208 matches found
PT-2024-31819 · Facebook · Facebook Thrift
Name of the Vulnerable Software and Affected Versions: Facebook Thrift versions v2024.09.09.00 through v2024.09.23.00 Description: A null-dereference vulnerability involving parsing requests specifying invalid protocols can cause the application to crash or potentially result in other undesirable...
PT-2024-7673 · Intel · Intel Raid Web Console
Name of the Vulnerable Software and Affected Versions: IntelR RAID Web Console software all versions Description: The issue is related to improper access control in the IntelR RAID Web Console software, which may allow an authenticated user to potentially enable denial of service via adjacent...
PT-2024-6586 · Ivanti · Ivanti Workspace Control
Name of the Vulnerable Software and Affected Versions: Ivanti Workspace Control versions 10.18.0.0 and below Description: The issue is related to insufficient server-side controls in the management console of Ivanti Workspace Control, which can be exploited by a local authenticated attacker to...
PT-2024-38813 · WordPress · Wp Extended
Name of the Vulnerable Software and Affected Versions: The Ultimate WordPress Toolkit – WP Extended plugin for WordPress version 3.0.8 and earlier Description: The issue allows authenticated attackers with Subscriber-level access and above to change an admin's username to a username of their...
PT-2024-26082 · Samsung · Samsung Assistant
Name of the Vulnerable Software and Affected Versions: Samsung Assistant versions prior to 9.1.00.7 Description: The issue is related to the improper handling of insufficient permissions in Samsung Assistant, allowing remote attackers to access location data. User interaction is required for...
PT-2024-6139 · Zyxel · Wax655E +4
Name of the Vulnerable Software and Affected Versions: Zyxel NWA1123ACv3 versions 6.70ABVT.4 and earlier Zyxel WAC500 versions 6.70ABVS.4 and earlier Zyxel WAX655E versions 7.00ACDO.1 and earlier Zyxel WBE530 versions 7.00ACLE.1 and earlier Zyxel USG LITE 60AX version V2.00ACIP.2 Description: The...
PT-2024-7592
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.58 Description The issue is related to a race condition between timeout and normal completion in the nbd module of the Linux kernel. This can lead to a use-after-free condition, potentially allowing an attack...
PT-2024-31184 · Tenda · Tenda Ax1806
Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: The issue is a stack overflow that occurs via the serverName parameter in the form fast setting internet set function. Recommendations: For Tenda AX1806 version 1.0.0.1, as a temporary workaround,...
PT-2024-5978 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based versions prior to 128.0.2739.42 Description: The issue is related to insufficient input validation in Microsoft Edge, allowing an attacker to execute arbitrary code. There is no information provided about the...
PT-2024-38693 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical vulnerability was found in ZZCMS, affecting an unknown functionality of the file "/admin/class.php?dowhat=modifyclass". The manipulation of the argument skin leads to path traversal. The attack can b...
PT-2024-38595 · Unknown · Code-Projects Job Portal
Name of the Vulnerable Software and Affected Versions: code-projects Job Portal version 1.0 Description: A critical issue was found in the logindbc.php file, where an unknown function is affected. The manipulation of the email argument leads to SQL injection. It is possible to launch the attack...
PT-2024-30007 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.5822 B20200513 Description: The issue is a buffer overflow vulnerability in the ssid parameter within the setWizardCfg function. This vulnerability can be exploited, potentially allowing unauthorized access or...
PT-2024-10350 · Unknown · Opigno Learning Path
Name of the Vulnerable Software and Affected Versions: Opigno Learning path versions 0.0.0 through 3.1.2 Description: The issue is related to improper neutralization of directives in statically saved code, also known as 'static code injection', which allows for PHP Local File Inclusion. This can...
PT-2024-38155 · Mp3Tag · Mp3Tag
Name of the Vulnerable Software and Affected Versions: Mp3tag versions up to 3.26d Description: A vulnerability has been found in the library tak deco lib.dll of the component DLL Handler, leading to an uncontrolled search path. The manipulation can be launched on the local host. It is possible t...
PT-2024-38128 · Unknown · Sourcecodester School Fees Payment System
Name of the Vulnerable Software and Affected Versions: SourceCodester School Fees Payment System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /receipt.php. The manipulation of the ef id argument leads to SQL injection. This issu...
PT-2024-37734 · /N · Ipworks Ssh
Name of the Vulnerable Software and Affected Versions: /n software IPWorks SSH versions prior to 22.0.8945 /n software IPWorks SSH versions prior to 24.0.8945 Description: The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path request...
PT-2024-26988
Name of the Vulnerable Software and Affected Versions Flowise version 1.4.3 Description The issue concerns a lack of sanitization of the fileName body parameter in the "/api/v1/openai-assistants-file" endpoint, which is located in the index.ts file. This lack of sanitization leads to an arbitrary...
PT-2024-27698 · Trendnet · Trendnet Tew-814Dap
Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-814DAP version v1 FW1.01B01 Description: A stack overflow issue was discovered via the submit-url parameter at the "/formSysLog" API endpoint. Recommendations: For TRENDnet TEW-814DAP version v1 FW1.01B01, as a temporary...
PT-2024-27689 · Totolink · Totolink A3700R
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3700R version 9.1.2u.6165 20211012 Description: A stack overflow issue was discovered in the setWiFiBasicCfg function via the ssid parameter. This issue can potentially be exploited. Recommendations: For TOTOLINK A3700R version...
PT-2024-37139 · Netentsec · Netentsec Ns-Asg Application Security Gateway
Name of the Vulnerable Software and Affected Versions: Netentsec NS-ASG Application Security Gateway version 6.3 Description: A critical issue was found in the Netentsec NS-ASG Application Security Gateway. The problem is related to an unknown function of the file...