CVE-2018-25106

A vulnerability, which was classified as critical, has been found in webuidesigning NebulaX Theme up to 5.0 on WordPress. This issue affects the function nebulasendtohubspot of the file libs/Legacy/Legacy.php. The manipulation leads to sql injection. The attack may be initiated remotely. The patc...

CVE-2024-12895

TreasureHuntGame TreasureHunt (up to commit 963e0e0) is affected by a SQL injection in the console_log function of TreasureHunt/checkflag.php, triggered by manipulating the problema parameter. Exploitation is described as remote, withImpact reported as high (per CVE metrics). A patch is available...

CVE-2024-10783 MainWP Child <= 5.3.3 - Missing Authorization to Unauthenticated Privilege Escalation

The MainWP Child – Securely Connects to the MainWP Dashboard to Manage Multiple Sites plugin for WordPress is vulnerable to privilege escalation due to a missing authorization checks on the registersite function in all versions up to, and including, 5.2 when a site is left in an unconfigured stat...

PT-2024-17616 · Dromara · Dromara Ujcms

Name of the Vulnerable Software and Affected Versions: Dromara UJCMS versions up to 9.6.3 Description: A problematic vulnerability has been found in Dromara UJCMS, affecting an unknown part of the file /users/id of the component User ID Handler. The manipulation leads to authorization bypass. It ...

CBL Mariner 2.0 Security Update: hvloader (CVE-2024-28960)

The version of hvloader installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28960 advisory. - An issue was discovered in Mbed TLS 2.18.0 through 2.28.x before 2.28.8 and 3.x before 3.6.0, and Mbed...

CVE-2024-11664

A vulnerability, which was classified as critical, has been found in eNMS up to 4.2. Affected by this issue is the function multiselectfiltering of the file eNMS/controller.py of the component TGZ File Handler. The manipulation leads to path traversal. The attack may be launched remotely. The...

PT-2024-16898 · Unknown · Altenergy Power Control

Name of the Vulnerable Software and Affected Versions: Altenergy Power Control Software versions up to 20241108 Description: A critical issue has been found in the software, affecting some unknown processing of the file /index.php/display/database/, leading to improper authorization. The attack m...

PT-2024-24190 · Binance · Binance

Name of the Vulnerable Software and Affected Versions: Binance: BTC, Crypto and NFTS version 2.85.4 Description: A misconfiguration in the fingerprint authentication mechanism allows attackers to bypass authentication when adding a new fingerprint. Recommendations: For version 2.85.4, consider...

PT-2024-35211 · Unknown · Do That Task

Name of the Vulnerable Software and Affected Versions: Do That Task versions 1.5.5 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized access to the...

Fedora 37 : mingw-python3 (2022-3e859b6bc6)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-3e859b6bc6 advisory. Backport patch for CVE-2022-45061. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

PT-2024-35013 · Unknown · Gboy Custom Google Map

Name of the Vulnerable Software and Affected Versions: Gboy Custom Google Map versions n/a through 1.2 Description: The issue is related to an SQL Injection vulnerability, specifically an Improper Neutralization of Special Elements used in an SQL Command. This allows for Blind SQL Injection, whic...

PT-2024-16669 · Emq · Emqx Neuron

Name of the Vulnerable Software and Affected Versions: emqx neuron versions up to 2.10.0 Description: A vulnerability was found in emqx neuron, affecting an unknown functionality of the file "/api/v2/schema" of the component JSON File Handler. This leads to information disclosure and can be...

PT-2024-16061 · Unknown · Code-Projects Blood Bank System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank System version 1.0 Description: A vulnerability has been found in the code and classified as problematic. This issue affects unknown code of the file /viewrequest.php, leading to cross site scripting. The attack can b...

PT-2024-37998 · Parisneo · Lollms-Webui

Name of the Vulnerable Software and Affected Versions: parisneo/lollms-webui version 9.8 Description: A Denial of Service DOS attack can be performed when uploading an audio file. If an attacker appends a large number of characters to the end of a multipart boundary, the system will continuously...

PT-2024-9823 · Fortinet · Forticlientmac +3

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.2 FortiClientLinux versions 7.0.0 through 7.0.11, 7.2.0 FortiClientMac versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 Description: The issue is related to an improper...

PT-2024-38031 · Unknown · Control Fpwin Pro

Name of the Vulnerable Software and Affected Versions: Control FPWIN Pro versions 7.7.2.0 and all previous versions Description: A stack-based buffer overflow in Control FPWIN Pro may allow attackers to execute arbitrary code via a specially crafted project file. This issue can be exploited by...

PT-2024-30058 · Pligg Cms · Pligg Cms

Name of the Vulnerable Software and Affected Versions: Pligg CMS version 2.0.2 Description: A Cross-Site Request Forgery CSRF issue was found in Pligg CMS. The issue is related to the "/admin/admin log.php?clear=1" endpoint. Recommendations: For Pligg CMS version 2.0.2, update to a version that...

PT-2024-30027 · Unknown · School Management System

Name of the Vulnerable Software and Affected Versions: School Management System version bae5aa Description: A SQL injection issue was discovered in the School Management System, allowing unauthorized data access and manipulation via the sid parameter at the "/search.php?action=2" endpoint. This...

PT-2024-38523 · Armember · Armember

Name of the Vulnerable Software and Affected Versions: The ARMember – Membership Plugin versions up to, and including, 4.0.37 Description: The issue is related to Stored Cross-Site Scripting via SVG File uploads due to insufficient input sanitization and output escaping. This allows authenticated...

PT-2024-25601 · Payment · Payment

Name of the Vulnerable Software and Affected Versions: Payment software version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server, potentially retrieving all stored information through the id parameter in the...