PT-2024-15236 · WordPress · Mappress Maps

Name of the Vulnerable Software and Affected Versions: MapPress Maps for WordPress versions up to, and including, 2.88.16 Description: The issue is related to Stored Cross-Site Scripting via the width and height parameters due to insufficient input sanitization and output escaping. This allows...

PT-2024-13044 · WordPress · Givewp +1

Name of the Vulnerable Software and Affected Versions: GiveWP plugin for WordPress versions up to, and including, 2.33.3 Description: The issue is due to missing or incorrect nonce validation on the give sendwp remote install handler function, making it possible for unauthenticated attackers to...

PT-2024-1165 · Google +4 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.224 Description: The issue is related to an out-of-bounds write in the V8 JavaScript engine, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page. This...

PT-2023-31791 · Unknown · Sticky Chat Widget

Name of the Vulnerable Software and Affected Versions: Sticky Chat Widget: Click to chat, SMS, Email, Messages, Call Button, Live Chat and Live Support Button versions 1.1.8 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as...

PT-2023-30932 · Woocommerce · License Manager For Woocommerce

Name of the Vulnerable Software and Affected Versions: License Manager for WooCommerce versions 2.2.10 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2023-30213 · WordPress · Bright Plugins Pre-Orders For Woocommerce

Name of the Vulnerable Software and Affected Versions: Bright Plugins Pre-Orders for WooCommerce plugin versions = 1.2.13 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects authenticated users with contributor or higher permissions. This vulnerabilit...

PT-2023-7487 · Axis Communications · Axis Os

Name of the Vulnerable Software and Affected Versions: AXIS OS versions prior to the patched version Description: The issue is related to the VAPIX API in the AXIS OS, specifically with the overlay del.cgi endpoint, which is vulnerable to path traversal attacks. This allows an attacker, after...

PT-2023-29323 · Unknown · Koha Library

Name of the Vulnerable Software and Affected Versions: Koha Library Software versions 23.0.5.04 and before Description: The issue allows a remote attacker to obtain sensitive information via the "intranet/cgi-bin/cataloging/ysearch.pl" component. This is a SQL Injection vulnerability...

PT-2023-5989 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-beta1 and earlier Adobe Commerce versions 2.4.6-p2 and earlier Adobe Commerce versions 2.4.5-p4 and earlier Adobe Commerce versions 2.4.4-p5 and earlier Description: The issue is related to the lack of protection...

PT-2023-6494 · Ipswitch · Ws Ftp Server

Name of the Vulnerable Software and Affected Versions: WS FTP Server versions prior to 8.7.4 WS FTP Server versions prior to 8.8.2 Description: A SQL injection vulnerability exists in the WS FTP Server manager interface. An attacker may be able to infer information about the structure and content...

CVE-2023-1260

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...

PT-2023-4406 · Intel · Intel(R) Support

Name of the Vulnerable Software and Affected Versions: IntelR Support android application versions prior to v23.02.07 Description: The issue is related to incorrect default permissions in the IntelR Support android application, which may allow a privileged user to potentially enable information...

PT-2023-26792 · Bmc · Bmc Control-M

Name of the Vulnerable Software and Affected Versions: BMC Control-M versions prior to 9.0.21 BMC Control-M version 9.0.20.200 Description: The issue allows SQL injection via the "/RF-Server/report/deleteReport" API endpoint, specifically through the report-id parameter. Recommendations: For BMC...

kube-apiserver: PrivEsc

An authentication bypass vulnerability was discovered in kube-apiserver. This issue could allow a remote, authenticated attacker who has been given permissions "update, patch" the "pods/ephemeralcontainers" subresource beyond what the default is. They would then need to create a new pod or patch...

Advantech WebAccess/SCADA

1. EXECUTIVE SUMMARY CVSS v3 9.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Advantech Equipment: WebAccess/SCADA Vulnerability: Untrusted Pointer Dereference 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker gaining remote file system...

PT-2023-21197 · Kredis · Kredis

Name of the Vulnerable Software and Affected Versions: Kredis versions prior to 1.3.0.1 Description: There is a deserialization of untrusted data vulnerability in the Kredis JSON deserialization code. This issue may result in the deserialization of unexpected objects in the system when carefully...

PT-2023-18361 · WordPress · Web Directory Free

Name of the Vulnerable Software and Affected Versions: The Web Directory Free for WordPress versions up to, and including, 1.6.7 Description: The issue allows authenticated attackers with contributor-level privileges to extract sensitive information from the database due to insufficient escaping ...

PT-2023-21422 · Unknown +1 · Vk Blocks Pro +1

Name of the Vulnerable Software and Affected Versions: VK Blocks versions 1.53.0.1 and earlier VK Blocks Pro versions 1.53.0.1 and earlier Description: A cross-site scripting issue in the Tag edit function allows a remote authenticated attacker to inject an arbitrary script. This enables the...

PT-2023-21537 · Cloudlink · Cloudlink

Name of the Vulnerable Software and Affected Versions: CloudLink versions prior to 7.1.2 Description: The issue is related to a broken or risky cryptographic algorithm, which could be exploited by an unauthenticated remote attacker, potentially leading to information disclosure. Recommendations:...

PT-2023-19072 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.21 Description: The issue is related to Cross-site Scripting XSS - Stored, which allows an attacker to send a malicious script to any user. Recommendations: For versions prior to 10.5.21, update to versi...