PT-2025-2948 · Elastic · Kibana

Name of the Vulnerable Software and Affected Versions: Kibana affected versions not specified Description: An allocation of resources without limits or throttling in Kibana can lead to a crash caused by a specially crafted request to "/api/metrics/snapshot". This can be carried out by users with...

PT-2024-8600 · Apache · Apache Ofbiz

Name of the Vulnerable Software and Affected Versions: Apache OFBiz versions prior to 18.12.17 Description: The issue is related to Server-Side Request Forgery SSRF and Improper Control of Generation of Code 'Code Injection' vulnerability in Apache OFBiz. This vulnerability may allow a remote...

PT-2024-35236 · Unknown · Halyra Cdi

Name of the Vulnerable Software and Affected Versions: Halyra CDI versions n/a through 5.5.3 Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in Halyra CDI. This allows for the upload of files with dangerous types. Recommendations: For versions...

PT-2024-34379 · Java Shop · Java Shop

Name of the Vulnerable Software and Affected Versions: java shop version 1.0 Description: The issue allows attackers to obtain sensitive information of users with different IDs by modifying the ID parameter. This is due to an Incorrect Access Control flaw. Recommendations: For java shop version...

PT-2024-34381 · Crmeb · Crmeb

Name of the Vulnerable Software and Affected Versions: CRMEB versions prior to 5.4.0 Description: The issue allows users to bypass the front-end restriction of only being able to claim coupons once. This can be achieved by capturing packets and sending a large number of data packets for coupon...

PT-2024-17577 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyload/pyload version 0.5.0 Description: An open redirection vulnerability exists due to improper handling of the next parameter in the login functionality. This allows an attacker to redirect users to malicious sites, potentially leading to...

PT-2024-16857 · Sourcecodester · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability has been found in the Inventory Page component, specifically in the file /oews/classes/Master.php?f=save product. The manipulation of the brand argument leads to...

PT-2024-9632 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to insufficient protection of the web page structure in Adobe Experience Manager, allowing a remote attacker to execute arbitrary code. This is a stored...

PT-2024-31238 · Unknown · Nus-M9 Erp Management

Name of the Vulnerable Software and Affected Versions: NUS-M9 ERP Management Software version 3.0.0 Description: An arbitrary file download issue in the /Doc/DownloadFile component allows attackers to download arbitrary files and access sensitive information via a crafted interface request...

PT-2024-10981 · Chatwoot · Chatwoot

Name of the Vulnerable Software and Affected Versions: chatwoot/chatwoot versions prior to 2.6 Description: A stored cross-site scripting XSS vulnerability was discovered, affecting the profile settings when a user uploads an SVG file containing a malicious XSS payload. When the avatar is opened ...

PT-2024-10112 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a SQL injection vulnerability in the ticket form of GLPI, a free asset and IT management software package. An authenticated user can exploit this vulnerability, potentially...

PT-2024-10105 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a lack of protection of the web page structure in the GLPI system, which can be exploited by a remote attacker to conduct a cross-site scripting XSS attack. Specifically, an...

PT-2024-10108 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to a reflected XSS vulnerability located in the Cable form of GLPI, an open-source asset and IT management software package. This vulnerability can be exploited by an...

PT-2024-35357 · Unknown · Budget Control Gateway

Name of the Vulnerable Software and Affected Versions: Budget Control Gateway versions prior to 1.5.2 Description: The Budget Control Gateway acts as an entry point for incoming requests and routes them to the appropriate microservices for Budget Control. It does not properly validate auth tokens...

PT-2024-9631 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability. An attacker could exploit this to inject malicious scripts into vulnerable form fields, allowing...

PT-2024-10106 · Glpi +1 · Glpi +1

Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.17 Description: The issue is related to the lack of protection of the web page structure in GLPI, allowing for a remote attacker to conduct a cross-site scripting XSS attack. An authenticated user can bypass access...

PT-2024-16867 · Unknown · Code-Projects Farmacia

Name of the Vulnerable Software and Affected Versions: code-projects Farmacia version 1.0 Description: A problematic issue has been found in the processing of the file /fornecedores.php, leading to cross-site scripting. The attack may be initiated remotely. Recommendations: For code-projects...

PT-2024-8246

Name of the Vulnerable Software and Affected Versions GeoVision GV-VS12 versions GeoVision GV-VS11 versions GeoVision GV-DSP LPR V3 versions GeoVision GVLX 4 V2 versions GeoVision GVLX 4 V3 versions Description The issue is related to an OS Command Injection vulnerability in certain end-of-life E...

PT-2024-16666 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.107 Description: The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted...

PT-2024-34432 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A SQL Injection issue was discovered in the /admin/teachers.php file of the KASHIPARA E-learning Management System Project. The firstname and lastname parameters are...