PT-2026-26786

Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo, an open source video platform, contains an unauthenticated server-side request forgery SSRF vulnerability in the plugin/Live/test.php file. This allows a remote user to make the AVid...

SUSE CVE-2024-1481

A flaw was found in FreeIPA. This issue may allow a remote attacker to craft a HTTP request with parameters that can be interpreted as command arguments to kinit on the FreeIPA server, which can lead to a denial of service...

PT-2024-32874 · WordPress · Cost Calculator Builder

Name of the Vulnerable Software and Affected Versions: Cost Calculator Builder Pro plugin for WordPress versions up to 3.1.72 Description: The issue allows authenticated attackers with subscriber-level access and above to make web requests to arbitrary locations originating from the web...

Peplink Surf SOHO HW1 Operating System Command Injection Vulnerability

The Peplink Surf SOHO HW1 is a small router from Peplink. An OS command injection vulnerability exists in Peplink Surf SOHO HW1 v6.3.5, which stems from an OS command injection vulnerability in the api.cgi cmd.mvpn.x509.write function. An attacker can exploit this vulnerability to execute command...

PrestaShop SQL注入漏洞

PrestaShop is an open source e-commerce solution from PrestaShop, Inc. in the United States. The solution offers multiple payment methods, short message alerts, and product image scaling. A security vulnerability exists in PrestaShop version 2023-05-09 and earlier, which stems from a sensitive SQ...