PT-2024-13722 · Anomali · Anomali Match

Name of the Vulnerable Software and Affected Versions: Anomali Match versions prior to 4.6.2 Description: The issue arises from improper handling of untrusted input, enabling an attacker to inject and execute operating system commands. An authenticated admin user can elevate privileges, execute...

CVE-2021-24151

The WP Editor WordPress plugin before 1.2.7 did not sanitise or validate its setting fields leading to an authenticated admin+ blind SQL injection issue via an arbitrary parameter when making a request to save the settings...

Cross Site Request Forgery

Concrete CMS is vulnerable to Cross Site Request Forgery. The vulnerability is due improper implementation of anti csrf tokens within the following endpoint /ccm/system/dialogs/logs/deleteall/submit. This issue can be exploited by an attacker by sending malicious url to the authenticated admin to...

Cross site scripting

A cross-site scripting XSS vulnerability in Palo Alto Networks PAN-OS software enables a malicious authenticated read-write administrator to store a JavaScript payload using the web interface. Then, when viewed by a properly authenticated administrator, the JavaScript payload executes and disguis...

Design/Logic Flaw

An arbitrary file upload vulnerability in Palo Alto Networks PAN-OS software enables an authenticated read-write administrator with access to the web interface to disrupt system processes and potentially execute arbitrary code with limited privileges on the firewall...

CVE-2023-40463

When configured in debugging mode by an authenticated user with administrative privileges, ALEOS 4.16 and earlier store the SHA512 hash of the common root password for that version in a directory accessible to a user with root privileges or equivalent access...

PT-2023-7927 · Hitachi Vantara · Hitachi Vantara Hnas

Name of the Vulnerable Software and Affected Versions: Hitachi Vantara HNAS versions prior to 14.8.7825.01 Description: The issue allows authenticated users to access sensitive information through Insecure Direct Object Reference IDOR. This can be achieved by manipulating URLs, enabling users in...

CVE-2023-22273

Adobe RoboHelp Server versions 11.4 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could lead to Remote Code Execution by an admin authenticated attacker. Exploitation of this issue does not require user interaction...

PT-2023-28335 · Cubecart · Cubecart

Name of the Vulnerable Software and Affected Versions: CubeCart versions prior to 6.5.3 Description: A directory traversal issue allows a remote authenticated attacker with administrative privileges to delete directories and files in the system. Recommendations: For versions prior to 6.5.3, updat...

PT-2023-7204 · Nessus · Nessus

Name of the Vulnerable Software and Affected Versions: Nessus affected versions not specified Description: The issue is related to an arbitrary file write vulnerability. An authenticated, remote attacker with administrator privileges on the Nessus application could alter Nessus Rules variables to...

PT-2023-9546 · Cisco · Cisco Small Business Rv042G +3

Name of the Vulnerable Software and Affected Versions: Cisco Small Business RV042, RV042G, RV320, and RV325 Routers affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, Administrator-level, remote attacker to execute...

CVE-2023-44987

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Timely - Appointment software Timely Booking Button plugin = 2.0.2 versions...

PT-2023-29333 · WordPress · Timely Booking Button

Name of the Vulnerable Software and Affected Versions: Timely Booking Button plugin versions = 2.0.2 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scripts into the system, whi...

CVE-2023-32973

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

Improper Input Validation

Overview magento/project-community-edition is an eCommerce Platform for Growth Community Edition Affected versions of this package are vulnerable to Improper Input Validation due to improper handling of input validation. An attacker can read arbitrary files from the file system by exploiting the...

CVE-2023-32971

A buffer copy without checking size of input vulnerability has been reported to affect several QNAP operating system versions. If exploited, the vulnerability could allow authenticated administrators to execute code via a network. We have already fixed the vulnerability in the following versions:...

CVE-2023-41733

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in YYDevelopment Back To The Top Button plugin = 2.1.5 versions...

VulnCheck KEV: CVE-2023-20109

Cisco IOS and IOS XE contain an out-of-bounds write vulnerability in the Group Encrypted Transport VPN GET VPN feature that could allow an authenticated, remote attacker who has administrative control of either a group member or a key server to execute malicious code or cause a device to crash...

PT-2023-28187 · Avirtum · Avirtum Ifolders Plugin

Name of the Vulnerable Software and Affected Versions: Avirtum iFolders plugin versions prior to 1.5.0 Description: The issue is related to an Authenticated admin+ Cross-Site Scripting XSS vulnerability. This means that an attacker who has admin access can inject malicious scripts into the websit...

CVE-2022-3874

A command injection flaw was found in foreman. This flaw allows an authenticated user with admin privileges on the foreman instance to transpile commands through CoreOS and Fedora CoreOS configurations in templates, possibly resulting in arbitrary command execution on the underlying operating...