Security Vulnerabilities - CVEs Published In January 2024
Apache Airflow, versions before 2.8.1, have a vulnerability that allows a potential attacker to poison the XCom data by bypassing the protection of "enable_xcom_pickling=False" configuration setting resulting in poisoned data after XCom deserialization. This vulnerability is considered low since it requires a DAG author to exploit it. Users are recommended to upgrade to version 2.8.1 or later, which fixes this issue.
CVSS Score
7.5
EPSS Score
0.002
Published
2024-01-24
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in IP2Location IP2Location Country Blocker.This issue affects IP2Location Country Blocker: from n/a through 2.33.3.
CVSS Score
5.3
EPSS Score
0.003
Published
2024-01-24
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Ignazio Scimone Albo Pretorio On line.This issue affects Albo Pretorio On line: from n/a through 4.6.6.
CVSS Score
5.3
EPSS Score
0.002
Published
2024-01-24
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in smp7, wp.Insider Simple Membership.This issue affects Simple Membership: from n/a through 4.4.1.
CVSS Score
3.4
EPSS Score
0.001
Published
2024-01-24
Deserialization of Untrusted Data vulnerability in QuantumCloud ChatBot with AI.This issue affects ChatBot with AI: from n/a through 5.1.0.
CVSS Score
8.7
EPSS Score
0.003
Published
2024-01-24
Server-Side Request Forgery (SSRF) vulnerability in Renzo Johnson Contact Form 7 Extension For Mailchimp.This issue affects Contact Form 7 Extension For Mailchimp: from n/a through 0.5.70.
CVSS Score
4.9
EPSS Score
0.001
Published
2024-01-24
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Order Export & Order Import for WooCommerce.This issue affects Order Export & Order Import for WooCommerce: from n/a through 2.4.3.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-01-24
Unrestricted Upload of File with Dangerous Type vulnerability in WebToffee Product Import Export for WooCommerce.This issue affects Product Import Export for WooCommerce: from n/a through 2.3.7.
CVSS Score
8.0
EPSS Score
0.002
Published
2024-01-24
Deserialization of Untrusted Data vulnerability in Thomas Belser Asgaros Forum.This issue affects Asgaros Forum: from n/a through 2.7.2.
CVSS Score
8.7
EPSS Score
0.006
Published
2024-01-24
Unrestricted Upload of File with Dangerous Type vulnerability in UkrSolution Barcode Scanner and Inventory manager.This issue affects Barcode Scanner and Inventory manager: from n/a through 1.5.1.
CVSS Score
10.0
EPSS Score
0.003
Published
2024-01-24