72 matches found
PT-2025-5363 · Jetbrains · Youtrack
Name of the Vulnerable Software and Affected Versions: JetBrains YouTrack versions prior to 2024.3.55417 Description: The issue is related to the exposure of permanent tokens in logs, potentially allowing an attacker to obtain encrypted user credentials. This could be exploited through the...
PT-2024-9755
Name of the Vulnerable Software and Affected Versions Sophos Firewall versions prior to 21.0 MR1 21.0.1 Description A post-auth code injection vulnerability in the User Portal allows authenticated users to execute code remotely. The issue is related to incorrect code generation management. This...
Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2024-2988)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
SUSE: Security Advisory (SUSE-SU-2024:4205-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
PT-2024-37463 · WordPress · Send Email Only On Reply To My Comment
Name of the Vulnerable Software and Affected Versions: Send email only on Reply to My Comment WordPress plugin versions 1.0.0 through 1.0.6 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before bei...
PT-2024-28337 · Seacms · Seacms
Name of the Vulnerable Software and Affected Versions: SeaCMS versions =12.9 Description: An issue in SeaCMS allows remote attackers to execute arbitrary code via the "admin ping.php" endpoint. This enables attackers to run malicious code on the affected system. Recommendations: For SeaCMS versio...
PT-2024-18814
Name of the Vulnerable Software and Affected Versions MTP application versions prior to SMR Jul-2024 Release 1 Description The issue concerns improper authentication in the MTP application, allowing local attackers to enter MTP mode without proper authentication. Recommendations For versions prio...
PT-2024-23388 · Unknown · Aipost Ai Wp Writer
Name of the Vulnerable Software and Affected Versions: AIpost AI WP Writer versions 3.6.5 and earlier Description: The issue is related to a Missing Authorization vulnerability. This vulnerability affects AIpost AI WP Writer, allowing potential unauthorized access. Recommendations: For versions...
PT-2024-25804 · Node.Js +1 · Node.Js +2
Name of the Vulnerable Software and Affected Versions: @hoppscotch/cli versions prior to 0.8.0 Description: The @hoppscotch/cli is a CLI to run Hoppscotch Test Scripts in CI environments. Prior to version 0.8.0, the @hoppscotch/js-sandbox package provides a Javascript sandbox that uses the Node.j...
PT-2024-18837 · WordPress · Social Media Share Buttons & Social Sharing Icons
Name of the Vulnerable Software and Affected Versions: Social Media Share Buttons & Social Sharing Icons WordPress plugin versions prior to 2.8.9 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html...
PT-2024-22038 · Clarisa · Claris Filemaker Server
Name of the Vulnerable Software and Affected Versions: Claris FileMaker Server versions prior to 20.3.2 Description: The issue is related to a reflected Cross-Site Scripting vulnerability due to an improperly handled parameter in the FileMaker WebDirect login endpoint. This vulnerability was...
PT-2024-23217 · Invision · Invision Community
Name of the Vulnerable Software and Affected Versions: Invision Community versions 4.4.0 through 4.7.15 Description: The issue allows for SQL injection through the store.php file, specifically in the categoryView method of the IPS exusmodulesfrontstore store class. User input passed through the...
CVE-2024-25121 Improper Access Control Persisting File Abstraction Layer Entities via Data Handler in TYPO3
TYPO3 is an open source PHP based web content management system released under the GNU GPL. In affected versions of TYPO3 entities of the File Abstraction Layer FAL could be persisted directly via DataHandler. This allowed attackers to reference files in the fallback storage directly and retrieve...
PT-2024-14931 · Hypr · Hypr Workforce Access
Name of the Vulnerable Software and Affected Versions: HYPR Workforce Access versions prior to 8.7 Description: The issue is related to an Improper Restriction of Operations within the Bounds of a Memory Buffer, which allows Overflow Buffers. This can be exploited in HYPR Workforce Access on...
PT-2023-31376 · Pixelyoursite · The Product Catalog Feed By Pixelyoursite
Name of the Vulnerable Software and Affected Versions: Product Catalog Feed by PixelYourSite versions n/a through 2.1.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a...
PT-2023-29680 · Unknown · Wokamoto Simple Tweet
Name of the Vulnerable Software and Affected Versions: Wokamoto Simple Tweet plugin versions = 1.4.0.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability allows an attacker to inject maliciou...
PT-2023-26405 · Taboola · Taboola
Name of the Vulnerable Software and Affected Versions: Taboola plugin versions = 2.0.1 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that t...
PT-2023-23914 · Tp Link · Archer C55 +1
Name of the Vulnerable Software and Affected Versions: Archer C50 versions prior to Archer C50JP V3 230505 Archer C55 versions prior to Archer C55JP V1 230506 Description: The affected devices use hard-coded credentials to login, which may allow a network-adjacent unauthenticated attacker to...
PT-2023-35412 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.14 through v6.1.11 Description: A potential NULL pointer dereference issue has been identified. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions v5.14...
PT-2023-33701 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.0.16 Description: The issue is related to the pn533 NFC component, where the nfc target is not properly cleared before being used. This could potentially lead to security vulnerabilities, although the actual...