PT-2024-9571 · Ruijie · Ruijie Reyee Os

Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x through 2.320.x Description: The issue is related to the Ruijie MQTT broker in Ruijie Reyee OS, where an attacker could subscribe to partial possible topics and receive partial messages being sent to and from...

PT-2024-16954 · WordPress · Advanced File Manager

Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to and including 5.2.10 Description: The issue arises from missing file type validation via the 'class fma connector.php' file, allowing authenticated attackers with Subscriber-level acce...

PT-2024-32986 · Aedes · Aedes

Name of the Vulnerable Software and Affected Versions: aedes version 0.51.2 Description: An issue in aedes allows attackers to cause a Denial of Service DoS via a crafted request. Recommendations: For aedes version 0.51.2, consider restricting access to the service to minimize the risk of...

PT-2024-36062 · Microsoft +1 · Windows 11 +2

Name of the Vulnerable Software and Affected Versions: Kolide Agent versions 1.5.3 through 1.12.2 Description: An implementation bug in the Kolide Agent allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced when the launcher started storing upgraded...

PT-2024-35983

Name of the Vulnerable Software and Affected Versions: Victure RX1800 WiFi 6 Router version EN V1.0.0 r12 110933 Description: An issue was discovered in Victure RX1800 WiFi 6 Router devices, where certain "/cgi-bin/luci/admin" endpoints are vulnerable to command injection. Attackers can exploit...

PT-2024-35837 · Unknown · Plumeria Web Design Blizzard Quotes

Name of the Vulnerable Software and Affected Versions: Plumeria Web Design Blizzard Quotes versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform unauthorized actions on the website. The estimat...

PT-2024-35032 · Unknown · What Would Seth Godin Do

Name of the Vulnerable Software and Affected Versions: What Would Seth Godin Do versions prior to 2.1.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject malicious...

PT-2024-35298 · Templines · Templines Tm Islamic Helper

Name of the Vulnerable Software and Affected Versions: Templines TM Islamic Helper versions 1.0.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This enables malicious script...

PT-2024-35869 · Unknown · Arca Payment Gateway

Name of the Vulnerable Software and Affected Versions: ArCa Payment Gateway versions 1.3.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicio...

PT-2024-35902 · Advance · Advanced

Name of the Vulnerable Software and Affected Versions: Advanced What should we write next about versions n/a through 1.0.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions o...

PT-2024-35778 · Freepbx · Freepbx

Name of the Vulnerable Software and Affected Versions: FreePBX version 17.0.19.17 Description: A vulnerability was discovered in FreePBX, allowing high-privilege administrators to insert unwanted files due to a lack of verification of the type of uploaded files. This issue can be exploited for...

PT-2024-35860 · Unknown · Maeve Lander Paypal Responder

Name of the Vulnerable Software and Affected Versions: Maeve Lander PayPal Responder versions n/a through 1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-35847 · Unknown · Cool Plugins Cryptocurrency Widgets For Elementor

Name of the Vulnerable Software and Affected Versions: Cool Plugins Cryptocurrency Widgets For Elementor versions 1.6.4 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which...

PT-2024-35896 · Unknown · Ni Woocommerce Cost Of Goods

Name of the Vulnerable Software and Affected Versions: Ni WooCommerce Cost Of Goods versions 3.2.8 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, which can be...

PT-2024-35899 · Elementor · Codeless Cowidgets – Elementor Addons

Name of the Vulnerable Software and Affected Versions: Codeless Cowidgets – Elementor Addons versions prior to 1.2.0 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This enables attackers to inject...

PT-2024-35874 · Unknown · Best Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Best Addons for Elementor versions 1.0.0 through 1.0.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS, where an attacker can...

PT-2024-31662 · Unknown · Fieldserver Gateway

Name of the Vulnerable Software and Affected Versions: MSA FieldServer Gateway versions 5.0.0 through 6.5.2 Description: The issue allows cross-origin WebSocket hijacking. This means that an attacker can potentially hijack WebSocket connections from a different origin, which could lead to...

PT-2024-9173 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.52635 Description: The issue is related to a potential spoofing attack due to the lack of Punycode encoding in JetBrains YouTrack. This could allow a remote attacker to conduct spoofing attacks. The...

PT-2024-26462 · FFmpeg +3 · Ffmpeg +3

Name of the Vulnerable Software and Affected Versions: FFmpeg version 6.1.1 Description: The issue is an Out-of-bounds Read via libavcodec/ppc/vp8dsp altivec.c, specifically affecting the h subpel filters outer variable. This is a general information about the problem, and no estimated number of...

PT-2024-27094 · Zulip · Zulip

Name of the Vulnerable Software and Affected Versions: Zulip versions 8.0 through 8.3 Description: The issue is related to a memory leak vulnerability in the handling of popovers. This vulnerability occurs in the specified versions of Zulip. Recommendations: For versions 8.0 through 8.3, update t...