216 matches found
PT-2025-19339 · Unknown · Phpgurukul Emergency Ambulance Hiring Portal
Name of the Vulnerable Software and Affected Versions: PHPGurukul Emergency Ambulance Hiring Portal version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /admin/edit-ambulance.php. The manipulation of the dconnum argument leads to SQL injection...
PT-2025-18865 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.0-rc1-00004-g703695902cfa Description: A vulnerability in the Linux kernel has been identified, where the inconsistency between i size and i disksize can trigger a kernel warning when the boot loader inode i...
PT-2025-15738 · Bhoogterp · Bhoogterp
Name of the Vulnerable Software and Affected Versions: bhoogterp Scheduled versions n/a through 1.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on the web application,...
ABB Low Voltage DC Drives and Power Controllers CODESYS RTS
SUMMARY CODESYS group published several vulnerabilities regarding the CODESYS Runtime System, which is included in the firmware of ABB LV DC drives and power controllers. It is used to implement a selection of features and to provide IEC 611131-3 programming capabilities. These vulnerabilities...
Carrier Block Load
RISK EVALUATION Successful exploitation of this vulnerability could allow a malicious actor to execute arbitrary code with escalated privileges . 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as: Minimize...
PT-2025-9147 · WordPress · Fluent Support
Name of the Vulnerable Software and Affected Versions: The Fluent Support – Helpdesk & Customer Support Ticket System plugin for WordPress versions up to, and including, 1.8.5 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the...
CVE-2022-49201 ibmvnic: fix race between xmit and reset
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: fix race between xmit and reset There is a race between reset and the transmit paths that can lead to ibmvnicxmit accessing an scrq after it has been freed in the reset path. It can result in a crash like: Kernel attempt...
Exploit for OS Command Injection in Wago Compact_Controller_100_Firmware
wagoexploit.py - PoC Exploit for CVE-2023-1698 !WAGOhttp...
CVE-2021-44678
An issue 2 of 6 was discovered in Veritas Enterprise Vault through 14.1.2. On start-up, the Enterprise Vault application starts several services that listen on random .NET Remoting TCP ports for possible commands from client applications. These TCP services can be exploited due to deserialization...
PT-2024-10475 · Gstreamer +10 · Gstreamer +10
Name of the Vulnerable Software and Affected Versions: GStreamer versions prior to 1.24.10 Description: The issue is related to an integer overflow in the memory reallocation process. The program attempts to reallocate memory to accommodate a certain number of elements, but if the value read from...
CVE-2024-52798
A flaw was found in path-to-regexp. A path-to-regexp turns path strings into regular expressions. In certain cases, path-to-regexp will output a regular expression that can be exploited to cause poor performance. Mitigation Avoid using two parameters within a single path segment when the separato...
PT-2024-9983 · Autodesk · Autodesk Navisworks
Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom affected versions not specified Autodesk Navisworks Simulate affected versions not specified Autodesk Navisworks Manage affected versions not specified Description: A maliciously crafted DWFX file, when parsed...
Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2024-045 (ALASECS-2024-045)
The version of ecs-service-connect-agent installed on the remote host is prior to v1.29.9.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2024-045 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-report...
PT-2024-30070 · Pligg Cms · Pligg Cms
Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was discovered in Pligg CMS. The vulnerability is exploited via the /admin/domain management.php endpoint with specific parameters, including id, list, and remove...
PT-2024-37976 · Pdf.Js +1 · Pdf.Js +1
Name of the Vulnerable Software and Affected Versions: SiYuan version 3.1.0 Description: A vulnerability has been found in the PDF Handler component, specifically in the file PDF.js, which can lead to cross-site scripting. The attack can be launched remotely. The issue affects an unknown...
PT-2024-34106 · WordPress · Cm Wordpress Search/Replace Plugin
Name of the Vulnerable Software and Affected Versions: CM WordPress Search And Replace Plugin versions prior to 1.3.9 Description: The issue concerns the lack of CSRF checks in certain areas of the plugin, which could allow attackers to make logged-in users perform unwanted actions via CSRF...
CVE-2024-37169
CVE-2024-37169 affects the self-hosted tool @jmondi/url-to-png. Versions before 2.0.3 are vulnerable to arbitrary file read when an attacker leverages Playwright’s screenshot feature to abuse the file wrapper. The issue is mitigated in version 2.0.3, which enforces input URLs to be http/https. Th...
Security Advisory 0097
Security Advisory 0097 PDF Date: May 24, 2024 Revision | Date | Changes ---|---|--- 1.0 | May 24, 2024 | Initial release The CVE-ID tracking this issue: CVE-2023-52424 CVSSv3.1 Base Score: Not indicated by NVD as of 5/23/2024 Description Arista Networks is providing this security update in respon...
CVE-2024-23193
E-Mails exported as PDF were stored in a cache that did not consider specific session information for the related user account. Users of the same service node could access other users E-Mails in case they were exported as PDF for a brief moment until caches were cleared. Successful exploitation...
WBCE 1.6.0 - Unauthenticated SQL injection
Exploit Title: |Unauthenticated SQL injection in WBCE 1.6.0 Date: 15.11.2023 Exploit Author: young pope Vendor Homepage: https://github.com/WBCE/WBCECMS Software Link: https://github.com/WBCE/WBCECMS/archive/refs/tags/1.6.0.zip Version: 1.6.0 Tested on: Kali linux CVE : CVE-2023-39796 There is an...