PT-2024-6208 · Unknown +2 · Hdf5 Library +2

Name of the Vulnerable Software and Affected Versions: HDF5 Library versions prior to 1.14.4 Description: The issue is related to the function H5E printf stack in the file H5Eint.c of the HDF5 Library, which is associated with uncontrolled recursion. This can lead to stack consumption. Exploitati...

PT-2024-25111 · Tencent · Tencent Libpag

Name of the Vulnerable Software and Affected Versions: Tencent Libpag version 4.3 Description: The issue allows a user to send a crafted image to trigger a buffer overflow, which can lead to remote code execution. Recommendations: For Tencent Libpag version 4.3, update to a version that fixes the...

PT-2024-24764 · Unknown · Shared Files

Name of the Vulnerable Software and Affected Versions: Shared Files versions 1.7.16 and earlier Description: The issue is related to a Missing Authorization vulnerability in Shared Files PRO Shared Files. Recommendations: For versions 1.7.16 and earlier, update to a version that includes the fix...

PT-2024-24425 · Paystack · Payment Forms For Paystack

Name of the Vulnerable Software and Affected Versions: Paystack Payment Forms for Paystack versions 3.4.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS, where an attacker...

PT-2024-24561 · Unknown · Wp All Import

Name of the Vulnerable Software and Affected Versions: WP All Import Import Users from CSV versions 1.2 and earlier Description: The issue is related to Deserialization of Untrusted Data, which affects the Import Users from CSV functionality. Recommendations: For versions 1.2 and earlier, update ...

PT-2024-24283 · Woocommerce · Currency Per Product For Woocommerce

Name of the Vulnerable Software and Affected Versions: Currency per Product for WooCommerce versions 1.6.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user without their knowledge or consent...

PT-2024-24067 · Data443 · Data443 Inline Related Posts

Name of the Vulnerable Software and Affected Versions: Data443 Inline Related Posts versions 3.3.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...

PT-2024-24443 · Ghozylab · Ghozylab Easy Contact Form Lite

Name of the Vulnerable Software and Affected Versions: GhozyLab Easy Contact Form Lite versions 1.1.23 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for Stored XSS in the GhozyLab Eas...

PT-2024-21420 · Livemesh · Elementor Addons

Name of the Vulnerable Software and Affected Versions: Elementor Addons by Livemesh plugin for WordPress versions up to, and including, 8.3.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Post widgets due to insufficient input sanitization and output escaping o...

PT-2024-21369 · Enpass · Enpass Password Manager Desktop Client

Name of the Vulnerable Software and Affected Versions: Enpass Password Manager Desktop Client version 6.9.2 Description: The issue allows attackers to run arbitrary HTML code via the creation of a crafted note, potentially leading to HTML injection. This can occur in the Enpass Password Manager...

PT-2024-23987 · WordPress · Easy Login Styler

Name of the Vulnerable Software and Affected Versions: Easy Login Styler – White Label Admin Login Page for WordPress versions 1.0.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as cross-site scripting. This allows for...

PT-2024-23433 · Vsourz Digital · Vsourz Digital All In One Redirection

Name of the Vulnerable Software and Affected Versions: Vsourz Digital All In One Redirection versions 2.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker c...

PT-2024-20567 · Woocommerce · Woocommerce Box Office

Name of the Vulnerable Software and Affected Versions: WooCommerce Box Office versions 1.2.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in WooCommerce Box Office. Recommendations: For versions 1.2.2 and earlier, update to a version that contains a fix f...

PT-2024-12056 · Unknown · October Cms

Name of the Vulnerable Software and Affected Versions: October CMS version 3.2.0 Description: A Cross Site Scripting issue allows a local attacker to execute arbitrary code via the file type .mp3. Recommendations: For October CMS version 3.2.0, update to a version that fixes this issue to prevent...

PT-2024-20626 · Unknown · Advanced Iframe

Name of the Vulnerable Software and Affected Versions: Advanced iFrame versions through 2023.10 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Stored XSS. This means that an attacker can inject malicio...

PT-2024-19088 · Unknown · Openharmony

Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 4.0.0 Description: The issue allows a local attacker to cause a heap overflow through an integer overflow. Recommendations: For versions prior to 4.0.0, update to a version that contains a fix for this issue. At...

PT-2023-7654 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to the lack of protection of the web page structure in Adobe Experience Manager AEM, which can be exploited by a remote attacker to execute arbitrary code....

PT-2023-7652 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to the lack of protection of the web page structure in Adobe Experience Manager, allowing a remote attacker to execute arbitrary code. If a low-privileged...

PT-2023-7648 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form...

PT-2023-7861 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. It can be exploited if a low-privileged attacker convinces a victim to visit a URL referencing a...