PT-2024-9180 · Jetbrains · Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.51866 Description: The issue is related to the absence of an authorization procedure when handling a query parameter, allowing an unauthenticated database backup download. This could enable a remote...

PT-2024-9170 · Jetbrains · Jetbrains Youtrack

Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.52635 Description: The issue is related to an uncontrolled modification of object prototype attributes in the data merge functions of JetBrains YouTrack. This can allow a remote attacker to implemen...

PT-2024-17364 · Guangzhou Huayi Intelligent Technology · Jeewms

Name of the Vulnerable Software and Affected Versions: Guangzhou Huayi Intelligent Technology Jeewms version 3.7 Description: A problematic issue affects the function preHandle of the file src/main/java/com/zzjee/wm/controller/WmOmNoticeHController.java. The manipulation of the argument request...

PT-2024-27975 · Tellus +1 · Tellus +1

Name of the Vulnerable Software and Affected Versions: TELLUS versions 4.0.19.0 and earlier TELLUS Lite versions 4.0.19.0 and earlier Description: The issue is an Out-of-bounds read vulnerability. If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be...

PT-2024-9655 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 11.4.7 and earlier Adobe Connect version 12.6 Description: The issue is related to insufficient protection of the web page structure, allowing a remote attacker to execute arbitrary code. This is a reflected Cross-Site...

PT-2024-33673 · Unknown · Plexripper

Name of the Vulnerable Software and Affected Versions: PlexRipper versions prior to 0.24.0 Description: PlexRipper's open CORS policy allows attackers to gain sensitive information by getting the user to access the attacker's domain. This enables an attacking website to access the...

PT-2024-16698 · WordPress · Internal Linking For Seo Traffic & Ranking – Auto Internal Links

Name of the Vulnerable Software and Affected Versions: Internal Linking for SEO traffic & Ranking – Auto internal links plugin for WordPress versions up to 1.2.1 Description: The issue is related to a time-based SQL Injection vulnerability via the post id parameter. This vulnerability is caused b...

PT-2024-17301 · Devolutions · Devolutions.Xts.Net

Name of the Vulnerable Software and Affected Versions: Devolutions.XTS.NET versions 2024.11.19 and earlier Description: The issue concerns a non-constant time cryptographic operation, which can be exploited via timing attacks. This allows an attacker to render half of the encryption key obsolete...

PT-2024-9656 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 11.4.7 and earlier Adobe Connect version 12.6 Description: The issue is related to insufficient protection of the web page structure, allowing for a reflected Cross-Site Scripting XSS attack. If an attacker can convince...

PT-2024-35970

Name of the Vulnerable Software and Affected Versions Mongoose versions prior to 8.8.3 Description The issue is related to the improper use of the $where operator in Mongoose, which can lead to search injection and potentially allow a remote attacker to execute arbitrary code and gain read and...

PT-2024-9149 · Fuji Electric · Fuji Electric Tellus Lite V-Simulator 5

Name of the Vulnerable Software and Affected Versions: Fuji Electric Tellus Lite V-Simulator 5 version V8 Description: The issue is a remote code execution vulnerability that allows attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. This is due to a lack o...

PT-2024-16373 · WordPress · Cleantalk

Name of the Vulnerable Software and Affected Versions: Security & Malware scan by CleanTalk plugin for WordPress versions up to, and including, 2.145 Description: The issue is related to unauthorized SQL Injection due to an authorization bypass via reverse DNS spoofing on the checkWithoutToken...

PT-2024-9489

Name of the Vulnerable Software and Affected Versions: Advantech EKI-6333AC-2G versions 1.6.3 and earlier Advantech EKI-6333AC-2GD versions 1.6.3 and earlier Advantech EKI-6333AC-1GPO versions 1.2.1 and earlier Description: The issue exists due to the lack of neutralization of special elements us...

PT-2024-8866 · Microsoft · Dynamics 365 Sales

Name of the Vulnerable Software and Affected Versions: Microsoft Dynamics 365 Sales versions prior to 3.24104.15 Description: The issue concerns a spoofing vulnerability in Microsoft Dynamics 365 Sales. This vulnerability may allow a remote attacker to perform a spoofing attack by not taking...

PT-2024-35784 · Unknown · Masterstack Imgcap

Name of the Vulnerable Software and Affected Versions: masterstack imgcap version 0.0.1 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the "/submit" endpoint. Recommendations: For masterstack imgcap version 0.0.1, as a temporary workaround, consider...

PT-2024-35694 · Boidcms · Boidcms

Name of the Vulnerable Software and Affected Versions: BoidCMS versions prior to 2.1.2 Description: A reflected Cross-site Scripting XSS issue exists in the "admin?page=media" endpoint, specifically in the file parameter, allowing an attacker to inject arbitrary JavaScript code. This could lead t...

PT-2024-11584 · Ipp · Ipp

Name of the Vulnerable Software and Affected Versions: IPP software versions prior to 1.71 Description: The issue is related to a default credential vulnerability. This could lead attackers to identify and access vulnerable systems. Recommendations: For versions prior to 1.71, update to version...

PT-2024-9959

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 133 Thunderbird versions prior to 133 Description: The issue is related to the lack of thread synchronization primitives, which could lead to a data race on members of the PlaybackParams structure. This could...

PT-2024-15279 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 4.60 Description: A critical issue affects the unknown code of the file /dataSet/resolveSql, where the manipulation of the sql argument leads to sql injection. The attack can be initiated remotely. Upgrading to version...

PT-2024-28098 · Synology · Notes Station

Name of the Vulnerable Software and Affected Versions: Notes Station 3 versions prior to 3.9.7 Description: An OS command injection issue has been reported, which could allow remote authenticated attackers to execute commands if exploited. Recommendations: For versions prior to 3.9.7, update to...