4606 matches found
PT-2023-22823 · Jellyfin · Jellyfin
Name of the Vulnerable Software and Affected Versions: Jellyfin versions 10.8.0 through 10.8.10 Description: The issue is related to a directory traversal vulnerability inside the ClientLogController, specifically /ClientLog/Document. This vulnerability can be combined with a cross-site scripting...
PT-2023-18484 · Podofo · Podofo
Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.10.0 Description: A critical vulnerability was found in PoDoFo, affecting the function readXRefStreamEntry of the file PdfXRefStreamParserObject.cpp. The manipulation leads to heap-based buffer overflow. An attack must be...
PT-2023-21342 · Unknown · Online Jewelry Shop
Name of the Vulnerable Software and Affected Versions: Online Jewelry Shop version 1.0 Description: A cross-site scripting XSS issue was discovered that allows attackers to execute arbitrary script via a crafted URL. Recommendations: For Online Jewelry Shop version 1.0, consider disabling the...
CVE-2023-29519 Code injection in org.xwiki.platform:xwiki-platform-attachment-ui
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own...
PT-2023-22448 · Wbce Cms · Wbce Cms
Name of the Vulnerable Software and Affected Versions: WBCE CMS version 1.5.3 Description: The issue is a command execution vulnerability. It can be exploited via the admin/languages/install.php endpoint. Recommendations: For WBCE CMS version 1.5.3, consider disabling access to the...
CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1
CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is available...
FreeBSD : libxml2 -- multiple vulnerabilities (0bd7f07b-dc22-11ed-bf28-589cfc0f81b0)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0bd7f07b-dc22-11ed-bf28-589cfc0f81b0 advisory. - The libxml2 project reports: Hashing of empty dict strings isn't deterministic Fix null dere...
CVE-2023-30535 Snowflake JDBC vulnerable to command injection via SSO URL authentication
Snowflake JDBC provides a JDBC type 4 driver that supports core functionality, allowing Java program to connect to Snowflake. Users of the Snowflake JDBC driver were vulnerable to a command injection vulnerability. An attacker could set up a malicious, publicly accessible server which responds to...
PT-2023-3156 · Totolink · Totolink X18
Name of the Vulnerable Software and Affected Versions: TOTOLINK X18 version V9.1.0cu.2024 B20220329 Description: The issue is related to insufficient argument validation in the UploadFirmwareFile function of the TOTOLINK X18 router's firmware, allowing a remote attacker to execute arbitrary...
WordPress W4 Post List Plugin < 2.4.6 is vulnerable to Cross Site Scripting (XSS)
Software W4 Post List Type Plugin Vulnerable versions 2.4.6 Fixed in 2.4.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-1373 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID ad8aa4c045d1 Credits Erwan LR WPScan Required...
PT-2023-22316 · Bento4 · Bento4
Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: A segmentation violation was discovered in the AP4 TrunAtom::SetDataOffsetint function in Ap4TrunAtom.h. Recommendations: For Bento4 version 1.6.0-639, as a temporary workaround, consider disabling the AP...
CVE-2022-3707 affecting package kernel 5.10.172.1-1
CVE-2022-3707 affecting package kernel 5.10.172.1-1. A patched version of the package is available...
CVE-2023-1118 affecting package kernel 5.10.172.1-1
CVE-2023-1118 affecting package kernel 5.10.172.1-1. A patched version of the package is available...
CVE-2022-45142 affecting package heimdal 7.7.1-1
CVE-2022-45142 affecting package heimdal 7.7.1-1. A patched version of the package is available...
PT-2023-17353 · Unknown · Zhenfeng13 My-Blog
Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog affected versions not specified Description: A problematic issue was found in the software, affecting an unknown function of the file /admin/configurations/userInfo. The manipulation of the arguments yourAvatar, yourName, a...
PT-2023-19989 · Tenda · Tenda Ac5
Name of the Vulnerable Software and Affected Versions: Tenda AC5 version US AC5V1.0RTL V15.03.06.28 Description: The issue is related to a stack overflow via the form fast setting wifi set function, which can be exploited to cause a Denial of Service DoS or execute arbitrary code using a crafted...
PT-2023-5839 · Triangle Microworks · Scada Data Gateway
Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: The issue is related to the disclosure of information in the SCADA Data Gateway system. It allows remote attackers to disclose sensitive information on affect...
WordPress Product Catalog Simple Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)
Software Product Catalog Simple Type Plugin Vulnerable versions = 1.6.17 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48939529292d Credits minhtuana...
PT-2023-17280 · Unknown · Sourcecodester Online Payroll System
Name of the Vulnerable Software and Affected Versions: SourceCodester Online Payroll System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/attendance row.php. The manipulation of the id argument leads to sql injection,...
PT-2023-21333 · Wondershare · Wondershare Anireel
Name of the Vulnerable Software and Affected Versions: Wondershare Anireel version 1.5.4 Description: An issue in Wondershare Anireel allows a remote attacker to execute arbitrary commands via the anireel setup full9589.exe file. Recommendations: For Wondershare Anireel version 1.5.4, consider...