RiSec CyberAwareness Logo

CVEs Today

Latest Information on Common Vulnerabilities and Exposures (CVEs)

Last updated: June 9, 2024. 11:40:34 UTC

click on an item for more info;

ID Description Modified References
CVE-2024-30538 Missing Authorization vulnerability in DELUCKS GmbH DELUCKS SEO.This issue affects DELUCKS SEO: from n/a through 2.5.4. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2023-51494 Missing Authorization vulnerability in Woo WooCommerce Product Vendors.This issue affects WooCommerce Product Vendors: from n/a through 2.2.1. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2023-52232 Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.2. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2023-52230 Missing Authorization vulnerability in Pluggabl LLC Booster Plus for WooCommerce.This issue affects Booster Plus for WooCommerce: from n/a before 7.1.3. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2024-30534 Missing Authorization vulnerability in typps Calendarista Basic Edition.This issue affects Calendarista Basic Edition: from n/a through 3.0.5. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2024-30539 Missing Authorization vulnerability in Awesome Support Team Awesome Support.This issue affects Awesome Support: from n/a through 6.1.7. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2024-31294 Missing Authorization vulnerability in Fahad Mahmood WP Sort Order.This issue affects WP Sort Order: from n/a through 1.3.1. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2024-31098 Missing Authorization vulnerability in Mr.Ebabi New Order Notification for Woocommerce.This issue affects New Order Notification for Woocommerce: from n/a through 2.0.2. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2024-31246 Missing Authorization vulnerability in Post Grid Team by WPXPO PostX – Gutenberg Blocks for Post Grid.This issue affects PostX – Gutenberg Blocks for Post Grid: from n/a through 3.2.3. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2024-30537 Missing Authorization vulnerability in WPClever WPC Badge Management for WooCommerce.This issue affects WPC Badge Management for WooCommerce: from n/a through 2.4.0. June 9, 2024. 09:15:00 [patchstack.com]
CVE-2024-5775 A vulnerability was found in SourceCodester Vehicle Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file updatebill.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. VDB-267458 is the identifier assigned to this vulnerability. June 9, 2024. 08:15:00 [vuldb.com][vuldb.com]
CVE-2024-5774 A vulnerability has been found in SourceCodester Stock Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file index.php of the component Login. The manipulation of the argument username/password leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-267457 was assigned to this vulnerability. June 9, 2024. 06:15:00 [vuldb.com][vuldb.com]
CVE-2024-5772 A vulnerability, which was classified as critical, has been found in Netentsec NS-ASG Application Security Gateway 6.3. This issue affects some unknown processing of the file /protocol/iscuser/deleteiscuser.php. The manipulation of the argument messagecontent leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The associated identifier of this vulnerability is VDB-267455. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. June 9, 2024. 03:15:00 [vuldb.com][vuldb.com]
CVE-2024-5773 A vulnerability, which was classified as critical, was found in Netentsec NS-ASG Application Security Gateway 6.3. Affected is an unknown function of the file /protocol/firewall/deletemacbind.php. The manipulation of the argument messagecontent leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-267456. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. June 9, 2024. 03:15:00 [vuldb.com][vuldb.com]
CVE-2024-5771 A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-267454 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way. June 8, 2024. 22:15:00 [vuldb.com][vuldb.com]
CVE-2024-4146 In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the `checkProjectAccess` method within the authorization middleware, which fails to adequately verify if a user has the correct permissions to access a specific project. Instead, it only checks if the user is part of the organization owning the project, overlooking the necessary check against the `account_project` table for explicit project access rights. This flaw enables attackers to gain complete control over all resources within a project, including the ability to create, update, read, and delete any resource, compromising the privacy and security of sensitive information. June 8, 2024. 20:15:00 [huntr.com][github.com]
CVE-2024-4680 A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the victim's ability to revoke this access. This issue was observed in a self-hosted ZenML deployment via Docker, where after changing the password from one browser, the session remained active and usable in another browser without requiring re-authentication. June 8, 2024. 20:15:00 [huntr.com]
CVE-2024-21748 Missing Authorization vulnerability in Icegram.This issue affects Icegram: from n/a through 3.1.21. June 8, 2024. 17:15:00 [patchstack.com]
CVE-2024-22151 Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through 1.24.6. June 8, 2024. 17:15:00 [patchstack.com]
CVE-2024-35657 Cross-Site Request Forgery (CSRF) vulnerability in Plechev Andrey WP-Recall.This issue affects WP-Recall: from n/a through 16.26.6. June 8, 2024. 16:15:00 [patchstack.com]


Page 1 of 1289



Discord Invite
View Disclaimer
Powered by NameCheap