GHSA-558G-H753-6M33 Weblate: Remote code execution during backup restoration

Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...

PT-2025-4213 · Microsoft · Windows Secure Kernel Mode +1

Name of the Vulnerable Software and Affected Versions: Windows Secure Kernel Mode affected versions not specified Description: An elevation-of-privilege issue allows attackers to affect the system. The issue is related to incorrect permission assignment for a critical resource. Technical details...

PT-2024-17473 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A problematic vulnerability was found in DedeCMS, affecting an unknown functionality of the file /member/uploads add.php of the component SWF File Handler. The manipulation of the mediatype argument leads ...

PT-2024-7961 · Librenms · Librenms

Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the hostname parameter. This can lead to the...

PT-2024-32056 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: Draytek Vigor 3910 version 4.3.2.6 Description: A buffer overflow was discovered in the sProfileName parameter at the "usergrp.cgi" endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: F...

PT-2024-30427 · Mediavine · Create By Mediavine

Name of the Vulnerable Software and Affected Versions: Create by Mediavine versions 1.9.8 and earlier Description: This issue exposes sensitive information to unauthorized actors. Users are urged to upgrade to the latest version to mitigate risks. Recommendations: For versions 1.9.8 and earlier,...

PT-2024-31522 · Skysystem · Arfa-Cms

Name of the Vulnerable Software and Affected Versions: SkySystem Arfa-CMS versions prior to 5.1.3124 Description: A SQL injection issue in the poll component allows remote attackers to execute arbitrary SQL commands via the psid parameter. This enables attackers to manipulate database queries,...

PT-2024-38690 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical vulnerability was found in ZZCMS 2023, affecting unknown code in the file /I/list.php. The manipulation of the skin argument leads to path traversal. This issue can be exploited remotely. The exploit...

PT-2024-7956 · Siemens · Sinema Remote Connect Server

Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: The issue is related to improper authorization. It allows a remote attacker to gain unauthorized access to participant groups they should not have access to. The vulnerabili...

PT-2024-25952 · Yvan Dotet · Postgresql Query Deluxe

Name of the Vulnerable Software and Affected Versions: Yvan Dotet PostgreSQL Query Deluxe module versions 17.x before 17.0.0.4 Description: A SQL injection issue allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get result from query. This...

PT-2024-28760 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress versions up to, and including, 5.9.15 Description: The issue is related to Stored Cross-Site Scripting via the eael team...

PT-2024-24101 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic vulnerability was found in DedeCMS, affecting unknown code of the file /src/dede/makehtml map.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit has be...

PT-2024-23096 · Unknown · Sentrifugo

Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: The issue is related to a SQL injection vulnerability. It could allow a remote user to send a specially crafted query to the server and extract all the data from it. The vulnerability is exploited through t...

PT-2024-11899 · Unknown · Weitong Mall

Name of the Vulnerable Software and Affected Versions: Weitong Mall version 1.0.0 Description: A critical issue was found in Weitong Mall. The vulnerability affects an unknown functionality of the file platform-shopsrcmainresourcescomplatformdaoOrderDao.xml. The manipulation of the argument...

PT-2024-1446 · Unknown · Rapid Scada

Name of the Vulnerable Software and Affected Versions: Rapid SCADA versions prior to 5.8.4 Description: The issue is related to shortcomings in the error reporting mechanism of the SCADA system. It allows a remote attacker to gain unauthorized access to protected information by sending a speciall...

PT-2024-1280

Name of the Vulnerable Software and Affected Versions FreeRDP versions prior to 2.11.5 FreeRDP versions prior to 3.2.0 Description The issue is related to an integer overflow in the freerdp bitmap planar context reset function, leading to a heap-buffer overflow. This affects FreeRDP based clients...

PT-2023-31526 · Growi · Growi

Name of the Vulnerable Software and Affected Versions: GROWI versions prior to v6.0.6 Description: The issue concerns the storage of sensitive information in cleartext form on the App Settings page, located at "/admin/app". This could allow an attacker with access to the page to obtain the Secret...

PT-2023-25534 · Covesa +1 · Covesa +1

Name of the Vulnerable Software and Affected Versions: Connected Vehicle Systems Alliance COVESA versions up to 2.18.8 Description: The issue is related to a buffer overflow in the Connected Vehicle Systems Alliance COVESA software. This buffer overflow occurs via the component /shared/dlt...

PT-2023-29293 · Unknown · Zenario Cms

Name of the Vulnerable Software and Affected Versions: Zenario CMS version 9.4.59197 Description: A Cross-Site Scripting XSS issue allows an attacker to execute arbitrary code via a crafted script to the Organizer - Spare alias. This enables the attacker to perform unauthorized actions on the...

PT-2023-4166 · 3S Smart Software Solutions · Codesys Development System

Name of the Vulnerable Software and Affected Versions: CODESYS Development System versions 3.5.11.20 through 3.5.19.20 Description: The issue is related to insufficient data authentication in the CODESYS Development System, which may allow a remote attacker to modify the content of notifications...