PT-2023-12517 · WordPress · Elasticpress

Name of the Vulnerable Software and Affected Versions: ElasticPress plugin for WordPress versions up to, and including, 3.5.3 Description: The issue is due to missing or incorrect nonce validation on the epio send autosuggest allowed function, making it possible for unauthenticated attackers to...

PT-2023-15713 · Google · Widevine Trusted Application

Name of the Vulnerable Software and Affected Versions: Widevine Trusted Application TA versions 5.0.0 through 5.1.1 Description: The issue is related to an integer overflow and resultant buffer overflow in the drm verify keys function, specifically with the total len+file name len calculation. Th...

PT-2023-22402 · Twilight · Twilight

Name of the Vulnerable Software and Affected Versions: Twilight version 13.3 Description: The issue allows unauthorized apps to cause escalation of privilege attacks by manipulating the SharedPreference files. This can lead to unauthorized access and control. Recommendations: For Twilight version...

PT-2023-24601

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 12.5.6 Description OpenProject is web-based project management software. A robots.txt file is generated to denote which routes shall or shall not be accessed by crawlers, containing project identifiers of all publ...

PT-2023-23366 · Altenergy · Altenergy Power Control

Name of the Vulnerable Software and Affected Versions: Altenergy Power Control Software version C1.2.5 Description: The issue is related to a remote code execution RCE vulnerability. It affects the component /models/management model.php, allowing for potential exploitation. Recommendations: For...

PT-2023-23511 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version 3.0.0 Description: A heap-buffer-overflow issue was discovered in Jerryscript via the component scanner literal is created at /jerry-core/parser/js/js-scanner-util.c. Recommendations: For Jerryscript version 3.0.0, conside...

PT-2023-23621 · Sap · S4Core +1

Name of the Vulnerable Software and Affected Versions: SAP APPL versions 500 through 618 S4CORE version 100 Description: The Vendor Master Hierarchy does not perform necessary authorization checks for an authenticated user to access some of its functions. This could lead to modification of data...

PT-2023-12929 · Tooljet · Tooljet

Name of the Vulnerable Software and Affected Versions: ToolJet version 1.6.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Comment Body component. Recommendations: For ToolJet version 1.6.0, consider...

PT-2023-17437 · Unknown · Novel-Plus

Name of the Vulnerable Software and Affected Versions: novel-plus version 3.6.2 Description: A critical issue was found in the software, affecting an unknown functionality of the file "/category/list?limit=10&offset=0&order=desc". The manipulation of the sort argument leads to SQL injection. This...

PT-2023-22742 · Jenkins · Jenkins Kubernetes Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes Plugin versions 3909.v1f2c633e8590 and earlier Description: The issue arises from the Jenkins Kubernetes Plugin not properly masking credentials in the build log when push mode for durable task logging is enabled. This...

PT-2023-2623 · Nexx · Nexx Garage Door Controller +3

Name of the Vulnerable Software and Affected Versions: Nexx Smart Home devices affected versions not specified Nexx Garage Door Controller NXG-100B, NXG-200 Nexx Smart Plug NXPG-100W Nexx Smart Alarm NXAL-100 Description: The issue is related to weaknesses in the authentication procedure of Nexx...

PT-2023-17019 · Hkcms · Hkcms

Name of the Vulnerable Software and Affected Versions: HkCms version 2.2.4.230206 Description: A problematic issue was found in the External Plugin Handler component, affecting an unknown part of the file /admin.php/appcenter/local.html?type=addon. This issue leads to code injection and can be...

PT-2023-1716 · Moxa · Nport 6000 +1

Name of the Vulnerable Software and Affected Versions: Line version 13.6.1 NPort 6000 affected versions not specified NPort Windows Driver Manager affected versions not specified Description: An issue in the Cleaning makotoya mini-app on Line allows attackers to send crafted malicious notificatio...

PT-2023-3040 · Tenda · Tenda G103

Name of the Vulnerable Software and Affected Versions: Tenda G103 version 1.0.0.5 Description: A command injection issue allows an attacker to execute arbitrary code via the language parameter. This can compromise the integrity, availability, and confidentiality of protected information. The...

PT-2023-18189 · Unknown · Wifisevice

Name of the Vulnerable Software and Affected Versions: WifiSevice versions prior to SMR Jan-2023 Release 1 Description: The issue is related to an improper authorization vulnerability in the semAddPublicDnsAddr function within the WifiSevice. This vulnerability allows attackers to set a custom DN...

PT-2023-15571 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: lmxcms version 1.41 Description: The issue is related to an arbitrary file read vulnerability. It affects the TemplateAction.class.php file, allowing unauthorized access to files. Recommendations: For lmxcms version 1.41, consider restricting...

PT-2023-13493 · Google +1 · Gboard +1

Name of the Vulnerable Software and Affected Versions: Zebra Enterprise Home Screen version 4.1.19 Description: An issue was discovered where the Gboard used by different applications can be used to launch and use several other applications that are restricted by the admin. Recommendations: For...

PT-2022-27891 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda F1203 version 2.0.1.6 Description: A buffer overflow issue was discovered in the security parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda F1203 version 2.0.1.6, consider restricting access to the...

PT-2022-22089 · Apache · Apache Atlas

Name of the Vulnerable Software and Affected Versions: Apache Atlas versions 0.8.4 through 2.2.0 Description: A vulnerability in the import module of Apache Atlas allows an authenticated user to write to the web server filesystem. Recommendations: For Apache Atlas versions 0.8.4 through 2.2.0,...

CVE-2022-46834

Use of a Broken or Risky Cryptographic Algorithm in SICK RFU65x firmware version v2.21 allows a low-privileged remote attacker to decrypt the encrypted data if the user requested weak cipher suites to be used for encryption via the SSH interface. The patch and installation procedure for the...