(0Day) (Pwn2Own) oFono QMI SMS Handling Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of oFono. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of SMS message lists. The issue results from the lack of proper validation o...

PT-2024-38422 · Logsign · Logsign Unified Secops Platform

Name of the Vulnerable Software and Affected Versions: Logsign Unified SecOps Platform affected versions not specified Description: This issue allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to...

Logsign Unified SecOps Platform Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Logsign Unified SecOps Platform. Authentication is required to exploit this vulnerability. The specific flaw exists within the getresponsejsonresult endpoint. The issue results from the lack ...

NETGEAR ProSAFE Network Management System getSortString SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getSortString method. The issue results from the lack of prope...

NETGEAR ProSAFE Network Management System getFilterString SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of NETGEAR ProSAFE Network Management System. Authentication is required to exploit this vulnerability. The specific flaw exists within the getFilterString method. The issue results from the lack of...

Centreon testServiceExistence SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Centreon. Authentication is required to exploit this vulnerability. The specific flaw exists within the testServiceExistence function. The issue results from the lack of proper validation of a...

PT-2024-4782

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Server affected versions not specified Description This issue involves flaws in the deserialization mechanism within Microsoft SharePoint Server. Successful exploitation could allow a remote attacker to execute arbitrary...

PT-2024-28663 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A SQL Injection vulnerability in Trend Micro Apex One could allow a remote attacker to execute arbitrary code on affected installations. To exploit this vulnerability, an...

Trend Micro Apex One modOSCE SQL Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trend Micro Apex One. Authentication is required to exploit this vulnerability. The specific flaw exists within the client management functionality. The issue results from the lack of proper validati...

CVE-2024-2926

The Elementor Addons by Livemesh plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's widgets in all versions up to, and including, 8.3.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

Progress Software WhatsUp Gold GetASPReport Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the GetASPReport method. The issue results from the lack of...

Progress Software WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the APM module. The issue results from the lack of proper validation of...

Progress Software WhatsUp Gold SessionControler Server-Side Request Forgery Information Disclosure Vulnerability

This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Progress Software WhatsUp Gold. Authentication is required to exploit this vulnerability. The specific flaw exists within the SessionControler class. The issue results from the lack ...

PT-2024-7447 · Sap · Sap Landscape Management

Name of the Vulnerable Software and Affected Versions: SAP Landscape Management affected versions not specified Description: The issue is related to the REST Provider Definition response in SAP Landscape Management, which allows an authenticated user to read confidential data. This can cause a hi...

OESA-2024-1743 libvirt security update

Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux and other OSes. The main package includes the libvirtd server exporting the virtualization support. Security Fixes: A race condition leading to a stack use-after-free flaw was found in libvirt. Due...

PT-2024-20200 · Autel · Autel Maxicharger Ac Elite Business C50

Name of the Vulnerable Software and Affected Versions: Autel MaxiCharger AC Elite Business C50 affected versions not specified Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations of Autel MaxiCharger AC Elite Business C50 charging stations...

PT-2024-20179 · Sony · Sony Xav-Ax5500

Name of the Vulnerable Software and Affected Versions: Sony XAV-AX5500 affected versions not specified Description: This issue allows physically present attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. Authentication is not required to exploit this issue...

PT-2024-26570 · WordPress · Custom Field Suite

Name of the Vulnerable Software and Affected Versions: Custom Field Suite plugin for WordPress versions up to, and including, 2.6.7 Description: The issue is related to insufficient sanitization of input prior to being used in a call to the eval function, which makes it possible for authenticated...

PT-2024-12814 · Papercut · Papercut Ng

Name of the Vulnerable Software and Affected Versions: PaperCut NG affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of PaperCut NG. Authentication is required to exploit this issue. The specific flaw exists within...

CVE-2024-1766

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a user's Display Name in all versions up to, and including, 3.2.86 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level acces...