PT-2024-4782

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server affected versions not specified Description This issue involves flaws in the deserialization mechanism within Microsoft SharePoint Server. Successful exploitation could allow a remote attacker to execute arbitrary...

Trend Micro Apex One modOSCE SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the client management functionality. The issue results from the lack of proper validati...

PT-2024-28663 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. To exploit this vulnerability, an...

CVE-2024-2926

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Progress Software WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the SessionControler class. The issue results from the lack ...

Progress Software WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the APM module. The issue results from the lack of proper validation of...

Progress Software WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetASPReport method. The issue results from the lack of...

PT-2024-7447 · Sap · Sap Landscape Management

Name of the Vulnerable Software and Affected Versions: SAP Landscape Management affected versions not specified Description: The issue is related to the REST Provider Definition response in SAP Landscape Management, which allows an authenticated user to read confidential data. This can cause a hi...

OESA-2024-1743 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A race condition leading to a stack use-after-free flaw was found in libvirt. Due...

PT-2024-20200 · Autel · Autel Maxicharger Ac Elite Business C50

Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Elite Business C50 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations...

PT-2024-20179 · Sony · Sony Xav-Ax5500

Name of the Vulnerable Software and Affected Versions: Sony XAV-AX5500 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this issue...

PT-2024-26570 · WordPress · Custom Field Suite

Name of the Vulnerable Software and Affected Versions: Custom Field Suite plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to insufficient sanitization of input prior to being used in a call to the eval function, which makes it possible for authenticated...

PT-2024-12814 · Papercut · Papercut Ng

Name of the Vulnerable Software and Affected Versions: PaperCut NG affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this issue. The specific flaw exists within...

CVE-2024-1766

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acces...

PT-2024-4311 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes Db2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to a denial of service that may occur when a specially crafted query is used on certain columnar tables by an...

Vulnerabilities fixed in Microsoft Dynamics

Microsoft has fixed vulnerabilities in Dynamics and Dynamics Business Central. A malicious party could exploit the vulnerabilities to grant themselves elevated privileges, execute arbitrary code with potentially elevated privileges and gain access to sensitive data in the application. For...

CVE-2024-3850 Uniview NVR301-04S2-P4 Cross-site Scripting

Uniview NVR301-04S2-P4 is vulnerable to reflected cross-site scripting attack XSS. An attacker could send a user a URL that if clicked on could execute malicious JavaScript in their browser. This vulnerability also requires authentication before it can be exploited, so the scope and severity is...

Centreon updateServiceHost_MC SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the updateServiceHostMC function. The issue results from the lack of proper validation of a...

PT-2024-4041 · Centreon · Centreon

Name of the Vulnerable Software and Affected Versions: Centreon affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this issue. The specific flaw exists within the...

Vulnerabilities fixed in Solarwinds Platform

Solarwinds has fixed vulnerabilities in Solarwinds Platform. A malicious party can exploit the vulnerabilities to cause a Denial-of-Service, execute a command injection, or perform a Cross-Site-Scripting attack. Such an attack can result in execution of arbitrary code in the victim's browser. For...