PT-2024-29553 · Ibm · Ibm Cognos Analytics

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics versions 11.2.0 through 11.2.4 IBM Cognos Analytics versions 12.0.0 through 12.0.3 Description: The issue concerns an HTML injection vulnerability. A remote attacker could inject malicious HTML code, which when viewed,...

PT-2024-11634 · Microsoft · Windows 11 +1

Name of the Vulnerable Software and Affected Versions: Windows 11 version 10.0.22000.593 Windows Server 2022 version 10.0.20348.643 Description: An access violation vulnerability exists in the DirectComposition functionality of the win32kbase.sys driver. A specially-crafted set of syscalls can le...

PT-2024-36638 · Ydesignservices · Yds Support Ticket System

Name of the Vulnerable Software and Affected Versions: ydesignservices YDS Support Ticket System versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, allowing attackers to execute malicious SQL commands. This is due to the improper neutralization of specia...

PT-2024-9736

Name of the Vulnerable Software and Affected Versions FortiManager versions 7.6.0, 7.4.4 and below, 7.2.7 and below, 7.0.12 and below, 6.4.14 and below FortiManager Cloud versions 7.4.4 and below, 7.2.7 to 7.2.1, 7.0.12 to 7.0.1 Description The issue is related to an Improper Neutralization of...

PT-2024-33694 · Ibm · Ibm Security Guardium Key Lifecycle Manager

Name of the Vulnerable Software and Affected Versions: IBM Security Guardium Key Lifecycle Manager versions 4.1 through 4.2.1 Description: The issue concerns the storage of user credentials in configuration files by IBM Security Guardium Key Lifecycle Manager. These credentials can be accessed by...

PT-2024-36274 · Unknown · Phuc Pham Multiple Admin Emails

Name of the Vulnerable Software and Affected Versions: Phuc Pham Multiple Admin Emails versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This affects the multiple admin emails functionality...

PT-2024-36318 · Unknown · Aphorismus

Name of the Vulnerable Software and Affected Versions: Aphorismus versions 1.2.0 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2024-17338 · WordPress · Animated Counters

Name of the Vulnerable Software and Affected Versions: Animated Counters plugin for WordPress versions up to, and including, 2.0 Description: The Animated Counters plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'animatedcounte' shortcode due to insufficient inp...

PT-2024-36628 · Unknown · Site Intel

Name of the Vulnerable Software and Affected Versions: Critical Site Intel versions n/a through 1.0 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for SQL Injection, which can be exploited...

PT-2024-36650 · Dreamfox Media · Dreamfox Media Payment Gateway Per Product For Woocommerce

Name of the Vulnerable Software and Affected Versions: Dreamfox Media Payment gateway per Product for Woocommerce versions 3.5.6 and earlier Description: The issue is related to a missing authorization vulnerability in the Dreamfox Media Payment gateway per Product for Woocommerce, which allows...

PT-2024-36641 · Unknown · Navayan Csv Export

Name of the Vulnerable Software and Affected Versions: Navayan CSV Export versions 1.0.9 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, allowing Blind SQL Injection. This problem enables attackers to inject malicious SQL...

PT-2024-36481 · Unknown · Online Nurse Hiring System

Name of the Vulnerable Software and Affected Versions: Online Nurse Hiring System version 1.0 Description: A SQL injection issue was discovered in the /admin/profile.php component through the fullname parameter. This allows for potential exploitation. Recommendations: For Online Nurse Hiring Syst...

PT-2024-36658 · Unknown · Alex W Fowler Easy Site Importer

Name of the Vulnerable Software and Affected Versions: Alex W Fowler Easy Site Importer versions n/a through 1.0.1 Description: The issue is related to a missing authorization vulnerability in Alex W Fowler Easy Site Importer, which allows exploiting incorrectly configured access control security...

PT-2024-36311 · Evernote · Evernote Sync

Name of the Vulnerable Software and Affected Versions: Evernote Sync versions prior to 3.0.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows reflected XSS. Recommendations: For versions prior to...

PT-2024-17708 · Unknown · Invoiceplane

Name of the Vulnerable Software and Affected Versions: InvoicePlane versions up to 1.6.1 Description: A vulnerability was found in InvoicePlane, affecting some unknown functionality of the file /invoices/view. The manipulation leads to session expiration. The attack may be launched remotely, with...

PT-2024-17310 · WordPress · Glomex Oembed Plugin

Name of the Vulnerable Software and Affected Versions: glomex oEmbed plugin for WordPress versions prior to 0.9.1 Description: The glomex oEmbed plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's glomex integration shortcode due to insufficient input sanitization a...

PT-2024-36189 · Unknown · Cryptocurrency Price Widget

Name of the Vulnerable Software and Affected Versions: Cryptocurrency Price Widget versions n/a through 1.2.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in the Cryptocurrency Pric...

PT-2024-9594 · Dell · Dell Emc Recoverpoint For Vms

Name of the Vulnerable Software and Affected Versions: Dell RecoverPoint for VMs versions 6.0.x Description: The issue is related to the use of a broken or risky cryptographic algorithm in the SSH component. An unauthenticated attacker with remote access could potentially exploit this, leading to...

PT-2024-17243 · WordPress · Newsmanapp

Name of the Vulnerable Software and Affected Versions: NewsmanApp plugin for WordPress versions up to, and including, 2.7.6 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'newsman subscribe widget' shortcode due to insufficient input sanitization and output...

PT-2024-12829 · Unknown +1 · Accordion Slider +1

Name of the Vulnerable Software and Affected Versions: Accordion and Accordion Slider versions 1.2.4 and earlier Description: The issue affects the Accordion and Accordion Slider plugin due to missing authorization, allowing exploitation of incorrectly configured access control security levels...