334 matches found
Azure Linux 3.0 Security Update: libcxx / llvm / rust (CVE-2024-31852)
The version of libcxx / llvm / rust installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-31852 advisory. - LLVM before 18.1.3 generates code in which the LR register can be overwritten without data bei...
Azure Linux 3.0 Security Update: mysql (CVE-2024-21203)
The version of mysql installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-21203 advisory. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: FTS. Supported versions that are...
PT-2025-4254 · Oracle · Oracle Analytics Desktop
Name of the Vulnerable Software and Affected Versions: Oracle Analytics Desktop versions prior to 8.1.0 Description: The issue is related to a vulnerability in the Oracle Analytics Desktop product, specifically in the Install component. This vulnerability can be easily exploited by a low-privileg...
PT-2025-4739
Name of the Vulnerable Software and Affected Versions RE11S version 1.11 Description A stack overflow issue was discovered in the setWAN function via the pptpUserName parameter. This issue can be exploited, potentially leading to unintended consequences. No information is available about the...
PT-2025-1086 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.7 through 17.5.5 GitLab CE/EE versions 17.6 through 17.6.3 GitLab CE/EE versions 17.7 through 17.7.1 Description: An issue was discovered in GitLab CE/EE that allows a denial of service DoS by creating cyclic referenc...
CVE-2024-47155
Some Honor products are affected by information leak vulnerability, successful exploitation could cause the information leak...
CVE-2022-46811
CVE-2022-46811 affects the WordPress plugin ALD – Dropshipping and Fulfillment for AliExpress and WooCommerce (VillaTheme) up to version 1.0.21. The root cause is Missing Authorization / Access Control allowing broken access control and CSRF-related issues. The CVSSv3.1 base score is 4.3 (Medium)...
CVE-2024-55550
CVE-2024-55550 affects Mitel MiCollab up to 9.8 SP2. The primary description indicates an authenticated administrator can perform a local file read due to insufficient input sanitization, exposing non-sensitive system information without modification or privilege escalation. The connected nuclei ...
PT-2024-16509 · Unknown · Datatables +1
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, affecting some unknown functionality of the file /admin/assets/plugins/DataTables/media/unit...
PT-2024-16267 · Unknown · Sourcecodester Attendance/Payroll System
Name of the Vulnerable Software and Affected Versions: SourceCodester Attendance and Payroll System version 1.0 Description: A critical issue has been found in the system, affecting the processing of the file /admin/overtime add.php. The manipulation of the id argument leads to SQL injection. The...
PT-2025-25265 · Trend Micro · Trend Micro Endpoint Encryption
Name of the Vulnerable Software and Affected Versions: Trend Micro Endpoint Encryption versions prior to 6.0.0.4013 Description: An insecure deserialization operation in the Trend Micro Endpoint Encryption PolicyServer could lead to a pre-authentication remote code execution on affected...
PT-2024-7353 · Ivanti · Ivanti Cloud Services Appliance
Name of the Vulnerable Software and Affected Versions: Ivanti Cloud Services Appliance versions prior to 5.0.2 Description: The issue is related to a SQL injection vulnerability in the admin web console of Ivanti Cloud Services Appliance. This vulnerability allows a remote authenticated attacker...
PT-2024-39567 · Sourcecodester · Sourcecodester Advocate Office Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester Advocate Office Management System version 1.0 Description: A critical issue has been found in the system, affecting some unknown functionality of the file /control/activate.php. The manipulation of the id argument leads to SQL...
PT-2024-23818 · Open Networking Foundation · Libfluid
Name of the Vulnerable Software and Affected Versions: libfluid version 0.1.0 Description: The issue is an Out-of-bounds Read vulnerability in the Open Networking Foundation ONF libfluid, specifically in the libfluid msg modules. It is associated with the program routines fluid...
Microsoft SharePoint Server Denial of Service Vulnerability (CNVD-2024-39522)
Microsoft SharePoint Server is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A denial of...
Reedos aiM-Star 安全漏洞
Reedos aiM-Star is a software product from Reedos for mutual fund distribution. A security vulnerability exists in Reedos aiM-Star version 2.0.1, which stems from a lack of rate limiting for OTP requests in certain API endpoints, which could allow an attacker to send multiple OTP requests through...
Code Execution Vulnerability in Multiple Mozilla Products (CNVD-2024-40525)
Mozilla Firefox is an open source web browser.Mozilla Firefox ESR is an extended support version of Firefox the web browser.Mozilla Thunderbird is a suite of email client software separate from the Mozilla Application Suite. A code execution vulnerability exists in several Mozilla products, which...
PT-2024-5858
Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus versions prior to 1.26.2 NGINX Open Source and NGINX Plus versions prior to 1.27.1 Description The issue is related to a buffer overread vulnerability in the ngx http mp4 module, which might allow an attacker t...
The vulnerability of the Remote Desktop Licensing Service for Windows operating systems allows a perpetrator to trigger a service failure.
The vulnerability of the Remote Desktop Licensing Service for Windows operating systems is related to pointer swapping errors. Exploiting this vulnerability could allow a malicious actor to cause service failures remotely...
LLVM before 18.1.3 generates code in which the LR register can be overwritten without data being saved to the stack and thus there can sometimes be an exploitable error in the flow of control. This affects the ARM backend and can be demonstrated with Clang. NOTE: the vendor perspective is "we don't have strong objections for a CVE to be created ... It does seem that the likelihood of this miscompile enabling an exploit remains very low because the miscompile resulting in this JOP gadget is such that the function is most likely to crash on most valid inputs to the function. So if this function is covered by any testing the miscompile is most likely to be discovered before the binary is shipped to production."
...