87 matches found
PT-2024-19483 · Shopsite · Shopsite
Name of the Vulnerable Software and Affected Versions: ShopSite version 14.0 Description: An arbitrary file upload issue in the /alsdemo/ss/mediam.cgi component allows attackers to execute arbitrary code by uploading a crafted SVG file. Recommendations: For ShopSite version 14.0, consider disabli...
PT-2024-15938 · Unknown · Codeastro Stock Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Stock Management System version 1.0 Description: A vulnerability was found in the CodeAstro Stock Management System, affecting some unknown processing of the file /index.php of the component Add Category Handler. The manipulation of...
PT-2024-15807 · Nsasoft · Nsasoft Product Key Explorer
Name of the Vulnerable Software and Affected Versions: Nsasoft Product Key Explorer version 4.0.9 Description: A vulnerability has been found in the component Registration Handler of Nsasoft Product Key Explorer. The manipulation of the argument Name/Key leads to memory corruption. An attack has ...
PT-2024-15811 · Linzhaoguan · Linzhaoguan Pb-Cms
Name of the Vulnerable Software and Affected Versions: LinZhaoguan pb-cms version 2.0 Description: A problematic issue has been found in the Comment Handler component of the software, allowing for cross-site scripting through the manipulation of input, such as . This can be exploited remotely...
PT-2024-14042 · Qstar · Qstar Archive Solutions
Name of the Vulnerable Software and Affected Versions: QStar Archive Solutions version RELEASE 3-0 Build 7 Patch 0 Description: A DOM Based Reflected Cross Site Scripting XSS issue was found in the qnme-ajax component, specifically in the method=tree level endpoint. This allows for potential...
PT-2023-31595 · Unknown +1 · Jline-Groovy +1
Name of the Vulnerable Software and Affected Versions: jline-groovy version 3.24.1 Description: An issue in the component GroovyEngine.execute of jline-groovy allows attackers to cause an out of memory OOM error. Recommendations: For version 3.24.1, consider disabling the GroovyEngine.execute...
PT-2023-31572 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.8 Description: A cross-site scripting XSS vulnerability in the component admin Video.php of SeaCMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For SeaCMS version 12.8,...
PT-2023-32915 · Unknown · Sourcecodester Engineers Online Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Engineers Online Portal version 1.0 Description: A vulnerability was found in the component Add Engineer Handler of the SourceCodester Engineers Online Portal. The manipulation of the argument first name/last name with the inpu...
PT-2023-31725 · Unknown · Com.Sdjictec.Qdmetro
Name of the Vulnerable Software and Affected Versions: com.sdjictec.qdmetro version 4.2.2 Description: An issue in the export component AdSdkH5Activity of com.sdjictec.qdmetro allows attackers to open a crafted URL without any filtering or checking. Recommendations: For version 4.2.2, consider...
PT-2023-28839
Name of the Vulnerable Software and Affected Versions Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser version 6.65.022 dab24cc6 231221 gp Description The issue allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivit...
PT-2023-31426 · Typecho · Typecho
Name of the Vulnerable Software and Affected Versions: Typecho version 1.2.1 Description: The issue is related to an XML Quadratic Blowup attack. This attack can be executed via the component /index.php/action/xmlrpc. Recommendations: For Typecho version 1.2.1, consider disabling the...
PT-2023-31020 · Unknown · Thinkadmin
Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6.1.53 Description: An arbitrary file upload issue in the /admin/api.upload/file component allows attackers to execute arbitrary code via a crafted Zip file. Recommendations: For ThinkAdmin version 6.1.53, consider disablin...
PT-2023-32681 · Phpems · Phpems
Name of the Vulnerable Software and Affected Versions: PHPEMS version 7.0 Description: A problematic issue has been found in the Content Section Handler component, specifically affecting the file appcontentclsapi.cls.php. This issue leads to cross-site scripting and can be initiated remotely. The...
PT-2023-30726 · Grocy · Grocy
Name of the Vulnerable Software and Affected Versions: Grocy version 4.0.3 Description: The issue allows a local attacker to execute arbitrary code and obtain sensitive information via the equipment description component within the "/equipment/" component. Recommendations: For Grocy version 4.0.3...
PT-2025-18850 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the wifi: mt76: connac component, where WED status is not checked for non-mmio devices. This can lead...
PT-2023-26610 · Inspect Element · Echo.Ac
Name of the Vulnerable Software and Affected Versions: Inspect Element Ltd Echo.ac version 5.2.1.0 Description: An issue in Inspect Element Ltd Echo.ac allows a local attacker to gain privileges via a crafted command to the echo driver.sys component. This issue has been reportedly used by various...
PT-2023-28739 · Yzncms · Yzncms
Name of the Vulnerable Software and Affected Versions: YZNCMS version 1.3.0 Description: A stored cross-site scripting XSS issue in the cms/content/edit component allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter. This enables...
PT-2023-28287 · Lenosp · Lenosp
Name of the Vulnerable Software and Affected Versions: lenosp versions 1.0 through 1.2.0 Description: The issue allows attackers to execute HTML code via a crafted JPG file. This is achieved through an arbitrary file upload vulnerability in the /user/upload component. Recommendations: For version...
PT-2023-8074 · Sourcecodester · Sourcecodester Simple Book Catalog App
Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Book Catalog App version 1.0 Description: A vulnerability has been found in the Update Book Form component of the SourceCodester Simple Book Catalog App. The manipulation of the book title and book author arguments leads...
PT-2023-27077 · Typora · Typora
Name of the Vulnerable Software and Affected Versions: Typora version 1.6.7 Description: A cross site scripting XSS issue in the Markdown Editor component allows attackers to execute arbitrary code via uploading a crafted Markdown file. Recommendations: For Typora version 1.6.7, consider disablin...