PT-2024-19664 · Apfloat · Apfloat

Name of the Vulnerable Software and Affected Versions: Apfloat version 1.10.1 Description: A NullPointerException was discovered in Apfloat via the component org.apfloat.internal.DoubleScramble::scrambledouble, int, int. However, the existence of this issue is disputed by multiple third parties d...

PT-2024-2865 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to the getWiFiExtenderConfig function, which can allow an attacker to obtain sensitive information without authorization. This can be exploited by a remote attacke...

CVE-2024-31213 InstantCMS Open Redirect vulnerability

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...

PT-2024-12052 · Unknown · Mt Safeline X-Ray X3310

Name of the Vulnerable Software and Affected Versions: MT Safeline X-Ray X3310 webserver version NXG 19.05 Description: An HTML injection issue exists that allows a remote attacker to render malicious HTML, potentially obtaining sensitive information in a victim's browser. Recommendations: For MT...

PT-2024-12051 · Unknown · Mt Safeline X-Ray X3310

Name of the Vulnerable Software and Affected Versions: MT Safeline X-Ray X3310 webserver version NXG 19.05 Description: A reflected cross-site scripting XSS vulnerability exists, enabling a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

PT-2024-24216 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: A remote code execution RCE issue was discovered, which can be exploited via the webWlanIdx parameter in the setWebWlanIdx function. Recommendations: For TOTOLINK EX200 version...

PT-2024-23713 · Unknown · Phpgurukul Men Salon Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Men Salon Management System version 2.0 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the "index.php" component. This enables attackers to acces...

PT-2024-24359 · Codelyfe · Codelyfe Stupid Simple Cms

Name of the Vulnerable Software and Affected Versions: codelyfe Stupid Simple CMS version 1.2.4 Description: A vulnerability has been found in the Login Page component of the software, affecting the restriction of excessive authentication attempts. The attack can be initiated remotely, with a...

PT-2024-23649 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection. It can be exploited via the "/WebPages/applyhardware.php" API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to the...

PT-2024-23532 · Tenda · Tenda Fh1205

Name of the Vulnerable Software and Affected Versions: Tenda FH1205 version 2.0.0.7775 Description: The issue is a stack overflow vulnerability in the page parameter from the fromAddressNat function. Recommendations: For Tenda FH1205 version 2.0.0.7775, as a temporary workaround, consider...

PT-2024-22204

Name of the Vulnerable Software and Affected Versions NEC Corporation Aterm WG1800HP4, WG1200HS3, WG1900HP2, WG1200HP3, WG1800HP3, WG1200HS2, WG1900HP, WG1200HP2, W1200EX-MS, WG1200HS, WG1200HP, WF300HP2, W300P, WF800HP, WR8165N, WG2200HP, WF1200HP2, WG1800HP2, WF1200HP, WG600HP, WG300HP, WF300HP...

PT-2024-20426

Name of the Vulnerable Software and Affected Versions Lime Survey Community Edition version v.5.3.32+220817 Description A Cross Site Scripting XSS issue allows remote attackers to execute arbitrary code via the Administrator email address parameter in the General Setting function. This enables...

PT-2024-22434 · Twenty · Twenty

Name of the Vulnerable Software and Affected Versions: Twenty version 0.3.0 Description: The CRM platform is vulnerable to stored cross-site scripting via file upload. A crafted svg file can trigger the execution of the javascript code. Recommendations: For version 0.3.0, consider disabling the...

PT-2024-23102 · Unknown · Sentrifugo

Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: A Cross-Site Scripting XSS issue exists in Sentrifugo, specifically through the /sentrifugo/index.php/sitepreference/add endpoint, where the description parameter is vulnerable. This could allow a remote us...

PT-2024-23100

Name of the Vulnerable Software and Affected Versions Sentrifugo version 3.2 Description The issue is related to a SQL injection vulnerability. It affects the "/sentrifugo/index.php/reports/activitylogreport" API endpoint, specifically the sortby parameter. This could allow a remote user to send ...

PT-2024-19196 · Elspec · Elspec G5 Digital Fault Recorder

Name of the Vulnerable Software and Affected Versions: Elspec G5 digital fault recorder versions 1.1.4.15 and before Description: An issue was discovered in the Elspec G5 digital fault recorder where the shadow file is world readable. Recommendations: For Elspec G5 digital fault recorder versions...

PT-2024-21265 · Amss++ · Amss++

Name of the Vulnerable Software and Affected Versions: AMSS++ version 4.31 Description: The issue is related to a file upload restriction evasion vulnerability. This could allow an authenticated user to potentially obtain remote code execution RCE through a webshell, compromising the entire...

PT-2024-2195 · Trendnet · Trendnet Tew-827Dru

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-827DRU router version 2.10B01 Description: There is a command injection issue in the apply.cgi interface, allowing an attacker to inject commands into the post request parameters usapps.config.smb admin name, thereby gaining root...

PT-2024-22388 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: gpac version 2.3-DEV-rev921-g422b78ecf-master Description: The issue is related to an out of boundary write vulnerability via the swf get string function at scene manager/swf parse.c:325. This vulnerability can be exploited by a remote attack...

PT-2024-2281 · Mitsubishi · Melsec-Q Series +1

Name of the Vulnerable Software and Affected Versions: MELSEC-Q Series affected versions not specified MELSEC-L Series affected versions not specified Description: The issue is related to errors in pointer scaling, which can be exploited by a remote attacker to execute arbitrary code by sending a...