PT-2025-6093 · Tenda · Tenda W18E

Name of the Vulnerable Software and Affected Versions: Tenda W18E version V16.01.0.81625 Description: A stack overflow vulnerability in the Tenda W18E web management portal allows an authenticated remote attacker to cause a denial of service or potentially execute arbitrary code. This issue occur...

CVE-2022-41956

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...

Design/Logic Flaw

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A file disclosure vulnerability was discovered in Autolab's remote handin feature,...

CVE-2022-41955 Autolab is vulnerable to remote code execution (RCE) via MOSS functionality

Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...

PT-2023-14622 · Archibus · Archibus Web Central

Name of the Vulnerable Software and Affected Versions: Archibus Web Central version 2022.03.01.107 Description: An issue was discovered in the application where a service allows a basic user to cancel or delete a booking created by someone else, even if the basic user is not a member of the...

PT-2022-20746 · Open Xchange · Ox App Suite

Name of the Vulnerable Software and Affected Versions: OX App Suite versions 7.10.6 and earlier Description: The issue allows for XSS via a deep link, as demonstrated by class="deep-link-app" for a "/!!&app=%2e./" URI. This can be exploited to execute malicious scripts. Recommendations: For OX Ap...

PT-2022-6102 · Arm +2 · Mbed Tls +2

Name of the Vulnerable Software and Affected Versions: Mbed TLS versions prior to 2.28.2 Mbed TLS versions 3.x prior to 3.3.0 Description: A potential heap-based buffer overflow and heap-based buffer over-read exists in DTLS if MBEDTLS SSL DTLS CONNECTION ID is enabled and MBEDTLS SSL CID IN LEN...

PT-2022-27347 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: The issue is related to a stored cross-site scripting XSS vulnerability in the Entities Group feature at "/index.php?module=entities/entities groups". This allows attackers to execute arbitrary web scrip...

PT-2022-27346 · Unknown · Rukovoditel

Name of the Vulnerable Software and Affected Versions: Rukovoditel version 3.2.1 Description: A stored cross-site scripting XSS issue was found in the Highlight Row feature at "/index.php?module=entities/listing types&entities id=24". This allows attackers to execute arbitrary web scripts or HTML...

PT-2022-26252 · Unknown · Klik Socialmediawebsite

Name of the Vulnerable Software and Affected Versions: KLiK SocialMediaWebsite version 1.0.1 Description: The issue allows attackers to store XSS via location input in the reply-form, potentially affecting user security. Recommendations: For KLiK SocialMediaWebsite version 1.0.1, consider disabli...

PT-2022-27139 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.19 Description: The issue is related to a Buffer Overflow that can be triggered via the addWifiMacFilter function. Recommendations: For Tenda AC18 version 15.03.05.19, consider disabling the addWifiMacFilter functi...

PT-2022-26950 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions prior to 6.0.3 Description: The issue allows a remote unauthenticated attacker to obtain the email address of the user who posted a blog using the WordPress Post by Email Feature. Recommendations: For WordPress versions pri...

PT-2022-20167 · Inhand Networks · Inrouter302

Name of the Vulnerable Software and Affected Versions: InHand Networks InRouter302 version 3.5.45 Description: A leftover debug code vulnerability exists in the console infct functionality. This vulnerability can be triggered by a specially-crafted series of network requests, leading to the...

PT-2022-7258 · Libde265 +3 · Libde265 +3

Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.8 Description: The issue is related to a heap-buffer-overflow vulnerability via the put unweighted pred 16 fallback function in fallback-motion.cc. This allows attackers to cause a Denial of Service DoS via a crafted vide...

PT-2022-23419 · H3C · H3C Magic Nx18 Plus

Name of the Vulnerable Software and Affected Versions: H3C Magic NX18 Plus version NX18PV100R003 Description: A stack overflow issue was discovered in the function Edit BasicSSID 5G. Recommendations: For version NX18PV100R003, as a temporary workaround, consider disabling the Edit BasicSSID 5G...

PT-2022-22864 · Zammad · Zammad

Name of the Vulnerable Software and Affected Versions: Zammad version 5.2.0 Description: The issue allows an attacker to manipulate the rate limiting in the 'forgot password' feature, enabling them to send numerous requests for a known account. This can cause Denial Of Service due to the generati...

PT-2022-20601 · Dspace · Dspace

Name of the Vulnerable Software and Affected Versions: DSpace versions prior to 5.11 DSpace versions prior to 6.4 Description: The JSPUI "Request a Copy" feature does not properly escape values submitted and stored from the "Request a Copy" form, making item requests vulnerable to XSS attacks. Th...

Remote Code Execution (RCE)

winter/storm is vulnerable to Remote Code Execution. An authenticated attacker with permission to create or modify theme templates with the cms editor can disable the cms.enableSafeMode feature, allowing for the modification of the backend php code through the web interface...

PT-2022-17595

Name of the Vulnerable Software and Affected Versions: git-clone affected versions not specified Description: The git-clone package is susceptible to Command Injection due to insecure usage of the --upload-pack feature of git. This allows for potential malicious code execution. Credit for...

PT-2022-14891 · Unknown +1 · Libiec61850 +1

Name of the Vulnerable Software and Affected Versions: libiec61850 version 1.5.0 Description: A denial of service issue exists in the parseNormalModeParameters functionality. It can be triggered by a specially-crafted series of network requests, allowing an attacker to send a sequence of malforme...