8 matches found
PT-2025-41466
Name of the Vulnerable Software and Affected Versions Newforma Info Exchange affected versions not specified Description Newforma Info Exchange accepts serialized .NET data via the /remoteweb/remote.rem API endpoint without proper validation. This allows a remote, unauthenticated attacker to...
PT-2024-6467 · Totolink · Totolink X6000R
Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.852 20230719 Description: A critical issue has been found in the TOTOLINK X6000R, affecting the function setSyslogCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument rtLogServer leads to...
PT-2024-25229 · Kubevirt +1 · Kubevirt +1
Name of the Vulnerable Software and Affected Versions: kubevirt versions 1.2.0 and earlier Description: The issue allows a local attacker to execute arbitrary code via a crafted command to get the token component. This can be done by sending a crafted command to the /kubevirt.io/kubevirt API...
PT-2024-2265 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue affects the formSetDeviceName function of the /goform/SetOnlineDevName file, leading to a stack-based buffer overflow when the devName or mac argument is manipulated. This can be...
PT-2023-27874 · Plixer · Plixer Scrutinizer
Name of the Vulnerable Software and Affected Versions: Plixer Scrutinizer versions prior to 19.3.1 Description: An issue was discovered in the /fcgi/scrut fcgi.fcgi endpoint. The csvExportReport endpoint action generateCSV does not require authentication, allowing an unauthenticated user to expor...
PT-2023-11500 · Unknown · Chaoji Cms
Name of the Vulnerable Software and Affected Versions: Chaoji CMS version 2.18 Description: A stored cross site scripting XSS issue allows attackers to execute arbitrary code via the "/index.php?admin-master-webset" API endpoint. This enables attackers to inject malicious scripts into the...
PT-2022-18237 · Zbzcms · Zbzcms
Name of the Vulnerable Software and Affected Versions: zbzcms version 1.0 Description: The issue is related to incorrect access control at the /admin/run ajax.php endpoint, allowing attackers to add administrator accounts arbitrarily. Recommendations: For zbzcms version 1.0, as a temporary...
PT-2021-6290 · Adobe · Magento Commerce
Name of the Vulnerable Software and Affected Versions: Magento Commerce versions 2.4.2 and earlier Magento Commerce versions 2.4.2-p1 and earlier Magento Commerce versions 2.3.7 and earlier Description: The issue exists due to insufficient input validation in the Magento Commerce platform, allowi...