PT-2024-35837 · Unknown · Plumeria Web Design Blizzard Quotes

Name of the Vulnerable Software and Affected Versions: Plumeria Web Design Blizzard Quotes versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform unauthorized actions on the website. The estimat...

PT-2024-27975 · Tellus +1 · Tellus +1

Name of the Vulnerable Software and Affected Versions: TELLUS versions 4.0.19.0 and earlier TELLUS Lite versions 4.0.19.0 and earlier Description: The issue is an Out-of-bounds read vulnerability. If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be...

PT-2024-15279 · Datagear · Datagear

Name of the Vulnerable Software and Affected Versions: DataGear versions up to 4.60 Description: A critical issue affects the unknown code of the file /dataSet/resolveSql, where the manipulation of the sql argument leads to sql injection. The attack can be initiated remotely. Upgrading to version...

PT-2024-35275 · W3 Eden · W3 Eden

Name of the Vulnerable Software and Affected Versions: W3 Eden, Inc. Premium Packages versions n/a through 5.9.3 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

OESA-2024-2383 rubygem-actionmailer security update

Email on Rails. Compose, deliver, and test emails using the familiar controller/view pattern. First-class support for multipart email and attachments. Security Fixes: Action Mailer is a framework for designing email service layers. Starting in version 3.0.0 and prior to versions 6.1.7.9, 7.0.8.5,...

PT-2024-34432 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A SQL Injection issue was discovered in the /admin/teachers.php file of the KASHIPARA E-learning Management System Project. The firstname and lastname parameters are...

kernel: wireguard: netlink: access device through ctx instead of peer

In the Linux kernel, the following vulnerability has been resolved: wireguard: netlink: access device through ctx instead of peer The previous commit fixed a bug that led to a NULL peer-device being dereferenced. It's actually easier and faster performance-wise to instead get the device from...

PT-2024-34791 · Unknown · Chaser324 Featured Posts Scroll

Name of the Vulnerable Software and Affected Versions: Chaser324 Featured Posts Scroll versions 1.25 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2024-34837 · WordPress · Wp Slide Categorywise

Name of the Vulnerable Software and Affected Versions: Wp Slide Categorywise versions 1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS attacks. Recommendations: F...

Malicious Package

Overview youreallydontwantthispackage2131 is a malicious package. This library contains malicious code and was removed from the package manager PyPi Remediation Avoid using all malicious instances of the youreallydontwantthispackage2131 package...

Malicious Package

Overview flag-leak-r is a malicious package. This package contains malicious code and was removed from the package manager. Remediation Avoid using all malicious instances of the flag-leak-r package. References - PyPi Package...

Malicious Package

Overview 123bla is a malicious package. This package contains malicious code and was removed from the package manager. Remediation Avoid using all malicious instances of the 123bla package...

PT-2024-16433 · Tongda Oa · Tongda Oa

Name of the Vulnerable Software and Affected Versions: Tongda OA versions 2017 up to 11.9 Description: A critical issue has been identified, affecting unknown code in the file /pda/reportshop/new.php. The manipulation of the repid argument leads to SQL injection. This issue can be exploited...

PT-2024-16271 · Codezips · Codezips Pet Shop Management System

Name of the Vulnerable Software and Affected Versions: Codezips Pet Shop Management System version 1.0 Description: A critical issue has been found in the system, affecting the /animalsadd.php file. The manipulation of the id argument leads to SQL injection, which can be initiated remotely. The...

AZL-51360 CVE-2024-49883 affecting package kernel for versions less than 5.15.173.1-1

In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4extinsertextent As Ojaswin mentioned in Link, in ext4extinsertextent, if the path is reallocated in ext4extcreatenewleaf, we'll use the stale path and cause UAF. Below is a sample trace with dumm...

CVE-2024-49937 wifi: cfg80211: Set correct chandef when starting CAC

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it return a "WARNING: CPU: 0 PID: 63 at cfg80211chandefdfsusable+0x20/0xaf cfg80211" caused by the chandef.chan being null at t...

CVE-2024-49901 drm/msm/adreno: Assign msm_gpu->pdev earlier to avoid nullptrs

In the Linux kernel, the following vulnerability has been resolved: drm/msm/adreno: Assign msmgpu-pdev earlier to avoid nullptrs There are some cases, such as the one uncovered by Commit 46d4efcccc68 "drm/msm/a6xx: Avoid a nullptr dereference when speedbin setting fails" where msmgpucleanup :...

PT-2024-33578 · WordPress · Duplicate Title Validate

Name of the Vulnerable Software and Affected Versions: Duplicate Title Validate versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, specifically an improper neutralization of special elements used in an SQL command. This allows for Blind SQL Injection,...

PT-2024-33451 · Unknown · Edwiser Bridge

Name of the Vulnerable Software and Affected Versions: Edwiser Bridge versions 3.0.7 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS or Stored XSS. This allows Stored XSS attacks, which can be...

PT-2024-32940 · Unknown · Restaurant Reservations Widget

Name of the Vulnerable Software and Affected Versions: Restaurant Reservations Widget versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations:...