PT-2024-28913 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: PublicCMS version 4.0.202302.e Description: The issue is related to an arbitrary file upload vulnerability in the /admin/cmsTemplate/save component. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations:...

cjkcms-seo (=2.4.0), wagtail-liveedit (>=0.0.9 <=0.0.10) +8 more potentially affected by CVE-2024-39317 via wagtail (>=6.0.0 <=6.0.2)

wagtail PYPI version =6.0.0, =0.0.9, =0.14.0, =0.6.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2024-39317 Source advisory: OSV:GHSA-JMP3-39VP-FWG8...

CVE-2024-40328

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/memberOnlinedeal.php?mudi=del&dataType=&dataID=6...

CVE-2024-40334

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/serverFiledeal.php?mudi=upFileDel&dataID=3...

Easy!Appointments Security Vulnerability

Easy!Appointments is a web-based appointment and schedule management system. A security vulnerability exists in Easy!Appointments, which stems from an insecure authorization issue in the /admins/adminId interface. A low-privilege attacker can exploit this vulnerability to gain, modify, or delete ...

CVE-2024-39019

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF vulnerability via /admin/idcProDatadeal.php?mudi=del...

GHSA-VC7J-99JW-JRQM aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39323 aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

CVE-2024-39119

idccms v1.35 was discovered to contain a Cross-Site Request Forgery CSRF via admin/infodeal.php?mudi=rev&nohrefStr=close...

PT-2024-28449 · Aimeos · Aimeos/Ai-Admin-Graphql

Name of the Vulnerable Software and Affected Versions: aimeos/ai-admin-graphql versions 2022.04.1 through 2022.10.9 aimeos/ai-admin-graphql versions 2022.10.10 through 2023.10.5 aimeos/ai-admin-graphql versions 2023.10.6 through 2024.4.1 Description: The issue is related to improper access contro...

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10,...

aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions...

Aimeos Security Breach

Aimeos is an open source e-commerce framework for online stores from Aimeos Open Source. Aimeos has a security vulnerability that stems from improper access control in ai-admin-graphql, which allows an attacker to manage their own services via the GraphQL API. The affected versions are as follows...

PT-2024-13013 · Kiloview · P1/P2 +4

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: A Cross-site Scripting XSS vulnerability has been discovered, characterized by improper input neutralization during web page generation. This...

Exploit for Cross-site Scripting in Fikeulous Simpcms

Exploit Title: SimpCMS v0.1 - Cross Site Scripting XSS C...

VulnCheck KEV: CVE-2022-23178

An issue was discovered on Crestron HD-MD4X2-4K-E 1.0.0.2159 devices. When the administrative web interface of the HDMI switcher is accessed unauthenticated, user credentials are disclosed that are valid to authenticate to the web interface. Specifically, aj.html sends a JSON document with...

PT-2024-5353 · Securepoint · Securepoint Utm

Name of the Vulnerable Software and Affected Versions: Securepoint UTM versions 11.5 through 12.6.4 Securepoint UTM Reseller Preview version 12.7.0 Description: The issue is related to the authentication system of Securepoint UTM, specifically with the handling of One-Time Password OTP keys. This...

CVE-2024-37345

There is a cross-site scripting vulnerability in the Secure Access administrative UI of Absolute Secure Access prior to version 13.06. Attackers can pass a limited-length script to the administrative UI which is then stored where an administrator can access it. The scope is unchanged, there is no...