PT-2023-8591 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Adobe Substance 3D Stager versions 2.1.1 and earlier Description: The issue is related to an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigatio...

PT-2023-25652 · Grafana +1 · Loki +2

Name of the Vulnerable Software and Affected Versions: ProLion CryptoSpike version 3.0.15P2 Description: The issue allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Grafana authenticated user or from the Loki REST API withou...

PT-2023-31555 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: The issue allows a remote attacker to read files via ../ Directory Traversal in the "/common/down/file" fileKey parameter. This could potentially lead to unauthorized access to sensitive information...

PT-2023-7920 · D Link · D-Link Dir-850L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-850L version B1 FW223WWb01 Description: The issue is related to the firmware of D-Link DIR-850L routers, specifically version B1 FW223WWb01, where a remote attacker can execute arbitrary code via a crafted script to the en paramete...

PT-2023-32715 · Typecho · Typecho

Name of the Vulnerable Software and Affected Versions: Typecho version 1.2.1 Description: A vulnerability has been found in the Logo Handler component of Typecho, affecting an unknown function of the file /admin/options-theme.php. This issue leads to cross site scripting and can be exploited...

PT-2023-7508 · Tenda · Tenda Ax12

Name of the Vulnerable Software and Affected Versions: Tenda AX12 version V22.03.01.46 Description: The issue is related to a command injection vulnerability in the mac parameter at the "/goform/SetOnlineDevName" API endpoint. This vulnerability is due to the lack of input validation when...

PT-2023-7498 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge affected versions not specified Description: The issue is related to insufficient input validation in Microsoft Edge, allowing a remote attacker to gain unauthorized access to protected information. Recommendations: At the...

PT-2023-31212 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 16.01.0.124843 Description: A stack overflow issue was discovered via the set wan status function. Recommendations: For Tenda W30E version 16.01.0.124843, as a temporary workaround, consider disabling the set wan status...

PT-2023-31451 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 16.01.0.124843 Description: A stack overflow issue was discovered via the function formResetMeshNode. Recommendations: For Tenda W30E version 16.01.0.124843, as a temporary workaround, consider disabling the formResetMeshNo...

PT-2023-31453 · Tenda · Tenda W30E

Name of the Vulnerable Software and Affected Versions: Tenda W30E version 16.01.0.124843 Description: A stack overflow issue was discovered via the function formRebootMeshNode. Recommendations: For Tenda W30E version 16.01.0.124843, as a temporary workaround, consider disabling the...

PT-2023-28533 · Unknown · Firewall Service

Name of the Vulnerable Software and Affected Versions: Firewall service affected versions not specified Description: The issue is related to a missing permission check in the firewall service, allowing potential local information disclosure without requiring additional execution privileges...

PT-2023-24161 · Qualcomm · Gps Hlos Driver

Name of the Vulnerable Software and Affected Versions: GPS HLOS Driver affected versions not specified Description: A cryptographic issue exists in the GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Recommendations: At the moment, there is no information about a newer version th...

PT-2023-7439 · Delta Electronics · Infrasuite Device Master

Name of the Vulnerable Software and Affected Versions: Delta Electronics InfraSuite Device Master version 1.0.7 Description: A vulnerability exists in Delta Electronics InfraSuite Device Master that allows an unauthenticated attacker to disclose user information through a single UDP packet, obtai...

Validator.isValidSafeHTML is being deprecated and will be deleted from org.owasp.esapi:esapi in 1 year

Impact The Validator.isValidSafeHTML method can result in false negatives where it reports some input as safe i.e., returns true, but really isn't, and using that same input as-is can in certain circumstances result in XSS vulnerabilities. Because this method cannot be fixed, it is being deprecat...

PT-2023-32607 · Unknown · Jeecgboot Jimureport

Name of the Vulnerable Software and Affected Versions: jeecgboot JimuReport versions up to 1.6.1 Description: A critical vulnerability was found in jeecgboot JimuReport, affecting an unknown functionality of the file /download/image. The manipulation of the imageUrl argument leads to relative pat...

CVE-2023-4612

Improper Authentication vulnerability in Apereo CAS in jakarta.servlet.http.HttpServletRequest.getRemoteAddr method allows Multi-Factor Authentication bypass.This issue affects CAS: through 7.0.0-RC7. It is unknown whether in new versions the issue will be fixed. For the date of publication there...

PT-2023-30426 · Unknown · Nagaoka Taxi Line

Name of the Vulnerable Software and Affected Versions: nagaoka taxi Line version 13.6.1 Description: The issue allows remote attackers to send malicious notifications to victims due to the leakage of channel access token. Recommendations: For version 13.6.1, consider restricting access to the...

PT-2023-29853 · Apereo · Apereo Cas

Name of the Vulnerable Software and Affected Versions: Apereo CAS versions through 7.0.0-RC7 Description: The issue is related to an Improper Authentication vulnerability in the jakarta.servlet.http.HttpServletRequest.getRemoteAddr method, which allows Multi-Factor Authentication bypass. There is...

PT-2023-7246 · Asus · Asus Rt-Ac87U

Name of the Vulnerable Software and Affected Versions: ASUS RT-AC87U all versions Description: An improper access control issue exists, related to the implementation of the TFTP protocol, allowing an attacker to read or write files not intended for access. This can be achieved by connecting to th...

PT-2023-30228 · E-Tax · E-Tax

Name of the Vulnerable Software and Affected Versions: e-Tax software versions 3.0.10 and earlier Description: The issue is related to the improper restriction of XML external entity references XXE in the e-Tax software due to the configuration of the embedded XML parser. This allows an attacker ...