PT-2024-38540 · Secom · Dr.Id Access Control System

Name of the Vulnerable Software and Affected Versions: Dr.ID Access Control System from SECOM versions up to 3.6.2 Description: The issue allows unauthenticated remote attackers to inject SQL commands, enabling them to read, modify, and delete database contents due to improper validation of a...

PT-2024-28879 · Unknown · Puneethreddyhc Online Shopping System

Name of the Vulnerable Software and Affected Versions: PuneethReddyHC Online Shopping system advanced version 1.0 Description: The issue allows an attacker to execute arbitrary code. An unauthenticated remote attacker can manipulate the address1 variable in the "register.php" endpoint...

PT-2024-23636 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue concerns a SQL injection vulnerability. It can be exploited via the "/admin/config ISCGroupSSLCert.php" API endpoint. This could potentially allow for remote attacks. Recommendations: For...

Patch CVE-2023-23397 Immediately: What You Need To Know and Do

We break down the basic information of CVE-2023-23397, the zero-day, zero-touch vulnerability that was rated 9.8 on the Common Vulnerability Scoring System CVSS scale...

CVE-2023-25610 a critical RCE vulnerability in FortiOS: everything you need to know

CVE-2023-25610 is a critical RCE vulnerability in FortiOS. This vulnerability is a buffer underwrite bug in the administrative interface which could allow a remote unauthenticated attacker to execute code using specially crafted requests. Affected customers should patch immediately...