PT-2024-7882 · D Link · D-Link Di-8003

Name of the Vulnerable Software and Affected Versions: D-Link DI-8003 version 16.07.16A1 Description: A critical issue has been found in the upgrade filter asp function of the /upgrade filter.asp file. The manipulation of the path argument leads to a stack-based buffer overflow. This issue can be...

PT-2024-38348 · Simple Machines · Simplemachines Smf

Name of the Vulnerable Software and Affected Versions: SimpleMachines SMF version 2.1.4 Description: A vulnerability has been found in the User Alert Read Status Handler component, specifically in the file /index.php?action=profile;u=2;area=showalerts;do=read. The manipulation of the aid argument...

PT-2024-38181

Name of the Vulnerable Software and Affected Versions: SourceCodester School Log Management System version 1.0 Description: A critical issue has been found in the SourceCodester School Log Management System, affecting some unknown functionality of the file /admin/manage user.php. The manipulation...

PT-2024-38179

Name of the Vulnerable Software and Affected Versions: SourceCodester School Log Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/ajax.php?action=login. The manipulation of the username argument leads to SQL...

PT-2024-28984 · Ibm · Ibm Infosphere Information Server

Name of the Vulnerable Software and Affected Versions: IBM InfoSphere Information Server version 11.7 Description: The issue allows a remote attacker to send specially crafted SQL statements, potentially enabling them to view, add, modify, or delete information in the back-end database. This is a...

PT-2024-5457 · Cisco · Cisco Rv345 +1

Name of the Vulnerable Software and Affected Versions: Cisco RV340 and RV345 Dual WAN Gigabit VPN Routers affected versions not specified Description: A vulnerability in the upload module could allow an authenticated, remote attacker to execute arbitrary code on an affected device. This issue is...

PT-2024-5723 · Fujitsu · Fujitsu Network Edgiot Gw1500

Name of the Vulnerable Software and Affected Versions: FUJITSU Network Edgiot GW1500 M2M-GW for FENICS versions not specified Description: The issue is related to a path traversal vulnerability, which may allow a remote attacker with User Class privilege to access restricted files containing...

PT-2024-28837 · Tenda · Tenda Ax1806

Name of the Vulnerable Software and Affected Versions: Tenda AX1806 version 1.0.0.1 Description: A stack-based buffer overflow issue exists due to a vulnerability in the /goform/SetNetControlList endpoint, specifically within the sub 656BC function. This allows for potential exploitation...

PT-2024-37842 · Naibowang · Naibowang Easyspider

Name of the Vulnerable Software and Affected Versions: NaiboWang EasySpider version 0.6.2 Description: A problematic vulnerability was found in the HTTP GET Request Handler component of NaiboWang EasySpider, specifically in the file server.js. The issue allows for path traversal when an attacker...

CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15

CVE-2021-33454 affecting package yasm for versions less than 1.3.0-15. A patched version of the package is available...

PT-2024-7171 · Unknown · Soplanning

Name of the Vulnerable Software and Affected Versions: SOPlanning versions prior to 1.45 Description: A Cross-Site Scripting XSS issue exists due to the lack of proper validation of user input via the /soplanning/www/process/xajax server.php endpoint, affecting multiple parameters. This could all...

PT-2024-29015 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at the "/dcim/console-ports/add" API endpoint. Recommendations...

PT-2024-29020 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at "/circuits/circuits/id/edit/" API endpoint...

PT-2024-13565 · Realtek · Realtek Rtl819X Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK. A specially crafted series of network requests can lead to arbitrary...

PT-2024-28329 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in idccms. The vulnerability can be exploited via the "/admin/idcProData deal.php" endpoint, specifically when the mudi parameter is set to "del". This...

PT-2024-28408 · Simpcms · Simpcms

Name of the Vulnerable Software and Affected Versions: SimpCMS version 0.1 Description: A cross-site scripting XSS vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Title field at the "/admin.php" API endpoint. Recommendations: For...

PT-2024-37650 · Playsms · Playsms

Name of the Vulnerable Software and Affected Versions: playSMS version 1.4.3 Description: A vulnerability was found in the Template Handler component, specifically in the file /index.php?app=main&inc=feature firewall&op=firewall list. The manipulation of the id argument leads to injection. The...

PT-2024-13009 · Kiloview · P1/P2 +2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A vulnerability allows unauthorized access to functionality inadequately constrained by ACLs. Attackers may exploit this to execute commands without authentication, potentially...

CVE-2024-37146

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/credentials/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to craf...

CVE-2024-36420 GHSL-2023-232: Flowise Path Injection at /api/v1/openai-assistants-file

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, the /api/v1/openai-assistants-file endpoint in index.ts is vulnerable to arbitrary file read due to lack of sanitization of the fileName body parameter. No known patches for this...