PT-2024-17562 · Sourcecodester · Sourcecodester Phone Contact Manager System

Name of the Vulnerable Software and Affected Versions: SourceCodester Phone Contact Manager System version 1.0 Description: The issue is related to insufficient input validation, which can allow an attacker to execute arbitrary code. It affects the function UserInterface::MenuDisplayStart of the...

PT-2024-17356 · WordPress · 워드프레스 결제 심플페이 – 우커머스 결제 플러그인

Name of the Vulnerable Software and Affected Versions: 워드프레스 결제 심플페이 – 우커머스 결제 플러그인 plugin for WordPress versions up to, and including, 5.2.2 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...

PT-2024-34758 · WordPress · Wordpress Auction Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Auction Plugin versions n/a through 3.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2024-36091 · WordPress · Wordpress Page Builder – Zion Builder

Name of the Vulnerable Software and Affected Versions: WordPress Page Builder – Zion Builder versions 3.6.12 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS, where an...

PT-2024-35919 · Brandtoss · Wp Mailster

Name of the Vulnerable Software and Affected Versions: WP Mailster versions 1.8.16.0 and earlier Description: The issue is related to a Missing Authorization vulnerability in brandtoss WP Mailster, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

PT-2024-36094

Name of the Vulnerable Software and Affected Versions: ARForms versions n/a through 6.4.1 Description: The issue is related to a Path Traversal vulnerability, specifically a '.../...//' vulnerability, which affects Repute InfoSystems ARForms. This allows for Path Traversal. Recommendations: For...

PT-2024-36412 · Ubiquiti · Ubiquiti U7-Pro

Name of the Vulnerable Software and Affected Versions: Ubiquiti U7-Pro version 7.0.35 Description: A hardcoded password vulnerability was discovered in /etc/shadow, which allows attackers to log in as root. However, the supplier disputes this claim, stating that the device cannot be deployed...

PT-2024-36411 · Wavlink · Wavlink Wn531P3

Name of the Vulnerable Software and Affected Versions: WAVLINK WN531P3 version 202383 Description: A hardcoded password vulnerability was discovered in /etc/shadow, allowing attackers to log in as root. This issue enables unauthorized access to the system with elevated privileges. Recommendations...

PT-2025-3130 · Acronis · Acronis Cyber Protect 16

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect 16 Windows versions before build 39169 Description: The issue is related to a local privilege escalation due to a DLL hijacking vulnerability. This vulnerability allows for local privilege escalation in affected products...

PT-2024-35911 · Unknown · Beaver Builder

Name of the Vulnerable Software and Affected Versions: Beaver Builder versions through 2.8.4.3 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means that an attacker can inject malicious scripts...

PT-2024-16921 · WordPress · Smart Popup Blaster

Name of the Vulnerable Software and Affected Versions: Smart PopUp Blaster plugin for WordPress versions up to, and including, 1.4.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'spb-button' shortcode due to insufficient input sanitization and output escaping ...

PT-2024-9403 · Siemens · Syngo.Plaza

Name of the Vulnerable Software and Affected Versions: syngo.plaza VB30E versions prior to VB30E HF05 Description: The issue is related to the lack of protection of the SQL query structure, allowing an attacker to execute arbitrary SQL code and compromise the database. The affected application do...

PT-2024-9243 · Documenso · Documenso

Name of the Vulnerable Software and Affected Versions: Documenso versions through 1.8.0 Documenso SaaS Hosted as of 2024-12-05 Description: The issue is related to the User Interface UI Misrepresentation of Critical Information in Documenso, allowing Content Spoofing. The displayed version does n...

PT-2024-27792 · Open Robotics · Ros2 +1

Name of the Vulnerable Software and Affected Versions: Open Robotics Robotic Operating System 2 ROS2 and Nav2 humble versions Description: The issue is a buffer overflow that occurs via the nav2 amcl process. This is triggered by sending a crafted .yaml file. Recommendations: For Open Robotics...

PT-2024-9186 · Abb · Abb Aspect +2

Name of the Vulnerable Software and Affected Versions: ABB ASPECT - Enterprise version 3.08.02 NEXUS Series version 3.08.02 MATRIX Series version 3.08.02 Description: The issue is related to Denial of Service vulnerabilities, which could potentially cause device service disruptions. It is...

PT-2024-35743 · Whapa · Whapa

Name of the Vulnerable Software and Affected Versions: whapa version 1.59 Description: The issue concerns command injection via a crafted filename in the HTML reports component. This allows for potential exploitation through manipulated file names. Recommendations: For whapa version 1.59, conside...

PT-2024-9438 · I O Data Device · Ud-Lt1/Ex +1

Name of the Vulnerable Software and Affected Versions: I-O Data Device UD-LT1 versions 2.1.9 and earlier I-O Data Device UD-LT1/EX versions 2.1.9 and earlier Description: The issue allows a remote authenticated attacker with an administrative account to execute arbitrary OS commands. This is due ...

PT-2024-17478 · Unknown · 1000 Projects Library Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Library Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Library Management System, affecting an unknown function of the file /showbook.php. The manipulation of the q argument leads...

PT-2024-28393 · Aginode · Aginode Gigaswitch V5

Name of the Vulnerable Software and Affected Versions: Aginode GigaSwitch V5 versions prior to 7.06G Description: The issue allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities. This can be do...

PT-2024-17472 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A vulnerability has been found in DedeCMS, affecting an unknown function of the file /member/article add.php. The manipulation of the body argument leads to cross-site scripting. It is possible to launch t...