PT-2024-8069 · Microsoft · Windows Update Stack +1

Name of the Vulnerable Software and Affected Versions: Windows Update Stack versions prior to the fixed version Description: The issue is related to inadequate access control in the Windows Update Stack component of the Microsoft Windows operating system. This can be exploited to elevate...

CVE-2020-26309 GHSL-2020-303: Regular Expression Denial of Service (ReDoS) in nope-validator

Validate.js provides a declarative way of validating javascript objects. Versions 0.11.3 and prior contain one or more regular expressions that are vulnerable to Regular Expression Denial of Service ReDoS. As of time of publication, it is unknown if any patches are available...

CVE-2020-26309

CVE-2020-26309 concerns the Nope-validator (Validate.js) library. Versions 0.11.3 and earlier contain one or more regular expressions vulnerable to Regular Expression Denial of Service (ReDoS). Documented sources indicate this is a high-severity issue (CVSS-like: HIGH) with potential network expo...

CVE-2024-49359

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoint http:///v21/file in ZimaOS is vulnerable to a directory traversal attack, allowing authenticated users to list the contents of any directory on...

Security Advisory Ivanti Connect Secure and Policy Secure (CVE-2024-37404)

Summary Ivanti has released updates for Ivanti Connect Secure and Policy Secure which addresses a critical vulnerability. Successful exploitation could allow a remote authenticated attacker to achieve remote code execution. We are not aware of any customers being exploited by this vulnerability a...

Security Advisory Ivanti Endpoint Manager Mobile (EPMM) (CVE-2024-7612) 

Summary: Ivanti has released updates for Ivanti EPMM which addresses a high severity vulnerability. Successful exploitation could lead to an authenticated attacker accessing or modifying configuration files. We are not aware of any customers being exploited by these vulnerabilities at the time of...

PT-2024-7244 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: The issue is related to a buffer overflow vulnerability in the formSetWanPPPoE function of the /goform/formSetWanPPPoE file. This vulnerability can be exploited by sending a specially crafted...

PT-2024-12944 · Victure · Victure Pc420

Name of the Vulnerable Software and Affected Versions: Victure PC420 version 1.1.39 Description: The issue concerns a hardcoded root password stored in plaintext. Recommendations: For Victure PC420 version 1.1.39, consider changing the hardcoded root password to a unique and secure password as a...

PT-2024-7673 · Intel · Intel Raid Web Console

Name of the Vulnerable Software and Affected Versions: IntelR RAID Web Console software all versions Description: The issue is related to improper access control in the IntelR RAID Web Console software, which may allow an authenticated user to potentially enable denial of service via adjacent...

PT-2024-31886 · Tenda · Tenda Fh451

Name of the Vulnerable Software and Affected Versions: Tenda FH451 version 1.0.0.9 Description: The issue is a stack overflow vulnerability located in the RouteStatic function. This vulnerability enables remote code execution. Recommendations: For Tenda FH451 version 1.0.0.9, consider disabling t...

PT-2024-30191 · Unknown · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG versions 5.6 and earlier Description: A SQL Injection flaw exists in ESAFENET CDG, allowing an attacker to execute arbitrary code via the id parameter of the "data.jsp" page. Recommendations: For ESAFENET CDG versions 5.6 and...

PT-2024-30184 · Exiftags +1 · Exiftags +1

Name of the Vulnerable Software and Affected Versions: exiftags version 1.01 Description: A Buffer Overflow vulnerability in exiftags allows a local attacker to execute arbitrary code via the paresetag function. This issue enables local code execution. Recommendations: For exiftags version 1.01, ...

PT-2024-22012 · Friendica · Friendica

Name of the Vulnerable Software and Affected Versions: Friendica version 2023.12 Description: A Cross Site Scripting issue allows a remote attacker to obtain sensitive information via the location parameter of the calendar event feature. Recommendations: For Friendica version 2023.12, consider...

PT-2024-30232 · Tenda · Tenda Fh1206

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 02.03.01.35 Description: A stack overflow vulnerability was discovered, allowing attackers to cause a Denial of Service DoS via a crafted POST request. The issue is related to the page parameter in the...

Security Advisory: Ivanti Neurons for ITSM (CVE-2024-7569, CVE-2024-7570)

Ivanti has released updates for Ivanti Neurons for ITSM which addresses a critical severity vulnerability and a high severity vulnerability. Please note: the patch has been applied to all Ivanti Neurons for ITSM Cloud landscapes as of August 4. No further action is needed for cloud customers, we...

Security Advisory Ivanti Avalanche 6.4.4 (CVE-2024-38652, CVE-2024-38653, CVE-2024-36136, CVE-2024-37399, CVE-2024-37373)

Ivanti has released updates for Ivanti Avalanche, in version 6.4.4, which addresses high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure. Vulnerability Details: CVE Number | Description | CVSS Score Severity | CVSS...

PT-2024-5650 · Microsoft · Windows Cloud Files Mini Filter Driver +2

Name of the Vulnerable Software and Affected Versions: Windows Cloud Files Mini Filter Driver affected versions not specified Windows Server versions up to Server 2022 23H2 Description: The issue is related to an elevation of privilege vulnerability in the Windows Cloud Files Mini Filter Driver. ...

Flowise Cross-site Scripting in /api/v1/public-chatflows/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/public-chatflows/id endpoint. If the default configuration is used unauthenticated, an attacker may be able to...

Flowise Cross-site Scripting in /api/v1/chatflows-streaming/id

Flowise is a drag & drop user interface to build a customized large language model flow. In version 1.4.3 of Flowise, a reflected cross-site scripting vulnerability occurs in the /api/v1/chatflows-streaming/id endpoint. If the default configuration is used unauthenticated, an attacker may be able...

PT-2024-28258 · Horizon Business Services Inc. · Caterease

Name of the Vulnerable Software and Affected Versions: Horizon Business Services Inc. Caterease versions 16.0.1.1663 through 24.0.1.2405 Description: The issue allows a remote attacker to expand control over the operating system from the database due to the execution of commands with unnecessary...