PT-2024-35462 · Argo Helm · Argo Helm

Name of the Vulnerable Software and Affected Versions: Argo Helm versions prior to 0.45.0 Description: The issue is related to the workflow-role lacking granularity in its privileges, giving unnecessary permissions to workflowtasksets and workflowartifactgctasks for all workflow Pods. This could...

PT-2024-16620 · WordPress · The Tribute Testimonials

Name of the Vulnerable Software and Affected Versions: The Tribute Testimonials – WordPress Testimonial Grid/Slider plugin versions up to, and including, 1.0.4 Description: The issue is related to Stored Cross-Site Scripting via the plugin's tribute testimonials slider shortcode due to insufficie...

PT-2024-38656 · Special Minds Design · E-Commerce

Name of the Vulnerable Software and Affected Versions: Special Minds Design and Software e-Commerce versions prior to 22.11.2024 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

CVE-2024-52309

SFTPGo CVE-2024-52309 involves the EventManager allowing administrators to execute scripts or commands, which can grant access to the underlying OS/container with the same permissions as the SFTPGo process. The root cause is that command execution could be performed by any admin with script-permi...

PT-2024-33325 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions up to 131.0.2903.48 Description: The Microsoft Edge browser, specifically the Chromium-based version, is affected by a spoofing issue that can be remotely exploited. Users should upgrade Microsoft Edge t...

PT-2024-35726 · Totolink · Totolink A810R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A810R version 4.1.2cu.5182 B20201026 Description: The issue is related to a Buffer Overflow in the downloadFlile.cgi endpoint. This can potentially allow for unauthorized access or execution of malicious code. Recommendations: For...

PT-2024-8878 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 777.4 Description: The issue is related to a command injection vulnerability in the LDAP authentication mechanism, allowing for the execution of arbitrary commands on the server. This can be exploited by a...

PT-2024-35291 · Unknown · Aaron Robbins Post Ideas

Name of the Vulnerable Software and Affected Versions: Aaron Robbins Post Ideas versions n/a through 2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows SQL Injection. This means an attacker can trick a user into performing unintended actions on the web...

PT-2024-10480 · Drupal · Node Export

Name of the Vulnerable Software and Affected Versions: Drupal Node export versions 7.X- through 7.X-3.2 Description: The issue is related to the deserialization of untrusted data in the Node export module of the Drupal CMS, which can lead to object injection. This allows a remote attacker to...

PT-2024-35415

Name of the Vulnerable Software and Affected Versions MyBB version 1.8.38 Description A stored cross-site scripting XSS issue exists in the component installindex.php, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Website Name parameter. This...

PT-2024-8475 · Kubernetes +1 · Kubernetes Kubelet +2

Name of the Vulnerable Software and Affected Versions: Kubernetes kubelet versions through 1.28.11 Kubernetes kubelet versions from 1.29.0 through 1.29.6 Kubernetes kubelet versions from 1.30.0 through 1.30.2 Description: The issue allows arbitrary command execution via specially crafted gitRepo...

PT-2024-34935 · Unknown · Keymaster Chord Notation Free

Name of the Vulnerable Software and Affected Versions: Keymaster Chord Notation Free versions 1.0.2 and earlier Description: The issue affects the Keymaster Chord Notation Free plugin, allowing Stored XSS due to improper neutralization of input during web page generation. This can lead to the...

PT-2024-34992 · Google · Google Visualization Charts

Name of the Vulnerable Software and Affected Versions: Google Visualization Charts versions 0.1 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means an attacker can inject malicious scripts into...

PT-2024-34799 · Unknown · Microkid Custom Author Url

Name of the Vulnerable Software and Affected Versions: Microkid Custom Author URL versions n/a through 2.0.1 Description: A Cross-Site Request Forgery CSRF vulnerability allows Stored XSS. This issue can be exploited to perform malicious actions. Users are advised to update to the latest version ...

PT-2024-34760 · Clyp · Clyp

Name of the Vulnerable Software and Affected Versions: Clyp versions 1.3 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This is a critical reflected XSS vulnerability. Users are urged to...

PT-2024-35416 · D Link · Di-8100

Name of the Vulnerable Software and Affected Versions: DI-8100 version 16.07.26A1 Description: The issue is related to a Buffer Overflow in the ip position asp function, which can be exploited via the ip parameter. Recommendations: For DI-8100 version 16.07.26A1, as a temporary workaround, consid...

PT-2024-35489 · Unknown · Bitcoin Core

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 25.0 Description: The issue allows a peer to affect the download state of other peers by sending a mutated block. This can potentially disrupt the normal functioning of the Bitcoin network. Recommendations: For...

PT-2024-35480 · Unknown · Bitcoin Core

Name of the Vulnerable Software and Affected Versions: Bitcoin Core versions prior to 0.21.0 Description: The issue arises from an integer overflow when calculating the time offset for newly connecting peers, combined with an abs64 logic bug. This can lead to a network split. Recommendations: For...

PT-2024-34453 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Jpress versions prior to 5.1.1 Description: The issue allows for arbitrary file uploads on the Windows platform. This can lead to the construction of non-standard file formats, such as .jsp, which can result in arbitrary command execution...

PT-2024-35275 · W3 Eden · W3 Eden

Name of the Vulnerable Software and Affected Versions: W3 Eden, Inc. Premium Packages versions n/a through 5.9.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...