PT-2024-38290 · Sourcecodester · Sourcecodester Tracking Monitoring Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Tracking Monitoring Management System version 1.0 Description: A vulnerability was found in the system, affecting some unknown functionality of the file "/ajax.php?action=save establishment". The manipulation of the name argume...

Use After Free in vim/vim

...

PT-2024-27739 · 14Finger · 14Finger

Name of the Vulnerable Software and Affected Versions: 14Finger version 1.1 Description: The issue allows for arbitrary user deletion through the "/api/admin/user?id" API endpoint. This endpoint is used for administrative purposes, and the vulnerability could be exploited to delete users without...

PT-2024-37690 · Unknown · Codeigniter

Name of the Vulnerable Software and Affected Versions: CodeIgniter Ecommerce-CodeIgniter-Bootstrap up to 1998845073cf433bc6c250b0354461fbd84d0e03 Description: A problematic vulnerability has been found in CodeIgniter Ecommerce-CodeIgniter-Bootstrap. The manipulation of the argument search...

PT-2024-4153 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.3 FortiOS version 7.2 and earlier FortiOS version 7.0 and earlier FortiProxy versions prior to 7.4.2 FortiProxy version 7.2 and earlier FortiProxy version 7.0 and earlier Description: The issue is related to an...

SUSE CVE-2023-1252

A use-after-free flaw was found in the Linux kernel's Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...

PT-2024-25492 · Unknown · Campcodes Complete Web-Based School Management System

Name of the Vulnerable Software and Affected Versions: campcodes Complete Web-Based School Management System version 1.0 Description: A SQL injection issue allows an attacker to execute arbitrary SQL commands via the id parameter in the "/model/get student.php" API endpoint. Recommendations: For...

PT-2024-35943 · Unknown · Lakernote Easyadmin

Name of the Vulnerable Software and Affected Versions: lakernote EasyAdmin up to 20240324 Description: A problematic vulnerability has been found in lakernote EasyAdmin, affecting an unknown part of the file /sys/file/upload. The manipulation of the file argument leads to cross-site scripting. It...

PT-2024-26242 · Flyfish · Flyfish

Name of the Vulnerable Software and Affected Versions: FlyFish version 3.0.0 Description: The issue is a buffer overflow via the password parameter on the login page, allowing attackers to cause a Denial of Service DoS via a crafted input. This can potentially lead to system compromise...

PT-2024-31163 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.19 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'Fancy Text', 'Filter Gallery', 'Sticky Video', 'Content Ticker',...

PT-2024-25811 · Unknown · Cmsaasstarter

Name of the Vulnerable Software and Affected Versions: CMSaaSStarter versions prior to commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 Description: The issue concerns the verification of the user JWT Token on the server session. Recommendations: For versions prior to commit...

PT-2024-23658 · Hadsky · Hadsky

Name of the Vulnerable Software and Affected Versions: HadSky version 7.6.3 Description: A stored cross-site scripting XSS issue in the remotelink function allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the url parameter. Recommendations: For HadSky...

PT-2024-3723 · Oracle +1 · Oracle Graalvm Enterprise Edition +2

Name of the Vulnerable Software and Affected Versions: Oracle GraalVM for JDK versions 17.0.10, 21.0.2, 22 Oracle GraalVM Enterprise Edition versions 20.3.13, 21.3.9 Description: The issue is related to insufficient protection of internal data in the Compiler component of Oracle GraalVM for JDK a...

PT-2024-2503 · Hitachi · Hitachi Virtual Storage Platform G400 +39

Name of the Vulnerable Software and Affected Versions: Hitachi Virtual Storage Platform versions prior to DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00 Hitachi Virtual Storage Platform VP9500 versions prior to DKCMAIN Ver. 70-06-74-00/00, SVP Ver. 70-06-58/00 Hitachi Virtual Storage Platform...

CVE-2024-2828

A vulnerability, which was classified as critical, was found in lakernote EasyAdmin up to 20240315. Affected is the function thumbnail of the file src/main/java/com/laker/admin/module/sys/controller/IndexController.java. The manipulation of the argument url leads to server-side request forgery. I...

EulerOS 2.0 SP10 : sqlite (EulerOS-SA-2024-1347)

According to the versions of the sqlite package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the fil...

PT-2024-20792 · Idurar · Idurar

Name of the Vulnerable Software and Affected Versions: iDURAR version 2.0.0 Description: A Path Traversal vulnerability exists, allowing unauthenticated attackers to expose sensitive files via the download functionality. The issue can be exploited using backslashes. For example, an attacker can u...

PT-2024-19579 · Timo · Timo

Name of the Vulnerable Software and Affected Versions: Timo version 2.0.3 Description: The issue allows a remote attacker to execute arbitrary code via the filetype restrictions in the UploadController.java component. Recommendations: For Timo version 2.0.3, consider disabling the...

PT-2024-38477 · Sourcecodester · Sourcecodester Clinics Patient Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Clinics Patient Management System version 1.0 Description: A vulnerability was found in the User Page component, specifically in the file users.php, which can lead to cross-site request forgery. The attack can be initiated...

PT-2024-16083 · Unknown · Gabriels Ftp Server

Name of the Vulnerable Software and Affected Versions: Gabriels FTP Server version 1.2 Description: A problematic issue affects some unknown processing in the software. The manipulation of the USERNAME argument leads to denial of service. The attack may be initiated remotely. It is estimated that...