4511 matches found
PT-2024-2281 · Mitsubishi · Melsec-Q Series +1
Name of the Vulnerable Software and Affected Versions: MELSEC-Q Series affected versions not specified MELSEC-L Series affected versions not specified Description: The issue is related to errors in pointer scaling, which can be exploited by a remote attacker to execute arbitrary code by sending a...
PT-2024-22510 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS. The vulnerability is exploited via the "/dede/freelist edit.php" endpoint. Recommendations: For DedeCMS version 5.7, as a temporary workaround,...
PT-2024-22458 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: The issue is a stack overflow vulnerability in the fromAddressNat function, specifically affecting the entrys parameter. Recommendations: For Tenda AC18 version 15.03.05.05, consider restricting...
CVE-2023-49785 NextChat vulnerable to Server-Side Request Forgery and Cross-site Scripting
NextChat, also known as ChatGPT-Next-Web, is a cross-platform chat user interface for use with ChatGPT. Versions 2.11.2 and prior are vulnerable to server-side request forgery and cross-site scripting. This vulnerability enables read access to internal HTTP endpoints but also write access using...
PT-2024-20019 · Zoho · Manageengine Desktop Central
Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9, build 90055 Description: A critical flaw in ManageEngine Desktop Central poses a major security risk due to an unrestricted file upload vulnerability. This issue could allow a remote attacker to upload ...
PT-2024-19555 · Unknown · Bdtask G-Prescription Gynaecology & Obs Consultation
Name of the Vulnerable Software and Affected Versions: Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0 Description: A vulnerability was found in the Password Reset Handler component, specifically affecting some unknown functionality of the file /Setting/change password...
PT-2024-2266 · Tenda · Tenda Ac18
Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical vulnerability was found in the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the arguments schedStartTime and schedEndTime leads to a stack-based buffer...
PT-2024-21358 · Swftools · Swftools
Name of the Vulnerable Software and Affected Versions: swftools version 0.9.2 Description: The issue is related to a segmentation violation in the state free function located at swftools/src/swfc-history.c. Recommendations: For swftools version 0.9.2, consider disabling the state free function as...
PT-2024-38410
Name of the Vulnerable Software and Affected Versions oFono affected versions not specified Description This issue allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit...
PT-2024-18424 · Sourcecodester · Sourcecodester Online Job Portal
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Job Portal version 1.0 Description: A vulnerability has been found in the Manage Job Page component, specifically in the file /Employer/ManageJob.php. The manipulation of the Qualification/Description argument leads to...
PT-2024-2169 · Unknown · Gguf Library
Name of the Vulnerable Software and Affected Versions: GGUF library version prior to the fix of Commit 18c2e17 Description: A heap-based buffer overflow vulnerability exists in the GGUF library's info-ne functionality of llama.cpp. This issue can be exploited by providing a specially crafted .ggu...
PT-2024-21163 · Netis · Netis Wf2780
Name of the Vulnerable Software and Affected Versions: Netis WF2780 version 2.1.40144 Description: The issue is related to a command injection vulnerability. This vulnerability can be exploited via the wps ap ssid5g parameter. Recommendations: For Netis WF2780 version 2.1.40144, avoid using the w...
PT-2024-18096 · WordPress · Wp Database Reset
Name of the Vulnerable Software and Affected Versions: Database Reset plugin for WordPress versions up to, and including, 3.22 Description: The issue is due to missing or incorrect nonce validation on the install wpr function, making it possible for unauthenticated attackers to install the WP Res...
PT-2024-2631 · Node.Js +8 · Node.Js +8
Name of the Vulnerable Software and Affected Versions: Node.js affected versions not specified Description: A vulnerability in Node.js has been identified, allowing for a Denial of Service DoS attack through resource exhaustion when using the fetch function to retrieve content from an untrusted...
PT-2024-20553 · F5 · F5 Big-Ip
Name of the Vulnerable Software and Affected Versions: F5 BIG-IP affected versions not specified Description: When a virtual server is enabled with VLAN group and SNAT listener is configured, undisclosed traffic can cause the Traffic Management Microkernel TMM to terminate. Recommendations: At th...
PT-2024-20828
Name of the Vulnerable Software and Affected Versions Task Manager App version 1.0 Description A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter in the "/TaskManager/Projects.php" API endpoint...
PT-2024-2127 · Adobe · Acrobat Reader
Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30539, 23.008.20470 and earlier Description: The issue is an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue require...
Code Injection
pkg is vulnerable toCode Injection. The vulnerability is due to the use of a hardcoded directory /tmp/pkg/ for native code packages, which is shared among all users on the same local system without unique or unpredictable package names, enabling attackers to replace genuine executables with...
PT-2024-20066 · Gambio · Gambio
Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...
PT-2024-3899 · Sap · Sap Master Data Governance For Material
Name of the Vulnerable Software and Affected Versions: SAP Master Data Governance for Material Data - versions 618, 619, 620, 621, 622, 800, 801, 802, 803, 804 Description: The issue is related to the absence of a necessary authorization check for an authenticated user, resulting in escalation of...