PT-2023-1088 · Microsoft · Odbc Driver +1

Name of the Vulnerable Software and Affected Versions: Microsoft ODBC Driver affected versions not specified Description: The issue is related to insufficient input validation in the Microsoft ODBC Driver for Windows operating systems. This allows a remote attacker to execute arbitrary code...

PT-2023-1233 · Microsoft · Dwm Core Library +1

Name of the Vulnerable Software and Affected Versions: Microsoft DWM Core Library affected versions not specified Description: The issue is related to insufficient access control in the Microsoft DWM Core Library of Windows operating systems. It allows an attacker to elevate their privileges,...

PT-2023-13959 · WordPress · Superio

Name of the Vulnerable Software and Affected Versions: Superio WordPress theme affected versions not specified Description: The issue concerns the Superio WordPress theme, which does not properly sanitise and escape certain parameters. This could allow users with a role as low as a subscriber to...

PT-2022-27927 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered via the wps sta enrollee pin parameter in the set sta enrollee pin 24g function. This issue can be exploited, potentially allowing unauthorized access or...

CVE-2020-26302

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...

CVE-2020-26302

is.js is a general-purpose check library. Versions 0.9.0 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. is.js uses a regex copy-pasted from a gist to validate URLs. Trying to validate a malicious string can cause the regex to...

PT-2022-26676 · Silverstripe · Silverstripe/Subsites

Name of the Vulnerable Software and Affected Versions: Silverstripe silverstripe/subsites versions through 2.6.0 Description: The subsites module can weaken edit restrictions on some files, allowing a malicious user to edit files they do not have edit rights to. This issue only affects projects...

PT-2022-5998 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.14 and earlier Description: The issue is related to a reflected Cross-Site Scripting XSS vulnerability. It can be exploited if an attacker convinces a victim to visit a URL referencing a vulnerable page,...

PT-2022-26871 · Telegram · Telegram Web K

Name of the Vulnerable Software and Affected Versions: Telegram Web version 15.3.1 Description: The issue allows for XSS via a certain payload derived from a Target Corporation website. Some third parties have been unable to discern any relationship between the Pastebin information and a possible...

PT-2022-27198 · Tenda · Tenda I21

Name of the Vulnerable Software and Affected Versions: Tenda i21 version 1.0.0.144656 Description: The issue is related to a Buffer Overflow that can be triggered via the "/goform/setUplinkInfo" API endpoint. This allows for potential exploitation. Recommendations: For Tenda i21 version...

PT-2022-27600 · Tenda · Tenda Ac6V1.0

Name of the Vulnerable Software and Affected Versions: Tenda AC6V1.0 version 15.03.05.19 Description: A buffer overflow issue was discovered via the schedEndTime parameter in the setSchedWifi function. This allows for potential exploitation. Recommendations: For Tenda AC6V1.0 version 15.03.05.19,...

PT-2022-26368 · Sourcecodester · Sourcecodester Event Registration System

Name of the Vulnerable Software and Affected Versions: SourceCodester Event Registration System version 1.0 Description: A vulnerability has been found in the SourceCodester Event Registration System, allowing for cross site scripting through the manipulation of the First Name/Last Name argument ...

PT-2022-27151 · Totolink · Totolink Nr1800X

Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue concerns a command injection via the FileName parameter in the setUploadSetting function. This allows for potential malicious commands to be executed. No information is...

PT-2022-13978 · WordPress +1 · Login Block Ips

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: The issue concerns the function check is login page, which relies on headers for IP checks. This approach can be easily spoofed, potentially allowing unauthorized access...

PT-2022-24516 · Jenkins · Jenkins Ns-Nd Integration Performance Publisher Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins NS-ND Integration Performance Publisher Plugin versions 4.8.0.146 and earlier Description: The issue concerns the unconditional disabling of SSL/TLS certificate and hostname validation for several features. There are no known...

PT-2022-26223 · Tenda · Tenda Ac1200 Router

Name of the Vulnerable Software and Affected Versions: Tenda AC1200 Router Model W15Ev2 version V15.11.0.101576 Description: A command injection issue was discovered via the PortMappingServer parameter in the setPortMapping function. This allows for potential exploitation. Recommendations: For...

PT-2022-5810 · Cisco · Cisco Ftd +1

Name of the Vulnerable Software and Affected Versions: Cisco Firepower Threat Defense FTD Software affected versions not specified Description: A vulnerability in the management web server of Cisco Firepower Threat Defense FTD Software could allow an authenticated, remote attacker with high...

PT-2022-6134 · Sap · Sap Sql Anywhere

Name of the Vulnerable Software and Affected Versions: SAP SQL Anywhere version 17.0 Description: The issue is related to the lack of protection for the SQL query structure in SAP SQL Anywhere. An authenticated attacker can exploit this by crashing the server with specially crafted queries that u...

PT-2022-5505

Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A security feature bypass issue exists in the BitLocker Device Encryption of Windows operating systems due to security configuration errors. This flaw allows an attacker to bypass security...

PT-2022-27181 · Picoc · Picoc

Name of the Vulnerable Software and Affected Versions: PicoC version 3.2.2 Description: A heap buffer overflow was discovered in the StdioOutPutc function in stdlib/stdio.c when called from ExpressionParseFunctionCall. This issue affects the StdioOutPutc function, which is part of the PicoC...