PT-2024-18126 · Kadence Blocks · The Gutenberg Blocks By Kadence Blocks

Name of the Vulnerable Software and Affected Versions: The Gutenberg Blocks by Kadence Blocks – Page Builder Features plugin for WordPress versions up to, and including, 3.2.23 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output...

PT-2024-19811 · Unknown · Codeastro Membership Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Membership Management System version 1.0 Description: A critical issue has been found in the CodeAstro Membership Management System. The problem is related to an unknown function in the file /add members.php, where the manipulation ...

PT-2024-3377 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.8-rc7 Description: The issue is related to a double-free vulnerability in the ns update nuse function, which can lead to a denial of service. When nvme identify ns fails, it frees the pointer to the struct nvm...

CVE-2023-52493 bus: mhi: host: Drop chan lock before queuing buffers

In the Linux kernel, the following vulnerability has been resolved: bus: mhi: host: Drop chan lock before queuing buffers Ensure read and write locks for the channel are not taken in succession by dropping the read lock from parsexferevent such that a callback given to client can potentially queu...

UBUNTU-CVE-2023-52485

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Wake DMCUB before sending a command Why We can hang in place trying to send commands when the DMCUB isn't powered on. How For functions that execute within a DC context or DC lock we can wrap the direct calls to...

PT-2024-5241 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x, 20.x, and 21.x Description: The issue is related to the improper handling of batch files in child process.spawn and child process.spawnSync on Windows platforms. This allows a malicious command line argument to inject...

UBUNTU-CVE-2021-46988

In the Linux kernel, the following vulnerability has been resolved: userfaultfd: release page in error path to avoid BUGON Consider the following sequence of events: 1. Userspace issues a UFFD ioctl, which ends up calling into shmemmfillatomicpte. We successfully account the blocks, we...

SUSE CVE-2024-25760

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

PT-2024-21179 · Unknown · Enhavo Cms

Name of the Vulnerable Software and Affected Versions: Enhavo CMS version 0.13.1 Description: A cross-site scripting XSS issue in the Header module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Undertitle text field. This enables attackers to...

PT-2024-11692 · Unknown · Livebox Collaboration Vdesk

Name of the Vulnerable Software and Affected Versions: LIVEBOX Collaboration vDesk versions through v031 Description: An issue was discovered in LIVEBOX Collaboration vDesk, where an Observable Response Discrepancy can occur under the "/api/v1/vdeskintegration/user/isenableuser" endpoint, the...

PT-2024-12783 · Dell · Dell Esi

Name of the Vulnerable Software and Affected Versions: DELL ESI Enterprise Storage Integrator for SAP LAMA version 10.0 Description: The issue concerns an information disclosure vulnerability in the EHAC component of DELL ESI Enterprise Storage Integrator for SAP LAMA. A remote unauthenticated...

Base64 Command Encoder

This encoder uses base64 encoding to avoid bad characters. Module Options msf use encoder/cmd/base64 msf encoderbase64 show actions ...actions... msf encoderbase64 set ACTION msf encoderbase64 show options ...show and set options... msf encoderbase64 run This module requires Metasploit:...

PT-2024-20229 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns a SQL Injection vulnerability. Specifically, the findInOutMaterialCount function in com.jsh.erp.controller.DepotHeadController does not adequately filter the column and order parameters,...

SUSE CVE-2024-23653

BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner. In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask...

PT-2024-20259 · Unknown · Springboot-Manager

Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/user" API endpoint. This allows for potential malicious script execution. The estimated number of potentially affected devices worldwid...

PT-2024-15122 · Biges Safe Life Technologies Electronics Inc · Vguard

Name of the Vulnerable Software and Affected Versions: Biges Safe Life Technologies Electronics Inc. VGuard versions prior to V500.0003.R008.4011.C0012.B351.C Description: The issue is related to a Path Traversal vulnerability, specifically an Absolute Path Traversal, which can be exploited using...

PT-2024-13541 · Quest Analytics Llc · Iqcrm

Name of the Vulnerable Software and Affected Versions: Quest Analytics LLC IQCRM version 2023.9.5 Description: The issue allows a remote attacker to execute arbitrary code via a crafted request to the "Common.svc WSDL" page. This is a SQL Injection vulnerability. Recommendations: For Quest...

PT-2024-11968 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A vulnerability has been reported, but details are not provided due to compliance with CNA rules. It is advised not to wait for vulnerability scanning results. Recommendations: At the...

PT-2024-19623 · Totolink · Totolink A3300R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3300R version 17.0.0cu.557 B20221024 Description: A command injection issue was discovered via the hostName parameter in the setWanCfg function. This allows for potential exploitation. Recommendations: For TOTOLINK A3300R version...

PT-2024-13655 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SEMCMS version 4.8 Description: A SQL injection issue was discovered via the languageID parameter in the "/web inc.php" API endpoint. This allows for potential exploitation. Recommendations: For SEMCMS version 4.8, consider restricting access...