PT-2024-31847 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A vulnerability was found in DedeCMS, affecting unknown code of the file /src/dede/sys group edit.php. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The vendor was...

PT-2024-25925 · Clario · Clario

Name of the Vulnerable Software and Affected Versions: Clario through 2024-04-11 for Desktop Description: The issue is related to weak permissions for the %PROGRAMDATA%Clario directory and the attempt to load DLLs from this location as SYSTEM. Recommendations: For Clario through 2024-04-11 for...

PT-2024-21775 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM Db2 for Linux, UNIX and Windows includes DB2 Connect Server versions 10.5, 11.1, and 11.5 Description: The issue is related to a denial of service condition that can be triggered with a specially crafted query under certain conditions...

PT-2024-2406 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 versions 15.03.05.18 through 15.03.20 multi Description: A critical issue affects the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed dir leads to a stack-based buffer overflow. This...

PT-2024-21782 · Ibm · Ibm Maximo Application Suite

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite version 7.6.1.3 Description: The issue is related to an XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this to expose sensitive information or consume memory...

PT-2024-2436 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.19 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could allow an attacker to inject malicious scripts into vulnerable form fields. This could lead to...

PT-2024-14631 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free UAF issue has been resolved in the Linux kernel. The pmif driver data, which contains clocks, is allocated along with spmi controller. When a device is removed, spmi...

PT-2024-21976 · Supercali · Supercali

Name of the Vulnerable Software and Affected Versions: SuperCali version 1.1.0 Description: A reflected cross-site scripting XSS issue exists, allowing remote attackers to execute arbitrary JavaScript code via the email parameter in the "bad password.php" page. This could potentially affect a...

PT-2024-20958 · Terrasoft · Creatio Terrasoft Crm

Name of the Vulnerable Software and Affected Versions: Creatio Terrasoft CRM version 7.18.4.1532 Description: The issue allows a remote attacker to obtain sensitive information via a crafted request to the "terrasoft.axd" component. This enables the attacker to potentially access unauthorized dat...

Wordfence Intelligence Weekly WordPress Vulnerability Report (February 5, 2024 to February 11, 2024)

Did you know were running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through February 29th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 95 vulnerabilities disclosed in 65...

PT-2024-13876 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The issue is mentioned on Twitter with a link provided, but the details about the issue itself are not specified. There is no information about...

PT-2024-1409 · Zyxel · Zyxel Nas326 +1

Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.15C0 Zyxel NAS542 versions through V5.21ABAG.12C0 Description: The issue is related to a post-authentication command injection vulnerability. It could allow an authenticated attacker with administrator...

PT-2023-9116 · Tenda · Tenda I6

Name of the Vulnerable Software and Affected Versions: Tenda i6 version 1.0.0.83856 Description: The issue is related to a buffer overflow vulnerability in the Wi-Fi router's microprogram, specifically in the /goform/WifiMacFilterSet component. This vulnerability can be exploited by a remote...

PT-2023-30682 · Httpie +1 · Httpie +1

Name of the Vulnerable Software and Affected Versions: HTTPie version 3.2.2 Description: The issue allows attackers to eavesdrop on communications between the host and server via a man-in-the-middle attack due to missing SSL certificate validation. Recommendations: For HTTPie version 3.2.2,...

kernel: ovl: fix use after free in struct ovl_aio_req

A use-after-free flaw was found in the Linux kernel’s Ext4 File System in how a user triggers several file operations simultaneously with the overlay FS usage. This flaw allows a local user to crash or potentially escalate their privileges on the system. Only if patch 9a2544037600 "ovl: fix use...

PT-2025-38390

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the trace/blktrace module when using the debugfs lookup function. Failing to call dput on the result of debugfs lookup leads to a memory leak over time. The issue...

PT-2023-6361 · Connectize · Connectize Ac21000 G6

Name of the Vulnerable Software and Affected Versions: Connectize AC21000 G6 version 641.139.1.1256 Description: The issue is related to a Cross Site Scripting XSS vulnerability that allows attackers to run arbitrary code via a crafted string when setting the Wi-Fi password in the admin panel. Th...

PT-2023-5999 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.2.4 Fortinet FortiOS version 7.4.0 Description: The issue is related to improper access control in the FortiOS REST API component, allowing an attacker to access restricted resources from non-trusted...

PT-2023-28727 · Jfinalcms +1 · Jfinalcms +1

Name of the Vulnerable Software and Affected Versions: SpringbootCMS version 1.0 JFinalCMS affected versions not specified Description: The issue allows malicious code to be embedded in the foreground message and saved in the database. When users browse comments, the embedded malicious code in th...

PT-2024-14770

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to an unintentional integer overflow in the Linux kernel, specifically in the drm/mediatek component. The problem arises from multiplying two variables of different...