CVE-2024-12305

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...

PT-2024-28929 · Pentaminds · Pentaminds Curovms

Name of the Vulnerable Software and Affected Versions: Pentaminds CuroVMS version 2.0.1 Description: The issue is related to exposed credentials in the software. This means that sensitive information, such as passwords or other authentication data, is not properly secured and can be accessed by...

PT-2024-36451 · Unknown · Kashipara E-Learning Management System

Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: The issue concerns a SQL Injection vulnerability in the /admin/delete content.php endpoint. This vulnerability allows for potential exploitation by injecting malicious SQL code...

PT-2024-16486 · Pegasystems · Pega Platform

Name of the Vulnerable Software and Affected Versions: Pega Platform versions 8.1 to Infinity 24.2.0 Description: The issue is related to a Cross-Site Scripting XSS problem in the search feature of the Pega Platform. This type of issue allows attackers to inject malicious scripts into websites,...

PT-2024-9578 · Ruijie · Ruijie Reyee Os

Name of the Vulnerable Software and Affected Versions: Ruijie Reyee OS versions 2.206.x through 2.319.x Description: The issue is related to a weak credential mechanism used in the Ruijie Reyee OS, which could allow an attacker to easily calculate MQTT credentials. This could potentially permit a...

PT-2024-33691 · Ibm · Ibm Security Verify Access Appliance

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Access Appliance versions 10.0.0 through 10.0.8 Description: The issue concerns hard-coded credentials, such as a password or cryptographic key, used by the appliance for its own inbound authentication, outbound...

CVE-2022-0530 affecting package unzip for versions less than 6.0-21

CVE-2022-0530 affecting package unzip for versions less than 6.0-21. A patched version of the package is available...

CVE-2022-0529 affecting package unzip for versions less than 6.0-21

CVE-2022-0529 affecting package unzip for versions less than 6.0-21. A patched version of the package is available...

PT-2024-35793 · Spip · Spip

Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: The issue concerns an authenticated arbitrary file upload vulnerability in the Documents module. This allows attackers to execute arbitrary code by uploading a crafted PDF file. There is no information provided...

PT-2024-10610 · Unknown · Mediaserver

Name of the Vulnerable Software and Affected Versions: MediaServer affected versions not specified Description: A crafted Binder request can cause a heap use-after-free UAF issue in MediaServer. This issue may lead to unspecified consequences, but specific details about the impact or potential...

PT-2024-9149 · Fuji Electric · Fuji Electric Tellus Lite V-Simulator 5

Name of the Vulnerable Software and Affected Versions: Fuji Electric Tellus Lite V-Simulator 5 version V8 Description: The issue is a remote code execution vulnerability that allows attackers to execute arbitrary code on affected installations of Fuji Electric Tellus Lite. This is due to a lack o...

PT-2024-35784 · Unknown · Masterstack Imgcap

Name of the Vulnerable Software and Affected Versions: masterstack imgcap version 0.0.1 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the "/submit" endpoint. Recommendations: For masterstack imgcap version 0.0.1, as a temporary workaround, consider...

PT-2024-8789 · Dell · Dell Wyse Management Suite

Name of the Vulnerable Software and Affected Versions: Dell Wyse Management Suite versions WMS 4.4 and prior Description: The issue is related to an Improper Restriction of Excessive Authentication Attempts, which could be exploited by a high privileged attacker with remote access, leading to...

PT-2024-17140 · Unknown · Macrozheng Mall

Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A problematic issue has been found in the JWT Token Handler component, leading to the use of a default cryptographic key. The complexity of an attack is rather high, and exploitation is known ...

PT-2024-17038 · Irfanview · Irfanview

Name of the Vulnerable Software and Affected Versions: IrfanView affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this issue, where the target must visit a...

PT-2024-35725 · Totolink · Totolink A810R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A810R version 4.1.2cu.5182 B20201026 Description: The issue is related to a Buffer Overflow in the infostat.cgi component. Recommendations: For TOTOLINK A810R version 4.1.2cu.5182 B20201026, consider restricting access to the...

PT-2024-22220 · Unknown · Mc Lr Router

Name of the Vulnerable Software and Affected Versions: MC LR Router version 2.10.5 Description: The issue concerns OS command injection vulnerabilities in the web interface I/O configuration functionality. A specially crafted HTTP request can lead to arbitrary command execution. An attacker can...

CVE-2022-43552 affecting package cmake for versions less than 3.21.4-13

CVE-2022-43552 affecting package cmake for versions less than 3.21.4-13. A patched version of the package is available...

PT-2024-35682

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the handling of NONHEAD !delta1 lclusters in the erofs filesystem. The issue was reported by syzbot, which found a WARNI...

PT-2024-9641 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by an attacker to inject malicious scripts into vulnerable form fields. This cou...