PT-2023-6494 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.4 WS FTP Server versions prior to 8.8.2 Description: A SQL injection vulnerability exists in the WS FTP Server manager interface. An attacker may be able to infer information about the structure and content...

WordPress plugin List 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL. WordPress plugin is an application plugin. A cross-site scripting vulnerabili...

UnRAR Backlink Vulnerability

UnRAR is a command that decompresses files with rar extension. A security vulnerability exists in UnRAR versions prior to 6.2.3. An attacker exploited the vulnerability to extract files outside the target folder via symbolic links...

GARO Wallbox GLB/GTB/GTC 安全漏洞

The GARO Wallbox GLB/GTB/GTC is an electric vehicle charger from the Swedish company GARO. A security vulnerability exists in versions prior to GARO Wallbox GLB/GTB/GTC v189, which stems from an insecure permission in the settings page that allows an attacker to redirect the user to a crafted...

CVE-2022-43940

Hitachi Vantara Pentaho Business Analytics Server versions before 9.4.0.1 and 9.3.0.2, including 8.3.x do not correctly perform an authorization check in the data source management service...

PT-2023-4735 · Unknown +2 · @Cyprus/Request +2

Name of the Vulnerable Software and Affected Versions: Request package versions through 2.88.1 @cyprus/request package versions prior to 3.0.0 Description: The issue is related to insufficient validation of incoming requests, allowing a remote attacker to bypass SSRF mitigations via an...

SUSE CVE-2020-5235

There is a potentially exploitable out of memory condition In Nanopb before 0.4.1, 0.3.9.5, and 0.2.9.4. When nanopb is compiled with PBENABLEMALLOC, the message to be decoded contains a repeated string, bytes or message field and realloc runs out of memory when expanding the array nanopb can end...

PT-2022-24153 · Aruba · Aruba Edgeconnect Enterprise

Name of the Vulnerable Software and Affected Versions: Aruba EdgeConnect Enterprise Software versions 9.2.1.0 and below Aruba EdgeConnect Enterprise Software versions 9.1.3.0 and below Aruba EdgeConnect Enterprise Software versions 9.0.7.0 and below Aruba EdgeConnect Enterprise Software versions...

PT-2022-21760 · Rdiffweb · Rdiffweb

Name of the Vulnerable Software and Affected Versions: rdiffweb versions prior to 2.5.0a6 Description: The issue concerns a missing authentication for a critical function in the GitHub repository ikus060/rdiffweb. Recommendations: For versions prior to 2.5.0a6, update to version 2.5.0a6 or later ...

Pycord 安全漏洞

Pycord is a modern, easy-to-use, feature-rich, asynchronous-ready API wrapper open-sourced by Pycord Development. A security vulnerability exists in Pycord versions prior to 2.0.1 that stems from allowing a user to remotely shut down a bot running on pycord by adding it to a discordant server wit...

PT-2022-4536 · Unknown · Prestashop

Name of the Vulnerable Software and Affected Versions: PrestaShop versions 1.6.0.10 through 1.7.x before 1.7.8.2 Description: The issue is related to a lack of protection against SQL injection attacks, allowing remote attackers to execute arbitrary code. This vulnerability has been exploited in t...

GHSA-XGCP-59G2-WM8G Magento 2 Community Edition Insecure Component

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

Magento 2 Community Edition Insecure Component

An insecure component vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. Magento 2 codebase leveraged outdated versions of HTTP specification abstraction implemented in symphony component...

Code injection

A CWE-326: Inadequate Encryption Strength vulnerability exists that could cause non-encrypted communication with the server when outdated versions of the ViewX client are used. Affected Product: ClearSCADA All Versions, EcoStruxure Geo SCADA Expert 2019 All Versions, EcoStruxure Geo SCADA Expert...

MediaWiki 跨站脚本漏洞

MediaWiki is a free and free-to-use web-based wiki engine from the US-based MediaWiki Foundation. The product can be used to deploy internal knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki 1.37 and earlier versions, which stems from th...

django-saas-email (>=0.1.21 <=0.1.29), geonode (=3.3.3) +4 more potentially affected by CVE-2024-21910 via django-tinymce (>=1.5.1b4 <=3.3.0)

django-tinymce PYPI version =1.5.1b4, =0.1.21, =0.1.3.2, =0.3.0, =0.5.2 - zinnia-wysiwyg-tinymce =1.4.0 Source cves: CVE-2024-21910 Source advisory: OSV:GHSA-R8HM-W5F7-WJ39...

PVS 1912:Unable to merge vdisk "vDisk versions are not up to date on all Servers that access this vDisk. Update all "

Unable to merge the old versions of vdisk. Error message when we attempt merge: "vDisk versions are not up to date on all Servers that access this vDisk. Update all Servers with the lastest versions of the vDisk files"...

125softnlp (=0.0.1), a2 (>=0.10.11 <=0.10.13) +4761 more potentially affected by CVE-2021-37683 via tensorflow (>=1.0.1 <=2.3.2)

tensorflow PYPI version =1.0.1, =0.10.11, =0.1.0, =0.0.0, =0.6.0, =0.1.6, =1.0.0, =0.0.1, =0.2.0, =0.6.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2021-37683 Source advisory: OSV:GHSA-RHRQ-64MQ-HF9H...

PT-2021-6499

Name of the Vulnerable Software and Affected Versions datatables.net versions prior to 1.11.3 Description The issue is related to the incorrect handling of an array in the input data by the DataTables plugin, which can allow a remote attacker to compromise data integrity. If an array is passed to...

Docker path traversal vulnerability

Docker is an open source application container engine from the American company Docker. It supports creating a container lightweight virtual machine and deploying and running applications on Linux systems, as well as automating the installation, deployment and upgrade of applications through...