PT-2024-16857 · Sourcecodester · Sourcecodester Online Eyewear Shop

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Eyewear Shop version 1.0 Description: A vulnerability has been found in the Inventory Page component, specifically in the file /oews/classes/Master.php?f=save product. The manipulation of the brand argument leads to...

PT-2024-34441 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: KASHIPARA E-learning Management System Project version 1.0 Description: A Stored Cross-Site Scripting XSS issue was found in the /admin/school year.php endpoint, specifically via the school year parameter. This allows remote attackers to...

PT-2024-8837 · Intel · Intel Server Board S2600St Family Bios/Firmware Update

Name of the Vulnerable Software and Affected Versions: Intel Server Board S2600ST Family BIOS and Firmware Update software all versions Description: The issue is related to an uncontrolled search path element in the Intel Server Board S2600ST Family BIOS and Firmware Update software. This could...

PT-2024-34386 · Trendnet · Trendnet Tew-820Ap

Name of the Vulnerable Software and Affected Versions: Trendnet TEW-820AP version 1.01.B01 Description: The issue is related to a stack overflow vulnerability in the boa httpd. Specifically, the vulnerability is found in the /boafrm/formIPv6Addr, /boafrm/formIpv6Setup, and /boafrm/formDnsv6 API...

PT-2024-34715 · Peter Shaw · Lh Qr Codes

Name of the Vulnerable Software and Affected Versions: LH QR Codes versions n/a through 1.06 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Peter Shaw LH QR Codes...

PT-2024-34744 · Unknown · Simple Job Manager

Name of the Vulnerable Software and Affected Versions: Simple Job Manager versions n/a through 1.1 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...

PT-2024-34756 · Unknown · Andrew Connell Trademe Widgets

Name of the Vulnerable Software and Affected Versions: Andrew Connell TradeMe widgets versions n/a through 1.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS in Andrew Connell...

PT-2024-26494 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir e8117 Description: A segmentation violation issue was discovered in vmir via the function prepare parse function located at /src/vmir function.c. Recommendations: For vmir e8117, as a temporary workaround, consider disabling the function...

PT-2024-26492 · Unknown · Vmir E8117

Name of the Vulnerable Software and Affected Versions: vmir e8117 version e8117 Description: A heap buffer overflow issue was discovered in vmir e8117 via the wasm parse section functions function at /src/vmir wasm parser.c. This issue occurs due to a heap buffer overflow, which can be exploited...

PT-2024-34573 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. This enables remote reboot and potentially other...

PT-2024-16507 · Unknown · Phpgurukul Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, allowing for cross-site scripting XSS attacks. The issue is related to an unknown function in the file...

PT-2024-8002 · Lb Link · Lb-Link Bl-Wr 1300H

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-WR 1300H version 1.0.4 Description: The issue is related to hardcoded credentials stored in the /etc/shadow file of the LB-LINK BL-WR 1300H router. These credentials are easily guessable, which could allow a remote attacker to gain...

PT-2024-34578 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the ruequest certificate function. Recommendations: For DrayTek Vigor3900...

PT-2024-24326 · Engenius · Engenius Esr580

Name of the Vulnerable Software and Affected Versions: EnGenius ESR580 A8J-EMR5000 devices affected versions not specified Description: The issue allows a remote attacker to conduct stored XSS attacks, potentially leading to arbitrary JavaScript code execution under the context of the user's...

PT-2024-34628 · Ethereum +1 · Ethereum +1

Name of the Vulnerable Software and Affected Versions: Ethereum version 1.12.2 WaterToken smart contract affected versions not specified Description: An issue in the WaterToken smart contract, which can be run on the Ethereum blockchain, allows remote attackers to have an unspecified impact. The...

PT-2024-16306 · Linzhaoguan · Linzhaoguan Pb-Cms

Name of the Vulnerable Software and Affected Versions: LinZhaoguan pb-cms versions up to 2.0.1 Description: A problematic issue has been found in the Edit Article Handler component, affecting the processing of the file "/adminarticle/edit?id=2". This leads to cross-site scripting, and the attack...

PT-2024-34241 · Unknown · Wp Seo – Calin Vingan Premium Seo Pack

Name of the Vulnerable Software and Affected Versions: WP SEO – Calin Vingan Premium SEO Pack versions 1.6.001 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection...

PT-2024-34254 · Unknown · Swoop 1-Click Login: Passwordless Authentication

Name of the Vulnerable Software and Affected Versions: Swoop 1-Click Login: Passwordless Authentication version 1.4.5 Description: The issue is related to an Authentication Bypass by Primary Weakness vulnerability in the Passwordless Authentication feature. This vulnerability allows for...

CVE-2020-26303

The CVE-2020-26303 entry concerns the insane HTML sanitizer. Affected versions are 2.6.2 and earlier. The underlying issue is a Regular Expression Denial of Service (ReDoS) vulnerability in one or more regular expressions used by the sanitizer. Public documentation indicates that as of publicatio...

PT-2024-10800 · Unknown · Validate.Js

Name of the Vulnerable Software and Affected Versions: Validate.js versions prior to the version released after 30 November 2020 Description: The issue concerns Regular Expression Denial of Service ReDoS due to vulnerable regular expressions in Validate.js. As of the time of publication, it is...