PT-2024-17454 · Horilla · Horilla

Name of the Vulnerable Software and Affected Versions: horilla versions up to 1.2.1 Description: A critical vulnerability was found in horilla, affecting the function request new/get employee shift/create reimbursement/key result current value update/create meetings/create skills. The manipulatio...

PT-2024-33097 · Unknown · Sunbk201 Umicat

Name of the Vulnerable Software and Affected Versions: SunBK201 umicat versions 0.3.2 and earlier Description: The issue allows an attacker to execute arbitrary code via the poweruct int t x, uct int t n function in src/uct upstream.c. This can be exploited to perform local network attacks...

PT-2024-16847 · Landray · Landray Ekp

Name of the Vulnerable Software and Affected Versions: Landray EKP versions up to 16.0 Description: A critical issue was found in the function delPreviewFile of the file "/sys/ui/sys ui component/sysUiComponent.do?method=delPreviewFile". The manipulation of the directoryPath argument leads to pat...

PT-2024-20394 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS version 2.7.0 Description: A reachable assertion in the ogs nas emm decode function allows attackers to cause a Denial of Service DoS via a crafted NAS packet with a zero-length EMM message length. Recommendations: For Open5GS version...

PT-2024-16828 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: EyouCMS version 1.51 Description: A critical issue affects the function editFile of the file application/admin/logic/FilemanagerLogic.php. The manipulation of the argument activepath leads to path traversal. The attack may be initiated...

PT-2024-16348 · WordPress · Kognetiks Chatbot

Name of the Vulnerable Software and Affected Versions: Kognetiks Chatbot for WordPress plugin for WordPress versions up to, and including, 2.1.7 Description: The issue is related to unauthorized modification of data due to a missing capability check on the update assistant function. This allows...

PT-2024-8230 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 16.03.10.13 Description: A critical vulnerability was found in the function FUN 0046AC38 of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk crypto leads to a stack-based buffer overflow. It is possibl...

PT-2024-26494 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir e8117 Description: A segmentation violation issue was discovered in vmir via the function prepare parse function located at /src/vmir function.c. Recommendations: For vmir e8117, as a temporary workaround, consider disabling the function...

PT-2024-8244 · D Link · D-Link Dir-823G

Name of the Vulnerable Software and Affected Versions: D-Link DIR 823G version 1.0.2B05 Description: The issue is related to a command injection vulnerability in the SetNetworkTomographySettings function, specifically via the Address parameter. This allows attackers to execute arbitrary OS comman...

PT-2024-34823 · Marcel Pol · Elo Rating Shortcode

Name of the Vulnerable Software and Affected Versions: Elo Rating Shortcode versions 1.0.3 and earlier Elo Rating Shortcode versions prior to 1.0.4 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows...

PT-2024-16407 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue affects the delProtocol function of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the id argument leads to SQL injection. The attack may be initiate...

PT-2024-34580 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the doSSLTunnel function. Recommendations: For DrayTek Vigor3900 version...

PT-2024-9704 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue is related to the ldap search dn function in the mainfunction.cgi script of the Draytek Vigor3900 web interface. It allows attackers to inject malicious commands and execute arbitrary...

PT-2024-33244 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: The issue allows remote attackers to execute arbitrary code due to a pre-authentication command injection in the ate iwpriv set function. Recommendations: For version 15.03.06.44, consider disabling...

PT-2024-16228 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue has been found, affecting the actionPassOrNotAutoSign function in the /com/esafenet/servlet/service/processsign/AutoSignService.java file. The manipulation of the UniqueId argument leads to...

PT-2024-9132 · Tenda · Tenda Rx9 +1

Name of the Vulnerable Software and Affected Versions: Tenda RX9 and RX9 Pro versions 22.03.02.10 through 22.03.02.20 Description: A critical vulnerability has been found, affecting the function sub 42EEE0 of the file /goform/SetStaticRouteCfg. The manipulation of the argument list leads to a...

PT-2024-16053 · Safenet · Esafenet Cdg 5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG 5 Description: A critical issue was found in the connectLogout function of the file /com/esafenet/servlet/ajax/MultiServerAjax.java. The manipulation of the servername argument leads to SQL injection. The attack can be launched...

PT-2024-16004 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue has been found, affecting the function actionPassMainApplication of the file /com/esafenet/servlet/client/MailDecryptApplicationService.java. The manipulation of the argument id leads to SQ...

PT-2024-39854 · Sourcecodester · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A critical issue has been identified, affecting the delete product function in the /classes/Master.php?f=delete product file. The manipulation of the id argument leads to SQL...

PT-2024-31833 · Motorola · Motorola Cx2

Name of the Vulnerable Software and Affected Versions: Motorola CX2L router versions 1.0.2 and below Description: A command injection issue exists, allowing malicious users to inject and execute arbitrary commands. This is due to the system directly invoking the system function to execute command...