PT-2024-26443 · Anpviz · Anpviz

Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to modify or disable camera-related settings, including microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. This affects...

PT-2024-25761

Name of the Vulnerable Software and Affected Versions QDOCS Smart School version 7.0.0 Description The issue is related to Cross Site Scripting XSS, which results in arbitrary code execution in admin functions, specifically when adding or updating records. This could potentially allow an attacker...

PT-2024-34548 · Unknown · Sourcecodester Event Registration System

Name of the Vulnerable Software and Affected Versions: SourceCodester Event Registration System version 1.0 Description: A critical issue was found in the SourceCodester Event Registration System, affecting an unknown part of the file portal.php. The manipulation of the username and password...

PT-2024-20216 · Intel · Intel Server D50Fcp Family

Name of the Vulnerable Software and Affected Versions: IntelR Server D50FCP Family products affected versions not specified Description: The issue is related to improper buffer restrictions in the PlatformPfrDxe driver in UEFI firmware, which may allow a privileged user to enable escalation of...

PT-2024-26320 · Idccms · Idccms

Name of the Vulnerable Software and Affected Versions: idccms version 1.35 Description: A Cross-Site Request Forgery CSRF issue was discovered in the component "/admin/homePro deal.php" with parameters mudi, dataType, and dataTypeCN. This issue allows for unauthorized requests. Recommendations: F...

PT-2024-3584 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to errors in numerical truncation in the Windows RRAS service, allowing remote attackers to execute arbitrary code and affect the...

CVE-2022-44792 affecting package net-snmp for versions less than 5.9.4-1

CVE-2022-44792 affecting package net-snmp for versions less than 5.9.4-1. An upgraded version of the package is available that resolves this issue...

PT-2024-12115 · Libmodbus · Libmodbus

Name of the Vulnerable Software and Affected Versions: libmodbus version 3.1.10 Description: The issue is a heap-based buffer overflow vulnerability in the read io status function located in src/modbus.c. This vulnerability can potentially be exploited, but there is no information provided about...

PT-2024-40749 · Git +1 · Libpcap

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value". The crash state involves several functions: pcapint filter with aux data, pcapint...

PT-2024-25219 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.113 Description: The issue allows a remote attacker to execute arbitrary code via the typeid parameter in the makehtml list action.php component. This is a Cross Site Scripting vulnerability. Recommendations: For DedeCMS...

PT-2024-21928 · Unknown · Superantispyware Professional

Name of the Vulnerable Software and Affected Versions: SUPERAntiSpyware Professional X versions 10.0.1262 through 10.0.1264 Description: The issue allows unprivileged attackers to escalate privileges via a restore of a crafted DLL file into the C:Program FilesSUPERAntiSpyware folder...

PT-2024-24501 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: The issue is a stack overflow vulnerability located in the adslPwd parameter of the formWanParameterSetting function. This vulnerability can be exploited, potentially allowing unauthorized access or...

PT-2024-24484 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 1.0 V1.0.1.25633 Description: The issue is a stack overflow vulnerability located via the page parameter in the fromVirtualSer function. Recommendations: For Tenda W30E version 1.0 V1.0.1.25633, consider disabling the...

PT-2024-24200 · Unknown · Gin-Vue-Admin

Name of the Vulnerable Software and Affected Versions: sanluan flipped-aurora gin-vue-admin versions 2.4.x Description: An issue in the Session Expiration component allows an attacker to escalate privileges. Recommendations: For versions 2.4.x, consider restricting access to the Session Expiratio...

PT-2024-23076

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller contains poorly configured access control on the DESKTOP EDIT USER GET CARD endpoint, allowing an unauthenticated attacker to...

PT-2024-24226 · Derbynet · Derbynet

Name of the Vulnerable Software and Affected Versions: DerbyNet version 9.0 Description: A Directory Traversal issue allows a remote attacker to execute arbitrary code via the page parameter of the "kiosk.php" component. Recommendations: For DerbyNet version 9.0, consider restricting access to th...

PT-2024-3328 · Maccms · Maccms

Name of the Vulnerable Software and Affected Versions: Macs CMS version 1.1.4f Description: The issue is related to a lack of protection against SQL injection attacks when handling certain parameters, including resetPassword, forgotPasswordProcess, saveUser, saveRole, deleteUser, deleteRole,...

PT-2024-19542

Name of the Vulnerable Software and Affected Versions Form Tools version 3.1.1 Description A Server Side Template Injection SSTI issue allows attackers to run arbitrary commands via the Group Name field under the add forms section of the application. Recommendations For Form Tools version 3.1.1,...

CVE-2024-3448

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...

CVE-2024-2731

CVE-2024-2731 describes an improper access control issue in Mautic-based deployments (cited via Red Hat and CVE records) where users with low privileges can view pages exposing sensitive data (company names, user names/surnames, stage names, monitoring campaigns and their descriptions) and can al...