PT-2025-16198

Name of the Vulnerable Software and Affected Versions: frdel Agent-Zero version 0.8.1.2 Description: A critical issue was found in the /get work dir files file, where the manipulation of the path argument leads to path traversal. This issue can be initiated remotely. Recommendations: For version...

CVE-2025-24957

WeGIA is a Web Manager for Charitable Institutions. A SQL Injection vulnerability was discovered in the WeGIA application, getdetalhessocio.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing access to or deletion of sensitive information...

MAL-2024-12054 Malicious code in uid-2-test-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9f2900f53327b861bd4050d2e38c0e867e8ace72a97f5525cb74f56a7af8373e Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-50066

In the Linux kernel, the following vulnerability has been resolved: mm/mremap: fix movenormalpmd/retractpagetables race In mremap, movepagetables looks at the type of the PMD entry and the specified address range to figure out by which method the next chunk of page table entries should be moved. ...

WordPress Filter & Grids Plugin <= 2.8.33 is vulnerable to Broken Authentication

Software Filter & Grids Type Plugin Vulnerable versions = 2.8.33 Fixed in 2.8.34 OWASP Top 10 A1: Broken Access Control Classification Broken Authentication CVE CVE-2024-39664 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID bac0e0da8bce Credits RE-ALTER Required privileg...

WordPress Media Library Assistant Plugin <= 3.15 is vulnerable to Cross Site Scripting (XSS)

Software Media Library Assistant Type Plugin Vulnerable versions = 3.15 Fixed in 3.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-3519 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f2ec0a790f20 Credits Le Ngoc Anh...

WordPress ERE Recently Viewed Plugin <= 1.3 is vulnerable to PHP Object Injection

Software ERE Recently Viewed Type Plugin Vulnerable versions = 1.3 Fixed in 2.0 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-24797 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID 835850fa9817 Credits Yudistira Arya Required privilege...

WordPress ShiftController Employee Shift Scheduling Plugin <= 4.9.25 is vulnerable to Cross Site Scripting (XSS)

Software ShiftController Employee Shift Scheduling Type Plugin Vulnerable versions = 4.9.25 Fixed in 4.9.26 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1978 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID dde7717ec078...

WordPress WP Data Access Plugin <= 5.3.7 is vulnerable to Broken Access Control

Software WP Data Access Type Plugin Vulnerable versions = 5.3.7 Fixed in 5.3.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-1874 Patch priority High CVSS severity High 7.5 Developer Claim ownership PSID d34193572ac0 Credits Chloe Chamberland Required...

Hardcoded credentials

comrak is a CommonMark + GFM compatible Markdown parser and renderer written in rust. A Comrak AST can be constructed manually by a program instead of parsing a Markdown document with parsedocument. This AST can then be converted to HTML via html::formatdocumentwithplugins. However, the HTML...

advise-logistic.de Cross Site Scripting vulnerability OBB-2687840

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2022-24707 SQL injection in anuko timetracker

Anuko Time Tracker is an open source, web-based time tracking application written in PHP. UNION SQL injection and time-based blind injection vulnerabilities existed in Time Tracker Puncher plugin in versions of anuko timetracker prior to 1.20.0.5642. This was happening because the Puncher plugin...

Threat Outbreak Alert RuleID30829: Email Messages Distributing Malicious Software on October 9, 2017

Medium Alert ID: 55558 First Published: 2017 October 9 18:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30829 may contain the following files: Name |...

Threat Outbreak Alert RuleID30304: Email Messages Distributing Malicious Software on August 24, 2017

Medium Alert ID: 54937 First Published: 2017 August 24 17:14 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID30304 may contain the following files: Name |...

znarch.com XSS vulnerability

Vulnerable URL: http://www.znarch.com/index.php/advise?lang=1"...

Threat Outbreak Alert RuleID12943: Email Messages Distributing Malicious Software on December 21, 2014

Medium Alert ID: 36843 First Published: 2014 December 22 15:51 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12943 may contain the following files: Name |...

Threat Outbreak Alert RuleID12837: Email Messages Distributing Malicious Software on December 12, 2014

Medium Alert ID: 36747 First Published: 2014 December 15 13:27 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID12837 may contain the following files: Name |...

CVE-2014-7564

CVE-2014-7564 affects the Android app Simple Car Care Tip and Advice (1.03). The vulnerability is that the application does not verify SSL X.509 certificates, enabling man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. The CVSS data indicates ...

Threat Outbreak Alert RuleID11272: Email Messages Distributing Malicious Software on August 26, 2014

Medium Alert ID: 35421 First Published: 2014 August 26 12:55 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat RuleID11272 may contain the following files: Name |...