PT-2025-1941 · WordPress · Bu Section Editing Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: BU Section Editing WordPress plugin versions 0.9.9 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem, where a parameter is not properly sanitised and escaped before being outputted back in the page. Thi...

PT-2024-36677 · Wplms · Wplms

Name of the Vulnerable Software and Affected Versions: WPLMS versions prior to 1.9.9.5.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...

PT-2024-11994 · Zendesk · Zendesk Support For Wordpress

Name of the Vulnerable Software and Affected Versions: Zendesk Support for WordPress versions 1.8.4 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions...

FreeBSD : qt6-webengine -- Multiple vulnerabilities (c2fd83e4-b450-11ef-b680-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the c2fd83e4-b450-11ef-b680-4ccc6adda413 advisory. Qt qtwebengine-chromium repo reports: Backports for 5 security bugs in Chromium: Tenable has...

WordPress plugin The Plus Addons for Elementor Page Builder Lite 跨站脚本漏洞

WordPress and WordPress plugin are products of the WordPress Foundation, a blogging platform developed in PHP. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress plugin The Plus...

PT-2024-30798 · Themeum · Wp Crowdfunding

Name of the Vulnerable Software and Affected Versions: WP Crowdfunding versions 2.1.10 and earlier Description: The issue is related to a Missing Authorization vulnerability in Themeum WP Crowdfunding, allowing exploitation of incorrectly configured access control security levels. Recommendations...

Google Chrome < 130.0.6723.69 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 130.0.6723.69. It is, therefore, affected by multiple vulnerabilities as referenced in the 202410stable-channel-update-for-desktop22 advisory. - Type Confusion in V8 in Google Chrome prior to 130.0.6723.69 allowed a...

Mozilla Firefox < 131.0

The version of Firefox installed on the remote Windows host is prior to 131.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2024-46 advisory. - An attacker could, via a specially crafted multipart response, execute arbitrary JavaScript under the...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-42082)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-42082 advisory. - In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN from xdpregmemmodel...

CVE-2024-6980

A verbose error handling issue in the proxy service implemented in the GravityZone Update Server allows an attacker to cause a server-side request forgery. This issue only affects GravityZone Console versions before 6.38.1-5 running only on premise...

Amazon Linux 2 : httpd (ALAS-2024-2594)

The version of httpd installed on the remote host is prior to 2.4.61-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2594 advisory. Encoding problem in modproxy in Apache HTTP Server 2.4.59 and earlier allows request URLs with incorrect encoding to be sen...

CVE-2024-6121 NI SystemLink Server Ships Out of Date Redis Version

An out-of-date version of Redis shipped with NI SystemLink Server is susceptible to multiple vulnerabilities, including CVE-2022-24834. This affects NI SystemLink Server 2024 Q1 and prior versions. It also affects NI FlexLogger 2023 Q2 and prior versions which installed this shared service...

PT-2024-33238 · Progress · Sitefinity

Name of the Vulnerable Software and Affected Versions: Sitefinity versions prior to 15.1.8321.0 Description: The issue allows the user to be redirected to an arbitrary site. Recommendations: For versions prior to 15.1.8321.0, update to a version that contains a fix for this issue. At the moment,...

CVE-2024-2300

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300 HP Advance Mobile Application – Potential Information Disclosure

HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices...

CVE-2024-2300

Technical details are not publicly available in the provided documents. Monitor for updates from HP and security advisories to obtain affected versions, vulnerable components, and remediation steps.

PT-2024-26637 · Analytify · Analytify

Name of the Vulnerable Software and Affected Versions: Analytify versions prior to 5.2.4 Description: A Cross-Site Request Forgery CSRF issue affects Analytify, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations: For versions prior to 5.2.4,...

CVE-2024-3234

The gaizhenbiao/chuanhuchatgpt application is vulnerable to a path traversal attack due to its use of an outdated gradio component. The application is designed to restrict user access to resources within the webassets folder. However, the outdated version of gradio it employs is susceptible to pa...

Amazon Linux 2 : tomcat (ALASTOMCAT9-2024-013)

The version of tomcat installed on the remote host is prior to 9.0.87-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2TOMCAT9-2024-013 advisory. Denial of Service via incomplete cleanup vulnerability in Apache Tomcat. It was possible for WebSocket clients to ke...