408 matches found
PT-2024-19447 · Beetl-Bbs · Beetl-Bbs
Name of the Vulnerable Software and Affected Versions: beetl-bbs version 2.0 Description: The issue is related to a Cross Site Scripting XSS flaw that allows attackers to execute arbitrary code. This is achieved by exploiting the keyword parameter in the "/index" API endpoint. Recommendations: Fo...
PT-2023-27969 · Unknown · Jeecg-Boot
Name of the Vulnerable Software and Affected Versions: jeecg-boot version 3.5.3 Description: The issue is an SSTI injection vulnerability that allows remote attackers to execute arbitrary code via a crafted HTTP request to the "/jmreport/loadTableData" component. This enables attackers to...
PT-2023-7497 · Microsoft · Edge
Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The vulnerability is related to insufficient input validation in Microsoft Edge, allowing a remote attacker to bypass security restrictions and elevate their privilege...
PT-2023-24161 · Qualcomm · Gps Hlos Driver
Name of the Vulnerable Software and Affected Versions: GPS HLOS Driver affected versions not specified Description: A cryptographic issue exists in the GPS HLOS Driver while downloading Qualcomm GNSS assistance data. Recommendations: At the moment, there is no information about a newer version th...
PT-2023-24781
Name of the Vulnerable Software and Affected Versions Kyocera TASKalfa 4053ci printers versions 2VG S000.002.561 and earlier Description The issue allows directory traversal to read arbitrary files on the filesystem, even files that require root privileges, via the /wlmdeu%2f%2e%2e%2f%2e%2e...
PT-2023-36278 · Unknown · Cni-Plugins
Name of the Vulnerable Software and Affected Versions: cni-plugins affected versions not specified Description: The issue is related to a security release in the go 1.21 package, which is used to rebuild the cni-plugins package. Recommendations: At the moment, there is no information about a newe...
PT-2023-21848 · Unknown · Freewill Ifis
Name of the Vulnerable Software and Affected Versions: Freewill iFIS aka SMART Trade version 20.01.01.04 Description: The issue allows OS Command Injection via shell metacharacters to a report page. Recommendations: For Freewill iFIS aka SMART Trade version 20.01.01.04, consider restricting acces...
PT-2023-27084 · Unknown · Free/Open Source Inventory Management System
Name of the Vulnerable Software and Affected Versions: Free and Open Source Inventory Management System version 1.0 Description: Multiple cross-site scripting XSS vulnerabilities allow attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name, Address, and...
GHSA-W23Q-4HW3-2PP6 Minio vulnerable to Privilege Escalation on Windows via Path separator manipulation
Impact All users on Windows are impacted. MinIO fails to filter the \ character, which allows for arbitrary object placement across buckets. As a result, a user with low privileges, such as an access key, service account, or STS credential, which only has permission to PutObject in a specific...
PT-2023-27616 · Phpjabbers · Phpjabbers Fundraising Script
Name of the Vulnerable Software and Affected Versions: PHPJabbers Fundraising Script version 1.0 Description: The issue is related to Cross Site Scripting XSS via the action parameter of "index.php". This allows for potential malicious script execution. The estimated number of potentially affecte...
PT-2023-25028 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS versions through 5.7.109 Description: The issue allows remote attackers to run arbitrary code via a crafted POST request to the "/dede/tpl.php" API endpoint. This enables attackers to execute arbitrary code on the affected system...
PT-2023-18032 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue is related to the ShortcutInfo.java file, where an uncaught exception can allow an app to retain notification listening access. This could lead to local escalation of privilege...
PT-2023-3896 · Totolink · Totolink Lr350
Name of the Vulnerable Software and Affected Versions: TOTOLINK LR350 version 9.3.5u.6369 B20220309 Description: The issue is related to a command injection vulnerability via the hostname parameter in the setOpModeCfg function. This vulnerability is associated with a lack of input data...
PT-2023-11605 · Duxcms · Duxcms
Name of the Vulnerable Software and Affected Versions: DuxCMS version 2.1 Description: A directory traversal issue allows attackers to delete arbitrary files via the /admin/AdminBackup/del API endpoint. This enables attackers to potentially disrupt system functionality or destroy sensitive data...
PT-2023-3119 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in the representation of information by the user interface in the Windows DNS service. This can allow a remote attacker to conduct spoofing attacks...
PT-2023-18569 · Danfoss · Danfoss Ak-Em100
Name of the Vulnerable Software and Affected Versions: Danfoss AK-EM100 affected versions not specified Description: The issue concerns the storage of login credentials in cleartext. This means that the credentials are not encrypted, potentially allowing unauthorized access. No information is...
CVE-2023-20735
In vcu, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07645149; Issue ID: ALPS07645178...
PT-2023-23547 · Yasm +1 · Yasm +1
Name of the Vulnerable Software and Affected Versions: yasm version 1.3.0 Description: A use after free issue was discovered in the pp getline function at /nasm/nasm-pp.c. Note that multiple third parties dispute this as a bug and not a vulnerability according to the YASM security policy...
PT-2025-25963 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the drm/i915/ttm component. The issue involves the potential leak of the CCS state from the previous user, which the...
PT-2023-16329 · WordPress · Enable/Disable Auto Login When Register
Name of the Vulnerable Software and Affected Versions: Enable/Disable Auto Login when Register WordPress plugin versions 1.1.0 and earlier Description: The issue concerns a lack of CSRF check when updating settings in the Enable/Disable Auto Login when Register WordPress plugin. This could allow...