PT-2024-33492 · Smartup · Smartup

Name of the Vulnerable Software and Affected Versions: smartUp versions 7.2.622.1170 Description: The issue is a universal cross-site scripting problem that allows another extension to execute arbitrary code in the context of the user’s tab. No known patches exist for this issue. Recommendations:...

PT-2024-16221 · Unknown · Codezips Sales Management System

Name of the Vulnerable Software and Affected Versions: Codezips Sales Management System version 1.0 Description: A critical issue has been identified, allowing for SQL injection through the manipulation of the prodtype argument in an unknown function of the file /addstock.php. This can be exploit...

PT-2024-33482 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...

PT-2024-16112 · Code Projects · Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A problem was discovered in the Pharmacy Management System, affecting some unknown functionality of the file /manage medicine.php of the component Manage Medicines Page. The...

PT-2024-33171 · Sage · Sage 1000

Name of the Vulnerable Software and Affected Versions: Sage 1000 version 7.0.0 Description: A Reflected Cross-Site Scripting issue exists, allowing attackers to inject malicious scripts into URLs. These scripts are reflected back by the server in the response without proper sanitization or...

PT-2024-7364 · Unknown · Laquis Scada

Name of the Vulnerable Software and Affected Versions: LAquis SCADA version 4.7.1.511 Description: A cross-site scripting vulnerability in LAquis SCADA could allow an attacker to inject arbitrary code into a web page, potentially enabling them to steal cookies, redirect users, or perform...

PT-2024-33454 · Unknown · Jiangqie Free Mini Program

Name of the Vulnerable Software and Affected Versions: JiangQie Free Mini Program versions n/a through 2.5.2 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to significant security...

PT-2024-33392 · Sunjianle · Ajax-Extend

Name of the Vulnerable Software and Affected Versions: Sunjianle ajax-extend versions n/a through 1.0 Description: The issue is related to improper control of code generation, allowing code injection. This vulnerability exists in Sunjianle and affects the ajax-extend component. Recommendations: F...

PT-2024-9364 · Pdfl Sdk · Pdfl Sdk

Name of the Vulnerable Software and Affected Versions: PDFL SDK versions 21.0.0.5 and earlier Description: The issue is related to an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user...

PT-2024-39763 · WordPress · Wp 2Fa With Telegram

Name of the Vulnerable Software and Affected Versions: WP 2FA with Telegram plugin for WordPress versions up to, and including, 3.0 Description: The issue is due to insufficient validation of the user-controlled key on the 'validate tg' action. This makes it possible for authenticated attackers,...

PT-2024-6914 · Microsoft · Windows Mobile Broadband Driver +1

Name of the Vulnerable Software and Affected Versions: Windows Mobile Broadband Driver affected versions not specified Description: The issue is related to the Windows Mobile Broadband Driver and concerns a remote code execution problem. It is associated with URL redirection to an untrusted site...

PT-2024-21909 · Hewlett Packard · Hp Hotkey Support

Name of the Vulnerable Software and Affected Versions: HP Hotkey Support affected versions not specified Description: A potential security issue has been identified in the HP Hotkey Support software, which might allow local escalation of privilege. This could let someone gain higher access rights...

GHSA-QVQV-MCXR-X8QW Slim Select has potential Cross-site Scripting issue

Slim Select 2.0 versions through 2.9.0 are affected by a potential cross-site scripting vulnerability. In select.ts:createOption, the text variable from the user-provided Options object is assigned to an innerHTML without sanitation. Software that depends on this library to dynamically generate...

PT-2024-39616

Name of the Vulnerable Software and Affected Versions OFCMS version 1.1.2 Description A problematic vulnerability has been found in OFCMS, affecting the add function of the file "/admin/system/dict/add.json?sqlid=system.dict.save". The manipulation of the dict value argument leads to cross-site...

PT-2024-31902 · Unknown · Scriptcase

Name of the Vulnerable Software and Affected Versions: Scriptcase versions 9.10.023 and earlier Description: The issue is related to Cross Site Scripting XSS in the nm cor.php file, specifically via the form and field parameters. This allows for potential malicious script injection...

PT-2024-39550 · Sourcecodester · Sourcecodester Advocate Office Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Advocate Office Management System version 1.0 Description: A critical issue affects the processing of the file /control/login.php, where the manipulation of the username argument leads to sql injection. The attack can be...

PT-2024-20926 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: Flatpress version 1.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username parameter in the "setup.php" endpoint. Recommendations: For Flatpre...

PT-2024-39546 · Unknown · Kalvingit Kvf-Admin

Name of the Vulnerable Software and Affected Versions: kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff Description: A problematic vulnerability has been found in the XML File Handler component of kalvinGit kvf-admin. The issue affects an unknown function of the file...

PT-2024-31867 · Unknown · Bookreviewlibrary

Name of the Vulnerable Software and Affected Versions: BookReviewLibrary version 1.0 Description: A host header injection issue allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This is achieved through manipulating the host header, which...

PT-2024-32082 · Unknown · Becn Datagerry

Name of the Vulnerable Software and Affected Versions: BECN DATAGERRY version 2.2 Description: The issue allows attackers to execute arbitrary commands via crafted web requests due to incorrect access control. Recommendations: For BECN DATAGERRY version 2.2, consider restricting access to the web...