PT-2025-3188 · Unknown · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms versions n/a through 1.4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious code into the HTML Forms,...

PT-2024-36125 · Unknown · Think201 Faqs

Name of the Vulnerable Software and Affected Versions: Think201 FAQs versions n/a through 1.0.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in Think201 FAQs. Recommendations: For...

PT-2024-34919 · Unknown · Dang Ngoc Binh Audio Record

Name of the Vulnerable Software and Affected Versions: Dang Ngoc Binh Audio Record versions n/a through 1.0 Description: The issue allows an attacker to upload a web shell to a web server due to an unrestricted upload of file with dangerous type vulnerability. This enables remote hackers to uploa...

PT-2024-30323 · WordPress · Waitlist Woocommerce

Name of the Vulnerable Software and Affected Versions: Waitlist Woocommerce Back in stock notifier versions n/a through 2.6 Description: The issue affects the Waitlist Woocommerce Back in stock notifier plugin due to a Missing Authorization vulnerability. This vulnerability allows exploitation of...

PT-2024-33464 · Unknown · Sourav All In One Slider

Name of the Vulnerable Software and Affected Versions: Sourav All in One Slider versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows Reflected XSS, which can be exploited by...

PT-2024-33465 · Sovratec · Sovratec Case Management

Name of the Vulnerable Software and Affected Versions: Sovratec Case Management versions n/a through 1.0.0 Description: The issue allows an attacker to upload a web shell to a web server, which can lead to further exploitation. This is due to an Unrestricted Upload of File with Dangerous Type...

PT-2024-33473 · Myriad Solutionz · Myriad Solutionz Property Lot Management System

Name of the Vulnerable Software and Affected Versions: Myriad Solutionz Property Lot Management System versions n/a through 4.2.38 Description: The issue allows hackers to upload malicious files, exploiting an Unrestricted File Upload vulnerability. This enables the upload of a web shell to a web...

Microsoft Windows Security Vulnerabilities

Microsoft Windows is a suite of operating systems for use on personal devices from Microsoft Corporation USA. A security vulnerability exists in Microsoft Windows iSCSI. An attacker could exploit this vulnerability to cause a denial of service. The following products and versions are...

PT-2024-23384 · Gamipress · Gamipress

Name of the Vulnerable Software and Affected Versions: GamiPress versions n/a through 6.8.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web application that the use...

PT-2023-23895

Name of the Vulnerable Software and Affected Versions Subscribe to Category versions n/a through 2.7.4 Description The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. Recommendations For versions n/a through 2.7.4, upda...

BELL-CVE-2021-20205 CVE-2021-20205 does not affect BellSoft software

Bulletin has no description...

CVE-2023-31997

UniFi OS 3.1 introduces a misconfiguration on consoles running UniFi Network that allows users on a local network to access MongoDB. Applicable Cloud Keys that are both 1 running UniFi OS 3.1 and 2 hosting the UniFi Network application. "Applicable Cloud Keys" include the following: Cloud Key Gen...

DRUPAL-CORE-2023-002

The Media module does not properly check entity access in some circumstances. This may result in users seeing thumbnails of media items they do not have access to, including for private files. This release was coordinated with SA-CONTRIB-2023-010. This advisory is not covered by Drupal Steward...

CVE-2022-37944

Rejected reason: Not used in 2022...

CVE-2018-3676

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none...

CVE-2022-27457 affecting package mariadb 10.3.35-1

CVE-2022-27457 affecting package mariadb 10.3.35-1. This CVE either no longer is or was never applicable...

CVE-2021-3651

CVE-2021-3651 is rejected/not used; this candidate was withdrawn and does not represent an active vulnerability entry.

Security Bulletin: Apache Log4j Vulnerability Affects IBM Sterling Transformation Extender (CVE-2021-44228)

Summary IBM Sterling Transformation Extender is impacted by Log4j2 security vulnerability, CVE-2021-44228, where an attacker can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers when message lookup substitution is enabled. Vulnerability Details...

Win-911 mobile server platform privilege escalation vulnerability

Summary An exploitable local privilege elevation vulnerability exists in the file system permissions of the Mobile-911 Server V2.5 install directory. Depending on the vector chosen, an attacker can overwrite the service executable and execute arbitrary code with System privileges or replace other...

ilporteghetto.playrestaurant.tv Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1031352 Security Researcher devl00p Helped patch 3018 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting...