PT-2024-32516 · Unknown · Use Any Font

Name of the Vulnerable Software and Affected Versions: Use Any Font versions n/a through 6.3.08 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations: For versions n/a through 6.3.08, update to a version later than 6.3....

WordPress plugin WP Simple Booking Calendar 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A cross-site scripting...

Beware: New Vo1d Malware Infects 1.3 Million Android-based TV Boxes Worldwide

Nearly 1.3 million Android-based TV boxes running outdated versions of the operating system and belonging to users spanning 197 countries have been infected by a new malware dubbed Vo1d aka Void. "It is a backdoor that puts its components in the system storage area and, when commanded by attacker...

PT-2024-28240 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.3.0p14 Checkmk versions prior to 2.2.0p33 Checkmk versions prior to 2.1.0p47 Checkmk version 2.0.0 Description: The issue allows malicious users to execute arbitrary scripts by injecting HTML elements into the SLA...

PT-2024-30060 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. It affects the /admin/submit page.php endpoint. Recommendations: For Pligg CMS version 2.0.2, update to a version that includes a fi...

PT-2024-38669 · Unknown · Tosei Online Store Management System

Name of the Vulnerable Software and Affected Versions: Tosei Online Store Management System versions 4.02 through 4.04 Description: A critical vulnerability was found in the Backend component of the system, allowing for the use of default credentials. The attack can be initiated remotely. The...

KB5041160: Windows Server 2022 / Azure Stack HCI 22H2 Security Update (August 2024)

The remote Windows host is missing security update 5041160. It is, therefore, affected by multiple vulnerabilities - An elevation of privilege vulnerability exists in Windows based systems supporting Virtualization Based Security VBS including a subset of Azure Virtual Machine SKUS. This can allo...

WordPress plugin Participants Database 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in the...

PT-2024-5574

Name of the Vulnerable Software and Affected Versions Roundcube versions 1.5.7 and earlier, 1.6.x through 1.6.7 Description The issue exists due to inadequate protection of the web page structure in the rcmail action mail get-run function of the Roundcube Webmail client. Exploitation of this issu...

PT-2024-24003 · Unknown · Premmerce Product Filter For Woocommerce

Name of the Vulnerable Software and Affected Versions: Premmerce Product Filter for WooCommerce versions 3.7.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in Premmerce Product Filter for WooCommerce. No information is provided about the estimated number ...

AZL-42046 CVE-2024-32465 affecting package git for versions less than 2.39.4-1

Git is a revision control system. The Git project recommends to avoid working in untrusted repositories, and instead to clone it first with git clone --no-local to obtain a clean copy. Git has specific protections to make that a safe operation even with an untrusted source repository, but...

PT-2024-24579 · Unknown · Restropress

Name of the Vulnerable Software and Affected Versions: RestroPress versions 3.1.2 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge or consent. Recommendations: For...

PT-2024-24298 · Unknown · Link Whisper

Name of the Vulnerable Software and Affected Versions: Link Whisper Free versions 0.6.9 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This allows an attacker to perform unintended actions on a user's account. Recommendations: For versions 0.6.9 and earlier,...

PT-2024-20051 · Notion · Notion

Name of the Vulnerable Software and Affected Versions: Notion versions prior to 3.1.0 Description: The issue might allow code execution because of RunAsNode and enableNodeClilnspectArguments. The vendor states that the attacker must launch the Notion Desktop application with nonstandard flags tha...

PT-2023-10833 · Unknown · Mdalamin-Aol Own Health Record

Name of the Vulnerable Software and Affected Versions: MdAlAmin-aol Own Health Record versions 0.1-alpha through 0.3.1-alpha Description: This issue affects some unknown processing of the file includes/logout.php. The manipulation leads to cross-site request forgery. The attack may be initiated...

PT-2023-9194 · Unknown · Asp.Net Zero

Name of the Vulnerable Software and Affected Versions: Asp.Net Zero versions prior to 12.3.0 Description: The issue is related to an open redirect through HTML injection in user messages, allowing remote attackers to redirect targeted victims to any URL via the '' in the WebSocket messages. This...

PT-2023-15411 · Unknown · Simple Photo Gallery

Name of the Vulnerable Software and Affected Versions: Simple Photo Gallery versions n/a through v1.8.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

Suspected Exploitation of Apache ActiveMQ CVE-2023-46604

Tom Elkins, John Fenninger, Evan McCann, Matthew Smith, and Micah Young contributed attacker behavior insights to this blog. Beginning Friday, October 27, Rapid7 Managed Detection and Response MDR identified suspected exploitation of Apache ActiveMQ CVE-2023-46604 in two different customer...

PT-2023-28198 · Unknown · Dolibarr Erp/Crm

Name of the Vulnerable Software and Affected Versions: Dolibarr ERP CRM versions = 18.0.1 Description: The issue is related to improper input validation, which fails to strip certain PHP code from user-supplied input when creating a Website. This allows an attacker to inject and evaluate arbitrar...

OTRS Trust Management Issue Vulnerability

OTRS is an application from OTRS Germany. A service management software. A security vulnerability exists in OTRS versions prior to 7.0.47, 8.0.37, and OTRS Community Edition versions 6.0.X through 6.0.34, which arises from the ability to obtain email via POP3 or IMAP and send email via SMTP using...