PT-2024-10413 · Ibm · Ibm Storage Defender

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender versions 2.0.0 through 2.0.7 Description: The issue is related to the IBM Storage Defender's Defender Sensor component, which has incorrect data encryption. This could allow a remote attacker to obtain sensitive informati...

PT-2024-31993 · Totolink · Totolink Ac1200 T8

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220 Description: The issue is a buffer overflow vulnerability in the setWiFiAclRules function via the desc parameter. This vulnerability can be exploited, but details about the estimated number of...

PT-2024-6277 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: The issue is related to insufficient input validation in Microsoft SharePoint Server, allowing remote attackers to execute arbitrary code. This can affect the system. Th...

PT-2024-39115 · Totolink · Totolink Ac1200 T8

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220 Description: A critical issue affects the setWiFiMeshName function of the file /cgi-bin/cstecgi.cgi. The manipulation of the device name argument leads to buffer overflow. This issue can be...

PT-2024-39117 · Totolink · Totolink Ac1200 T8

Name of the Vulnerable Software and Affected Versions: TOTOLINK AC1200 T8 version 4.1.5cu.861 B20230220 Description: A critical vulnerability was found in the TOTOLINK AC1200 T8, affecting unknown code of the file /etc/shadow.sample. The manipulation leads to the use of a hard-coded password. The...

PT-2024-37905 · WordPress · Wp Multitasking

Name of the Vulnerable Software and Affected Versions: WP MultiTasking WordPress plugin versions 0.1.12 and earlier Description: The issue is related to the lack of a CSRF check when updating settings in the WP MultiTasking WordPress plugin. This could allow attackers to make a logged-in admin...

PT-2024-6313 · Veeam · Veeam One

Name of the Vulnerable Software and Affected Versions: Veeam ONE version le12.1.0.3208 Description: A Cross-site-scripting XSS vulnerability exists in the Reporter Widgets, allowing HTML injection. This vulnerability can be exploited by a remote attacker to execute arbitrary HTML code...

IntelliNet 2.0 Remote Root Exploit

Zero day remote root exploit for IntelliNet version 2.0. It affects multiple devices of AES Corp and Siemens. The exploit provides a remote shell and escalates your permissions to full root permissions by abusing execsuid. No authentication needed at all, neither any interaction from the victim...

PT-2024-13078 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: A report contains an incorrect reference to a vulnerability identifier and links to a different product. The issue is related to a mistake in...

PT-2024-38984 · Unknown · Sourcecodester Contact Manager With Export To Vcf

Name of the Vulnerable Software and Affected Versions: SourceCodester Contact Manager with Export to VCF version 1.0 Description: A critical issue affects some unknown processing of the file /endpoint/delete-account.php of the component Delete Contact Handler. The manipulation of the argument...

PT-2024-31244 · Vtiger · Vtiger Crm

Name of the Vulnerable Software and Affected Versions: vTiger CRM version 7.4.0 Description: An Open Redirect issue exists in the page parameter, allowing attackers to redirect users to a malicious site via a crafted URL. Recommendations: For vTiger CRM version 7.4.0, consider restricting access ...

PT-2024-6114

Name of the Vulnerable Software and Affected Versions Cisco NX-OS Software affected versions not specified Description A vulnerability in the Python interpreter could allow an authenticated, low-privileged, local attacker to escape the Python sandbox and gain unauthorized access to the underlying...

PT-2024-30652 · Open Edx +1 · Openedx-Atlas +4

Name of the Vulnerable Software and Affected Versions: openedx-translations affected versions not specified edx-platform versions from 'redwood' to 'master' Description: The openedx-translations repository contains translation files from Open edX repositories to be kept in sync with Transifex...

PT-2024-30141 · Unknown · Kashipara Hotel Management System

Name of the Vulnerable Software and Affected Versions: Kashipara Hotel Management System version 1.0 Description: A Stored Cross Site Scripting XSS issue was found in the "/core/signup user.php" endpoint, allowing remote attackers to execute arbitrary code via the user email parameter...

PT-2024-38754 · Genexis · Genexis Tilgin Home Gateway

Name of the Vulnerable Software and Affected Versions: Genexis Tilgin Home Gateway version 322 AS0500-03 05 13 05 Description: This issue affects some unknown processing of the file "/vood/cgi-bin/vood view.cgi?lang=EN&act=user/spec...

PT-2024-30064 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: The issue is related to a Cross-Site Request Forgery CSRF in Pligg CMS. This occurs via the admin/admin page.php endpoint with specific parameters: link id and mode. The link id is set to 1 and the mode is...

PT-2024-30011 · Unknown · Hotel Management System

Name of the Vulnerable Software and Affected Versions: Hotel Management System version 91caab8 Description: A SQL injection vulnerability was discovered in the Hotel Management System via the book id parameter at the "admin room history.php" endpoint. This issue allows for potential unauthenticat...

PT-2024-20039 · Oppo · Coloros Internet Browser

Name of the Vulnerable Software and Affected Versions: ColorOS Internet Browser version 45.10.3.4.1 Description: The issue allows a remote attacker to execute arbitrary JavaScript code via the com.android.browser.RealBrowserActivity component. Recommendations: For version 45.10.3.4.1, consider...

PT-2024-27243 · Unknown · Ada Web Server

Name of the Vulnerable Software and Affected Versions: Ada Web Server version 20.0 Description: An issue was discovered in Ada Web Server when configured to use SSL, which is not the default setting. The SSL/TLS used to establish connections to external services is done without proper hostname...

CVE-2023-31315

Improper validation in a model specific register MSR could allow a malicious program with ring0 access to modify SMM configuration while SMI lock is enabled, potentially leading to arbitrary code execution...