PT-2024-2984 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 776 Description: The issue is related to an improper neutralization of special elements used in an OS command, allowing OS command injection. This can enable the creation of a reverse shell and the execution o...

PT-2024-1560 · Sap · Sap S/4Hana Finance For Advanced Payment Management

Name of the Vulnerable Software and Affected Versions: SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107 Description: The issue is related to improper authorization checks in the SAP S/4HANA Finance for Advanced Payment Management. This could allow an attacke...

PT-2024-3586 · Suitecrm · Suitecrm

Name of the Vulnerable Software and Affected Versions: Suite CRM version 7.14.2 Description: The issue is related to a Local File Inclusion LFI vulnerability, which allows an attacker to include local PHP files. This can enable a remote attacker to run or open files on the web server without havi...

PT-2023-32929 · Unknown · 7-Card Fakabao

Name of the Vulnerable Software and Affected Versions: 7-card Fakabao versions up to 1.0 build20230805 Description: A critical issue was found in the software, affecting some unknown functionality of the file shop/notify.php. The manipulation of the out trade no argument leads to sql injection. T...

PT-2023-32925 · Unknown · Campcodes Online College Library System

Name of the Vulnerable Software and Affected Versions: Campcodes Online College Library System version 1.0 Description: A critical vulnerability was found in the Campcodes Online College Library System. The issue affects an unknown function of the file /admin/category row.php of the component HTT...

PT-2023-32924 · Unknown · Campcodes Online College Library System

Name of the Vulnerable Software and Affected Versions: Campcodes Online College Library System version 1.0 Description: A critical issue affects the processing of the file /admin/book row.php of the component HTTP POST Request Handler. The manipulation of the argument id leads to SQL injection. T...

PT-2023-27969 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: jeecg-boot version 3.5.3 Description: The issue is an SSTI injection vulnerability that allows remote attackers to execute arbitrary code via a crafted HTTP request to the "/jmreport/loadTableData" component. This enables attackers to...

PT-2023-32907 · Gopeak · Gopeak Masterlab

Name of the Vulnerable Software and Affected Versions: gopeak MasterLab versions up to 3.3.10 Description: A critical issue has been found in the HTTP POST Request Handler component, specifically affecting the function sqlInjectDelete of the file app/ctrl/framework/Feature.php. The manipulation o...

PT-2023-28839

Name of the Vulnerable Software and Affected Versions Shenzhen TCL Browser TV Web BrowseHere aka com.tcl.browser version 6.65.022 dab24cc6 231221 gp Description The issue allows a remote attacker to execute arbitrary JavaScript code via the com.tcl.browser.portal.browse.activity.BrowsePageActivit...

PT-2023-31286 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: Job Portal version 1.0 Description: The issue concerns an Unauthenticated SQL Injection vulnerability. Specifically, the txtDesc parameter of the "Employer/InsertJob.php" resource does not validate the characters received, and they are sent...

PT-2023-32842 · Unknown · Lightxun Iptv Gateway

Name of the Vulnerable Software and Affected Versions: Lightxun IPTV Gateway versions up to 20231208 Description: A vulnerability was found in the processing of the file /ZHGXTV/index.php/admin/index/web upload template.html. The manipulation of the file argument leads to unrestricted upload. The...

PT-2023-31494 · Trimble · Trimble Sketchup Viewer

Name of the Vulnerable Software and Affected Versions: Trimble SketchUp Viewer affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp Viewer. User interaction is required to exploit this vulnerability...

PT-2023-32825 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: MLflow affected versions not specified Description: The issue allows attackers to gain full command execution on the victim system with only one user interaction, which involves downloading a malicious config. This is related to a Command...

PT-2023-8082 · Totolink · Totolink A7100Ru

Name of the Vulnerable Software and Affected Versions: Totolink A7100RU version 7.4cu.2313 B20191024 Description: A critical issue has been found in the function main of the file /cgi-bin/cstecgi.cgi?action=login of the component HTTP POST Request Handler. The manipulation of the argument flag...

PT-2023-32813 · Jahastech · Nxfilter

Name of the Vulnerable Software and Affected Versions: Jahastech NxFilter version 4.3.2.5 Description: A problematic vulnerability was found in Jahastech NxFilter, affecting the file /config,admin.jsp. The manipulation of the admin name argument leads to cross-site request forgery. The attack can...

PT-2023-32814 · Jahastech · Nxfilter

Name of the Vulnerable Software and Affected Versions: Jahastech NxFilter version 4.3.2.5 Description: A problematic issue has been found in the Bind Request Handler component, affecting the processing of the file user,adap.jsp?actionFlag=test&id=1. This leads to ldap injection and can be initiat...

PT-2023-30804 · Softnext · Softnext Mail Sqr Expert

Name of the Vulnerable Software and Affected Versions: Softnext Mail SQR Expert affected versions not specified Description: The issue is related to a path traversal vulnerability within a specific URL parameter. This allows an unauthenticated remote attacker to bypass authentication and download...

PT-2023-31456 · Unknown · Dreamer Cms

Name of the Vulnerable Software and Affected Versions: Dreamer CMS version 4.1.3 Description: The issue is related to a Cross-Site Request Forgery CSRF in the /admin/database/backup component. This allows for unauthorized actions to be performed on the system. Recommendations: For Dreamer CMS...

PT-2023-32538 · Red Hat · Keycloak

Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A flaw was found in Keycloak that prevents certain schemes in redirects, but permits them if a wildcard is appended to the token. This issue could allow an attacker to submit a specially...

CVE-2023-47624 Audiobookshelf Arbitrary File Read Vulnerability

Audiobookshelf is a self-hosted audiobook and podcast server. In versions 2.4.3 and prior, any user regardless of their permissions may be able to read files from the local file system due to a path traversal in the /hls endpoint. This issue may lead to Information Disclosure. As of time of...