Secure Gaming During the Holidays

Secure Gaming during holidays is essential as cyberattacks rise by 50%. Protect accounts with 2FA, avoid fake promotions,…...

UBUNTU-CVE-2024-56705

In the Linux kernel, the following vulnerability has been resolved: media: atomisp: Add check for rgbydata memory allocation failure In iacss3astatisticsallocate, there is no check on the allocation result of the rgbydata memory. If rgbydata is not successfully allocated, it may trigger the...

PT-2024-17805 · Unknown · Simple Admin Panel

Name of the Vulnerable Software and Affected Versions: code-projects Simple Admin Panel version 1.0 Description: A critical vulnerability was found in the Simple Admin Panel, affecting unknown code in the editItemForm.php file. The manipulation of the argument record leads to SQL injection. The...

PT-2024-17782 · Unknown · Treasurehuntgame Treasurehunt

Name of the Vulnerable Software and Affected Versions: TreasureHuntGame TreasureHunt up to 963e0e0 Description: A critical vulnerability has been found in TreasureHuntGame TreasureHunt. The issue affects the console log function of the file TreasureHunt/checkflag.php. The manipulation of the...

PT-2024-17764 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic vulnerability was found in Emlog Pro, affecting an unknown functionality in the library /include/lib/common.php. The manipulation of the msg argument leads to cross site scripting. The...

PT-2024-36526 · Unknown · Oqtane Framework

Name of the Vulnerable Software and Affected Versions: Oqtane Framework affected versions not specified Description: The issue is related to Insecure Direct Object Reference IDOR in Oqtane.Controllers.UserController, allowing unauthorized users to access sensitive information of other users by...

PT-2024-36799 · Unknown · Grist-Core

Name of the Vulnerable Software and Affected Versions: grist-core versions prior to 1.3.1 Description: A user visiting a malicious document or submitting a malicious form could have their account compromised due to the ability to use the javascript: scheme with custom widget URLs and form redirec...

PT-2024-36638 · Ydesignservices · Yds Support Ticket System

Name of the Vulnerable Software and Affected Versions: ydesignservices YDS Support Ticket System versions n/a through 1.0 Description: The issue is related to an SQL Injection vulnerability, allowing attackers to execute malicious SQL commands. This is due to the improper neutralization of specia...

PT-2024-36628 · Unknown · Site Intel

Name of the Vulnerable Software and Affected Versions: Critical Site Intel versions n/a through 1.0 Description: The issue is related to an improper neutralization of special elements used in an SQL command, also known as 'SQL Injection'. This allows for SQL Injection, which can be exploited...

PT-2024-36641 · Unknown · Navayan Csv Export

Name of the Vulnerable Software and Affected Versions: Navayan CSV Export versions 1.0.9 and earlier Description: The issue is related to the improper neutralization of special elements used in an SQL command, allowing Blind SQL Injection. This problem enables attackers to inject malicious SQL...

PT-2024-17232 · WordPress · Eveeno

Name of the Vulnerable Software and Affected Versions: Eveeno plugin for WordPress versions up to, and including, 1.7 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'eveeno' shortcode due to insufficient input sanitization and output escaping on user-supplied...

Amazon Linux 2023 : bpftool, kernel, kernel-devel (ALAS2023-2024-779)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-779 advisory. In the Linux kernel, the following vulnerability has been resolved: posix-timers: Ensure timer ID search-loop limit is valid CVE-2023-53728 In the Linux kernel, the following vulnerability has...

PT-2024-9501 · Adobe · Substance3D - Sampler

Name of the Vulnerable Software and Affected Versions: Substance3D - Sampler versions 4.5.1 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires...

PT-2024-36558 · Colpack +1 · Colpack +1

Name of the Vulnerable Software and Affected Versions: ColPack versions 1.0.10 through 9a7293a Description: The issue is related to the creation of predictable temporary files in ColPack, located under /tmp with names derived from an unseeded Random Number Generator RNG. This can lead to...

PT-2024-36448 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-Learning Management System version 1.0 Description: The issue concerns a SQL Injection vulnerability in the /admin/delete student.php endpoint. This vulnerability allows for potential exploitation. Recommendations: For Kashipara...

PT-2024-35911 · Unknown · Beaver Builder

Name of the Vulnerable Software and Affected Versions: Beaver Builder versions through 2.8.4.3 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means that an attacker can inject malicious scripts...

PT-2024-35743 · Whapa · Whapa

Name of the Vulnerable Software and Affected Versions: whapa version 1.59 Description: The issue concerns command injection via a crafted filename in the HTML reports component. This allows for potential exploitation through manipulated file names. Recommendations: For whapa version 1.59, conside...

PT-2024-36062 · Microsoft +1 · Windows 11 +2

Name of the Vulnerable Software and Affected Versions: Kolide Agent versions 1.5.3 through 1.12.2 Description: An implementation bug in the Kolide Agent allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was introduced when the launcher started storing upgraded...

PT-2024-35837 · Unknown · Plumeria Web Design Blizzard Quotes

Name of the Vulnerable Software and Affected Versions: Plumeria Web Design Blizzard Quotes versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform unauthorized actions on the website. The estimat...

PT-2024-27975 · Tellus +1 · Tellus +1

Name of the Vulnerable Software and Affected Versions: TELLUS versions 4.0.19.0 and earlier TELLUS Lite versions 4.0.19.0 and earlier Description: The issue is an Out-of-bounds read vulnerability. If a user opens a specially crafted file, information may be disclosed and/or arbitrary code may be...