PT-2024-12997 · WordPress · Click To Tweet

Name of the Vulnerable Software and Affected Versions: Click To Tweet versions through 2.0.14 Description: The issue affects the Click To Tweet plugin, allowing exploitation of incorrectly configured access control security levels due to a missing authorization vulnerability. This results in brok...

PT-2024-36214 · Hurrakify · Hurrakify

Name of the Vulnerable Software and Affected Versions: Hurrakify versions n/a through 2.4 Description: A Server-Side Request Forgery SSRF vulnerability is present in Hurrakify, enabling Server Side Request Forgery. This issue allows for the reading of application data. Recommendations: For versio...

PT-2024-12455 · 10Web · Photo Gallery

Name of the Vulnerable Software and Affected Versions: Photo Gallery by 10Web versions 1.8.15 and earlier Description: A broken access control vulnerability has been identified in the WordPress Photo Gallery by 10Web plugin. This issue allows exploiting incorrectly configured access control...

PT-2024-24184 · Rizin · Rizin

Name of the Vulnerable Software and Affected Versions: rizin versions prior to 0.6.3 Description: The issue is related to a buffer overflow that can occur via the create cache bins, read cache accel, and rz dyldcache new buf functions in librz/bin/format/mach0/dyldcache.c. This can potentially le...

PT-2024-17630 · Classcms · Classcms

Name of the Vulnerable Software and Affected Versions: ClassCMS version 4.8 Description: A problematic vulnerability was found in ClassCMS, affecting an unknown functionality of the file /index.php/admin of the component Model Management Page. The manipulation of the URL argument leads to...

PT-2024-17010 · WordPress · Country Blocker

Name of the Vulnerable Software and Affected Versions: Country Blocker plugin for WordPress versions up to, and including, 3.2 Description: The issue is related to Reflected Cross-Site Scripting via the ip parameter due to insufficient input sanitization and output escaping. This allows...

CVE-2024-50585

Users who click on a malicious link or visit a website under the control of an attacker can be infected with arbitrary JavaScript which is running in the context of the "Numerix License Server Administration System Login" nlslogin.jsp page. The vulnerability can be triggered by sending a speciall...

CVE-2024-50585

CVE-2024-50585 affects the Numerix License Server (Numerix, Inc.). Users who click a malicious link or visit an attacker-controlled site can have arbitrary JavaScript executed in the context of the Numerix License Server Administration System Login (nlslogin.jsp) page. The vulnerability can be tr...

WordPress Restrict plugin <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Restrict versions = 2.2.8...

PT-2024-36575 · Siyuan · Siyuan

Name of the Vulnerable Software and Affected Versions: SiYuan versions prior to 3.1.16 Description: SiYuan's /api/template/renderSprig endpoint is vulnerable to Server-Side Template Injection SSTI through the Sprig template engine. Although the engine has limitations, it allows attackers to acces...

WordPress plugin Restrict 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...

PT-2024-17621 · Unknown · Code-Projects Online Class/Exam Scheduling System

Name of the Vulnerable Software and Affected Versions: code-projects Online Class and Exam Scheduling System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /pages/subject update.php. The manipulation of the id argument leads to...

PT-2024-9461 · Teamviewer · Teamviewer Patch & Asset Management

Name of the Vulnerable Software and Affected Versions: TeamViewer Patch & Asset Management versions prior to 24.12 Description: The issue is related to insufficient permissions in the TeamViewer Patch & Asset Management component, which allows a local authenticated user to delete arbitrary files...

CVE-2024-11106 Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-11106 Simple Restrict <= 1.2.7 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure

The Simple Restrict plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.2.7 via the WordPress core search feature. This makes it possible for unauthenticated attackers to extract sensitive data from posts that have been restricted to...

CVE-2024-11106

CVE-2024-11106 affects the Simple Restrict WordPress plugin, exposing sensitive data from restricted posts unauthenticated via WordPress core search in all versions up to 1.2.7. Red Hat and Wordfence entries confirm the vulnerability and its impact; remediation is to upgrade to 1.2.7+ (patched).

PT-2024-9726 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. This cou...

WordPress plugin Simple Restrict 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2024-9906 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to insufficient protection of the web page structure in Adobe Experience Manager, which could allow a remote attacker to execute arbitrary code...

PT-2024-9904 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious...