143 matches found
PT-2025-4997 · Quotemedia · Quotemedia Tools
Name of the Vulnerable Software and Affected Versions: QuoteMedia Tools versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This is a type of Cross-site Scripting attack. Recommendations: For...
PT-2025-3480 · D Link · D-Link Dir-825
Name of the Vulnerable Software and Affected Versions: D-Link DIR-825 REVB version 2.03 Description: The issue concerns an OS command injection vulnerability in the CGl interface apc client pin.cgi, which allows remote attackers to execute arbitrary commands via the wps pin parameter passed to th...
SUSE SLES15: docker / docker-bash-completion / docker-fish-completion / etc (SUSE-SU-2024:4360-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:4360-1 advisory. - Update docker-buildx to v0.19.2. See upstream changelog online at . Some notable changelogs from the last update: -...
PT-2024-20715 · Ibm · Ibm Cognos Analytics
Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3 Description: The issue is related to a Cross Site Scripting XSS vulnerability due to improper validation of column headings in Cognos...
CVE-2024-41126 Out-of-bounds read when decoding SNMP messages in Contiki-NG
Contiki-NG is an open-source, cross-platform operating system for IoT devices. An out-of-bounds read of 1 byte can be triggered when sending a packet to a device running the Contiki-NG operating system with SNMP enabled. The SNMP module is disabled in the default Contiki-NG configuration. The...
CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
CVE-2024-53258 download_all_submissions allows student to download another student's submissions in Autolab
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the downloadallsubmissions feature. This can allow for leakage of...
PT-2024-34962 · Opencart · Opencart Product Display
Name of the Vulnerable Software and Affected Versions: Ajinkya N OpenCart Product Display versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for Stored XSS. This means that an attacker can inject malicious script...
PT-2024-16857 · Sourcecodester · Sourcecodester Online Eyewear Shop
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability has been found in the Inventory Page component, specifically in the file /oews/classes/Master.php?f=save product. The manipulation of the brand argument leads to...
PT-2024-34834 · Fraudlabs Pro · Fraudlabs Pro Sms Verification
Name of the Vulnerable Software and Affected Versions: FraudLabs Pro SMS Verification versions 1.10.1 and earlier Description: A Cross-Site Request Forgery CSRF issue exists in FraudLabs Pro SMS Verification, allowing Stored XSS. Recommendations: For versions 1.10.1 and earlier, update to a versi...
PT-2024-34254 · Unknown · Swoop 1-Click Login: Passwordless Authentication
Name of the Vulnerable Software and Affected Versions: Swoop 1-Click Login: Passwordless Authentication version 1.4.5 Description: The issue is related to an Authentication Bypass by Primary Weakness vulnerability in the Passwordless Authentication feature. This vulnerability allows for...
PT-2024-6441
Name of the Vulnerable Software and Affected Versions CUPS versions 2.x cups-filters versions up to 2.0.1 Description The issue is related to the FoomaticRIPCommandLine function in the CUPS printing system, which allows remote command execution via a PPD file. This can be exploited when combined...
PT-2024-39409 · Stirling Tools · Stirling-Pdf
Name of the Vulnerable Software and Affected Versions: Stirling-Tools Stirling-PDF versions up to 0.28.3 Description: A vulnerability was found in the Markdown-to-PDF component of Stirling-Tools Stirling-PDF, leading to cross-site scripting. The attack can be initiated remotely, with a rather hig...
PT-2024-32092 · Enms · Enms
Name of the Vulnerable Software and Affected Versions: eNMS versions 4.4.0 through 4.7.1 Description: The issue is related to a Directory Traversal vulnerability. This vulnerability can be exploited through the upload files feature, allowing unauthorized access to sensitive files and directories...
PT-2024-37770 · WordPress · Wp Hardening – Fix Your Wordpress Security
Name of the Vulnerable Software and Affected Versions: The WP Hardening – Fix Your WordPress Security plugin versions up to, and including, 1.2.6 Description: The issue is due to the use of an incorrect regular expression within the "Stop User Enumeration" feature, making it possible for...
PT-2024-39281
Name of the Vulnerable Software and Affected Versions: aimhubio aim versions up to 3.24 Description: A problematic issue was found in the dangerouslySetInnerHTML function of the textbox.tsx file in the Text Explorer component. The manipulation of the query argument leads to cross-site scripting. ...
CVE-2024-39723
IBM FlashSystem 5300 USB ports may be usable even if the port has been disabled by the administrator. A user with physical access to the system could use the USB port to cause loss of access to data. IBM X-Force ID: 295935...
PT-2024-28932 · Mediawiki · Mediawiki Checkuser Extension
Name of the Vulnerable Software and Affected Versions: MediaWiki CheckUser extension versions through 1.42.1 Description: The Special:Investigate feature can expose suppressed information for log events due to the TimelineService not supporting proper suppression. Recommendations: For versions...
PT-2024-3960
Name of the Vulnerable Software and Affected Versions JetBrains TeamCity versions prior to 2023.05.6 JetBrains TeamCity versions prior to 2023.11.5 Description The issue is related to a stored XSS in the Commit status publisher, which can be exploited by a remote attacker to conduct cross-site...
PT-2024-13799 · Nocodb · Nocodb
Name of the Vulnerable Software and Affected Versions: NocoDB versions prior to 0.202.9 Description: A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of ur...