Electrolink FM/DAB/TV Transmitter (controlloLogin.js) Credential Disclosure

Electrolink FM/DAB/TV Transmitter controlloLogin.js Credentials Disclosure Vendor: Electrolink s.r.l. Product web page: https://www.electrolink.com Affected version: 10W, 100W, 250W, Compact DAB Transmitter 500W, 1kW, 2kW Medium DAB Transmitter 2.5kW, 3kW, 4kW, 5kW High Power DAB Transmitter 100W...

PT-2023-28896 · Openfga · Openfga

Name of the Vulnerable Software and Affected Versions: OpenFGA versions prior to 1.3.2 Description: OpenFGA is vulnerable to a denial of service attack when certain Check calls are executed against authorization models that contain circular relationship definitions. This can cause the server to...

PT-2023-5899 · Accusoft · Accusoft Imagegear

Name of the Vulnerable Software and Affected Versions: Accusoft ImageGear version 20.1 Description: The issue is related to an out-of-bounds write vulnerability in the tiff planar adobe functionality of the library. This can be exploited by providing a specially crafted malformed file, potentiall...

PT-2023-31671 · Hestiacp · Hestiacp

Name of the Vulnerable Software and Affected Versions: hestiacp/hestiacp versions prior to 1.8.8 Description: The issue is related to Cross-site Scripting XSS - Reflected. This means that an attacker can inject malicious scripts into a website, which can then be executed by other users. The...

PT-2023-31024 · Mintplex · Anything-Llm

Name of the Vulnerable Software and Affected Versions: mintplex-labs/anything-llm versions prior to 0.0.1 Description: The issue is related to SQL Injection in the GitHub repository mintplex-labs/anything-llm. Recommendations: For versions prior to 0.0.1, update to version 0.0.1 or later to resol...

PT-2023-29491 · Mestav · Mestav Software E-Commerce

Name of the Vulnerable Software and Affected Versions: Mestav Software E-commerce Software versions before 20230901 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2023-27687

Name of the Vulnerable Software and Affected Versions Tenda AC8 version US AC8V4.0si V16.03.34.06 cn Description A stack overflow issue was discovered via the time parameter at the "/goform/PowerSaveSet" API endpoint. This issue can be exploited, potentially leading to unintended consequences...

PT-2023-4562 · Adobe · Acrobat Reader +3

Name of the Vulnerable Software and Affected Versions: Adobe Acrobat Reader versions 23.003.20244 and earlier Adobe Acrobat Reader versions 20.005.30467 and earlier Adobe Acrobat 2020 Adobe Acrobat Reader 2020 Adobe Acrobat Document Cloud Adobe Acrobat Reader Document Cloud Description: The issue...

PT-2023-26569 · Npm · Import-In-The-Middle

Name of the Vulnerable Software and Affected Versions: import-in-the-middle versions prior to 1.4.2 Description: The import-in-the-middle loader works by generating a wrapper module on the fly, using the module specifier to load the original module and add some wrapping code. This allows for remo...

PT-2023-26701 · Wbce Cms · Wbce Cms

Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.6.1 Description: An arbitrary file upload issue in the /languages/install.php component allows attackers to execute arbitrary code via a crafted PHP file. The "languages/install.php" component is specifically vulnerable,...

PT-2023-6139 · Raspap · Raspap

Name of the Vulnerable Software and Affected Versions: RaspAP versions 2.8.0 through 2.9.2 Description: The issue is related to a command injection vulnerability. It allows an authenticated attacker to execute arbitrary OS commands as root via the entity POST parameters in the /ajax/networking/ge...

PT-2023-4177 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLflow versions prior to 2.6.0 Description: The issue exists due to the failure to neutralize special elements used in an operating system command. This could allow an attacker to execute arbitrary commands or cause a denial of service. The...

PT-2023-25975 · Unknown +1 · Plexis Archiver +1

Name of the Vulnerable Software and Affected Versions: Plexis Archiver versions prior to 4.8.0 Description: The issue arises when using AbstractUnArchiver for extracting an archive, potentially leading to arbitrary file creation and possibly remote code execution. This occurs when an archive entr...

PT-2023-26183 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.5 Description: The issue concerns the leakage of password hashes for any user, including administrators, through the /kubepi/api/v1/users/search endpoint. This could allow a motivated attacker to crack the leaked...

CVE-2022-43584

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none...

PT-2023-20514 · Flatnest · Flatnest

Name of the Vulnerable Software and Affected Versions: flatnest versions all Description: The issue concerns Prototype Pollution via the nest function in the flatnest/nest.js file. This affects all versions of the package flatnest. Recommendations: For all versions, consider disabling the nest...

9 basic security tips for seniors

Before we get into the tips: a caveat. We know many seniors who are digitally more up to date than people 20 years younger, but for those who aren't, this guide is for you. If youre offended by the word seniors in the title, feel free to replace it with "computer illiterate people." And keep in...

PT-2023-3445 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 114.0.5735.198 Description: The issue is related to a use after free vulnerability in the Guest View component of Google Chrome, which can lead to heap corruption. An attacker who convinces a user to install a...

PT-2023-10310 · Gnu +1 · Glibc +1

Name of the Vulnerable Software and Affected Versions: glibc versions prior to 2.22 Description: The issue in the GNU C Library glibc might allow context-dependent attackers to cause a denial of service, resulting in an application crash. This can be demonstrated by using the fnmatch library...

Malicious Package

Overview techghoshal123 is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package wa...