-2024-35721 1 Awplife 1 Image Gallery 2024-11-21 4.3 Medium
Missing Authorization vulnerability in A WP Life Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery.This issue affects Image Gallery – Lightbox Gallery, Responsive Photo Gallery, Masonry Gallery: from n/a through 1.4.5.
CVE-2024-35720 1 Awplife 1 Album Gallery 2024-11-21 4.3 Medium
Missing Authorization vulnerability in A WP Life Album Gallery – WordPress Gallery.This issue affects Album Gallery – WordPress Gallery: from n/a through 1.5.7.