24 matches found
CVE-2026-43441
In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...
PT-2025-3088
Name of the Vulnerable Software and Affected Versions MonicaHQ version 4.1.2 Description The issue is related to an authenticated Client-Side Injection vulnerability in MonicaHQ. This vulnerability can be exploited via the Reason parameter at the "/people/h:id/debts/create" API endpoint...
PT-2024-17575 · WordPress · Woocommerce Additional Fees On Checkout
Name of the Vulnerable Software and Affected Versions: WooCommerce Additional Fees On Checkout Free plugin for WordPress versions up to, and including, 1.4.7 Description: The issue is related to Reflected Cross-Site Scripting via the number parameter due to insufficient input sanitization and...
PT-2024-35797 · Unknown · Phpgurukul Covid19 Testing Management System
Name of the Vulnerable Software and Affected Versions: PHPGurukul COVID 19 Testing Management System version 1.0 Description: A Reflected Cross Site Scripting XSS issue was found in the /covid-tms/patient-search-report.php endpoint, which allows remote attackers to execute arbitrary code via the...
PT-2024-33041 · Funadmin · Funadmin
Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: The issue is related to SQL Injection via the parentField parameter in the index method of backendcontrollerauthAuth.php. There is no information provided about the estimated number of potentially affected...
PT-2024-32054 · Draytek · Draytek Vigor 3910
Name of the Vulnerable Software and Affected Versions: Draytek Vigor 3910 version 4.3.2.6 Description: A buffer overflow issue was discovered in the extRadSrv2 parameter at the "cgiapp.cgi" endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations...
PT-2024-39032 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: JobPortal affected versions not specified Description: The issue is related to a SQL injection vulnerability. An attacker could send a specially designed query through the user id parameter in the "/jobportal/admin/user/controller.php" endpoi...
PT-2024-31264 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the id parameter in the "adv2.php" component. Recommendations: For ZZCMS versions 2023 and earlier, consider...
PT-2024-38070 · WordPress · Lh Add Media From Url
Name of the Vulnerable Software and Affected Versions: LH Add Media From Url plugin for WordPress versions up to, and including, 1.23 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attacke...
PT-2024-23100
Name of the Vulnerable Software and Affected Versions Sentrifugo version 3.2 Description The issue is related to a SQL injection vulnerability. It affects the "/sentrifugo/index.php/reports/activitylogreport" API endpoint, specifically the sortby parameter. This could allow a remote user to send ...
PT-2024-20831 · Unknown · Task Manager App
Name of the Vulnerable Software and Affected Versions: Task Manager App version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the taskID parameter at the "/TaskManager/EditTask.php" API endpoint. Recommendations: For Task Manager A...
PT-2024-20828
Name of the Vulnerable Software and Affected Versions Task Manager App version 1.0 Description A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter in the "/TaskManager/Projects.php" API endpoint...
PT-2024-20066 · Gambio · Gambio
Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...
PT-2023-30678 · Cybrosys Techno Solutions · Cybrosys Techno Solutions Website Blog Search
Name of the Vulnerable Software and Affected Versions: Cybrosys Techno Solutions Website Blog Search aka website search blog versions 13.0 through 13.0.1.0.1 Description: A SQL injection issue allows a remote attacker to execute arbitrary code and gain privileges via the name parameter in the...
PT-2023-8891
Name of the Vulnerable Software and Affected Versions Ray versions affected versions not specified Description The issue exists due to the lack of neutralization of special elements used in operating system commands. This allows a remote attacker to execute arbitrary commands using specially...
PT-2023-27784 · Misp · Misp
Name of the Vulnerable Software and Affected Versions: MISP version 2.4.174 Description: An issue exists in the DashboardsController.php file, specifically a reflected XSS issue via the id parameter when editing a dashboard. Recommendations: For MISP version 2.4.174, consider disabling the id...
PT-2023-27061
Name of the Vulnerable Software and Affected Versions llama index versions 0.7.13 and earlier Description An issue in llama index allows a remote attacker to execute arbitrary code via the exec parameter in the PandasQueryEngine function. This enables the attacker to perform unauthorized actions ...
PT-2023-16983 · Sourcecodester · Sourcecodester Medicine Tracker System
Name of the Vulnerable Software and Affected Versions: SourceCodester Medicine Tracker System version 1.0 Description: A critical issue has been found in the processing of the file medicines/view details.php of the component GET Parameter Handler. The manipulation of the GET argument leads to sql...
PT-2023-3040 · Tenda · Tenda G103
Name of the Vulnerable Software and Affected Versions: Tenda G103 version 1.0.0.5 Description: A command injection issue allows an attacker to execute arbitrary code via the language parameter. This can compromise the integrity, availability, and confidentiality of protected information. The...
PT-2023-19450 · Dromara · Dromara Hutool
Name of the Vulnerable Software and Affected Versions: Dromara Hutool version 5.8.11 Description: A deserialization issue allows an attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. This enables the attacker to potentially gain control over the system. Recommendation...