Security Vulnerabilities - CVEs Published In July 2024
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in UkrSolution Barcode Scanner with Inventory & Order Manager allows SQL Injection.This issue affects Barcode Scanner with Inventory & Order Manager: from n/a through 1.6.1.
CVSS Score
8.5
EPSS Score
0.006
Published
2024-07-22
Server-Side Request Forgery (SSRF) vulnerability in Bernhard Kux JSON Content Importer.This issue affects JSON Content Importer: from n/a through 1.5.6.
CVSS Score
6.4
EPSS Score
0.001
Published
2024-07-22
Server-Side Request Forgery (SSRF) vulnerability in Seraphinite Solutions Seraphinite Post .DOCX Source.This issue affects Seraphinite Post .DOCX Source: from n/a through 2.16.9.
CVSS Score
7.2
EPSS Score
0.001
Published
2024-07-22
Server-Side Request Forgery (SSRF) vulnerability in Berqier Ltd BerqWP.This issue affects BerqWP: from n/a through 1.7.5.
CVSS Score
7.2
EPSS Score
0.002
Published
2024-07-22
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spiffy Plugins Spiffy Calendar allows SQL Injection.This issue affects Spiffy Calendar: from n/a through 4.9.11.
CVSS Score
7.6
EPSS Score
0.043
Published
2024-07-22
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AuburnForest Blogmentor – Blog Layouts for Elementor allows Stored XSS.This issue affects Blogmentor – Blog Layouts for Elementor: from n/a through 1.5.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-22
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Branda allows Stored XSS.This issue affects Branda: from n/a through 3.4.17.
CVSS Score
5.9
EPSS Score
0.001
Published
2024-07-22
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Ninja Team Ninja Beaver Add-ons for Beaver Builder allows Stored XSS.This issue affects Ninja Beaver Add-ons for Beaver Builder: from n/a through 2.4.5.
CVSS Score
6.5
EPSS Score
0.001
Published
2024-07-22
When editing a user, group or any object in the Syncope Console, HTML tags could be added to any text field and could lead to potential exploits.
The same vulnerability was found in the Syncope Enduser, when editing “Personal Information” or “User Requests”.
Users are recommended to upgrade to version 3.0.8, which fixes this issue.
CVSS Score
5.4
EPSS Score
0.003
Published
2024-07-22
Improper neutralization of livestatus command delimiters in mknotifyd in Checkmk <= 2.0.0p39, < 2.1.0p47, < 2.2.0p32 and < 2.3.0p11 allows arbitrary livestatus command execution.
CVSS Score
6.5
EPSS Score
0.005
Published
2024-07-22