AZL-49656 CVE-2024-45769 affecting package pcp 5.1.1-3

A vulnerability was found in Performance Co-Pilot PCP. This flaw allows an attacker to send specially crafted data to the system, which could cause the program to misbehave or crash...

The vulnerability of Microsoft Publisher software lies in its data protection mechanisms being breached, allowing attackers to circumvent existing security restrictions.

The vulnerability of Microsoft Publisher software is related to a flaw in the data protection mechanism. Exploiting this vulnerability could allow an attacker to circumvent existing security restrictions...

VICIdial 安全漏洞

VICIdial is a software suite from VICIdial, Inc. designed to interact with the Asterisk open source Pbx telephony system as a complete inbound/outbound contact center suite with inbound email support. A security vulnerability exists in VICIdial. An attacker can exploit this vulnerability to execu...

keycloak: Leak of configured LDAP bind credentials through the Keycloak admin console

A vulnerability was found in Keycloak. The LDAP testing endpoint allows changing the Connection URL independently without re-entering the currently configured LDAP bind credentials. This flaw allows an attacker with admin access permission manage-realm to change the LDAP host URL "Connection URL"...

C-MOR Video Surveillance 5.2401 / 6.00PL01 Cross Site Scripting

Advisory ID: SYSS-2024-021 Product: C-MOR Video Surveillance Manufacturer: za-internet GmbH Affected Versions: 5.2401, 6.00PL01 Tested Versions: 5.2401, 6.00PL01 Vulnerability Type: Persistent Cross-Site Scripting CWE-79 Risk Level: High Solution Status: Open Manufacturer Notification: 2024-04-05...

Security Bulletin: Vulnerability in Go affects watsonx.data

Summary TheScalarMult and ScalarBaseMult methods of the P256 Curve in Golang Go have an unspecified error that returns an incorrect result which has an unknown impact and attack vector. watsonx.data may be affected by this. Vulnerability Details CVEID:CVE-2023-24532 DESCRIPTION: An unspecified...

Hostel Management System 1.0 Arbitrary File Upload

============================================================================================================================================= | Title : hostel management system 1.0 arbitrary file upload Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla...

SportsNET SQL注入漏洞

SportsNET is a sports event network application from SportsNET, Inc. SportsNET suffers from a SQL injection vulnerability that can be exploited by an attacker to retrieve, update, and delete all information in the database via a specially crafted SQL query...

CVE-2024-5335 Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider <= 1.6.4 - Unauthenticated PHP Object Injection

The Ultimate Store Kit Elementor Addons, Woocommerce Builder, EDD Builder, Elementor Store Builder, Product Grid, Product Table, Woocommerce Slider plugin is vulnerable to PHP Object Injection via deserialization of untrusted input via the ultimatestorekitcompareproducts cookie in versions up to ...

The vulnerability of the Dell Storage Resource Manager and Dell Storage Monitoring and Reporting software agents allows a hacker to intercept an active user session.

The vulnerability of the Dell Storage Resource Manager and Dell Storage Monitoring and Reporting software agents relates to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to intercept the ongoing user session remotely...

kernel: net: kernel: UAF in network route management

A use-after-free flaw was found in the Linux kernel's network route management. This flaw allows an attacker to alter the behavior of certain network connections...

PT-2024-7988

Name of the Vulnerable Software and Affected Versions Microsoft Copilot Studio affected versions not specified Description The issue is related to the exposure of sensitive information to unauthorized actors in Microsoft Copilot Studio. This allows an unauthenticated attacker to view sensitive...

CVE-2024-22169

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...

CVE-2024-22169

CVE-2024-22169 affects WD Discovery. Versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could enable code execution by abusing the ELECTRON_RUN_AS_NODE environment variable. The attack requires the victim to have the WD Discovery app installed; exploitat...

CVE-2024-22169 Misconfiguration in node.js causing a code execution in WD Discovery

WD Discovery versions prior to 5.0.589 contain a misconfiguration in the Node.js environment settings that could allow code execution by utilizing the 'ELECTRONRUNASNODE' environment variable. Any malicious application operating with standard user permissions can exploit this vulnerability,...

CVE-2024-2843

The WooCommerce Customers Manager WordPress plugin before 30.1 does not have CSRF checks in some places, which could allow attackers to make logged in admin users delete users via CSRF attacks...

SyroTech SY-GPON-1110-WDONT 安全漏洞

The SyroTech SY-GPON-1110-WDONT is a wireless router from SyroTech. The SyroTech SY-GPON-1110-WDONT suffers from an information disclosure vulnerability that stems from a missing security flag in a session cookie associated with the router's web management interface. An attacker could exploit thi...

PT-2024-5305 · Phpipam · Phpipam

Name of the Vulnerable Software and Affected Versions: phpipam version 1.6 Description: The issue is related to Cross Site Scripting XSS in the phpipam application. Specifically, the "/app/admin/widgets/edit.php" endpoint is vulnerable. This vulnerability can be exploited by a remote attacker to...

PT-2024-19015 · Atlassian · Bitbucket

Name of the Vulnerable Software and Affected Versions: Bitbucket Data Center versions 8.0.0 through 8.9.12 Bitbucket Data Center versions 8.19.0 through 8.19.1 Description: The issue is an open redirect vulnerability that allows an unauthenticated attacker to redirect a victim user upon login to...

Telegram 安全漏洞

Telegram is an instant messaging mobile application open-sourced by Telegram. A security vulnerability exists in Telegram version 10.14.4 and earlier versions. An attacker exploiting the vulnerability could send a malicious application disguised as a video...