PT-2026-29080

Name of the Vulnerable Software and Affected Versions OpenSC versions prior to 0.27.0 Description OpenSC is a set of open source smart card tools and middleware. A stack-based buffer overflow can occur in the GET RESPONSE function when a user or administrator utilizes a token, allowing an attacke...

PT-2025-32545

Name of the Vulnerable Software and Affected Versions: LibTIFF versions prior to 4.5.1 Description: A stack-based buffer overflow issue exists in the tiffcrop component of LibTIFF, specifically within the readSeparateStripsetoBuffer function located in the tools/tiffcrop.c file. Local access is...

PT-2025-30806

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where a warning is triggered on invalid firmware input within the ath6kl module. This warning does not provide useful information and is a frequent...

CVE-2024-56517

LGSL (Live Game Server List) is affected by CVE-2024-56517 with a reflected XSS in the Referer header affecting versions up to 6.2.1. Attackers can inject arbitrary JavaScript that is echoed back into an HTML attribute in the response due to insufficient sanitization. The issue is caused by using...

CVE-2024-56517 LGSL has a reflected XSS at /lgsl_files/lgsl_list.php

LGSL Live Game Server List provides online status lists for online video games. Versions up to and including 6.2.1 contain a reflected cross-site scripting vulnerability in the Referer HTTP header. The vulnerability allows attackers to inject arbitrary JavaScript code, which is reflected in the...

PT-2024-17864 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Complaint Management System. This issue affects an unknown part of the file /admin/category.php. The manipulation of the...

PT-2024-28335 · Unknown · Cpacker Memgpt

Name of the Vulnerable Software and Affected Versions: Cpacker MemGPT version 0.3.17 Description: The issue is related to incorrect access control in the "/users" endpoint, allowing attackers to access sensitive data. Recommendations: For version 0.3.17, consider disabling access to the "/users"...

CVE-2023-38472 affecting package avahi for versions less than 0.8-3

CVE-2023-38472 affecting package avahi for versions less than 0.8-3. A patched version of the package is available...

CVE-2024-12952

A vulnerability classified as critical was found in melMass comfymtb up to 0.1.4. Affected by this vulnerability is the function runcommand of the file comfymtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection. The attack can be launched remotely. The...

CVE-2024-12952 melMass comfy_mtb Dependency endpoint.py run_command code injection

A vulnerability classified as critical was found in melMass comfymtb up to 0.1.4. Affected by this vulnerability is the function runcommand of the file comfymtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection. The attack can be launched remotely. The...

CVE-2024-12952 melMass comfy_mtb Dependency endpoint.py run_command code injection

A vulnerability classified as critical was found in melMass comfymtb up to 0.1.4. Affected by this vulnerability is the function runcommand of the file comfymtb/endpoint.py of the component Dependency Handler. The manipulation leads to code injection. The attack can be launched remotely. The...

PT-2024-17830 · Unknown · 1000 Projects Portfolio Management System Mca

Name of the Vulnerable Software and Affected Versions: 1000 Projects Portfolio Management System MCA version 1.0 Description: A critical vulnerability was found in the 1000 Projects Portfolio Management System MCA. This issue affects the file /update personal details.php and can be exploited...

GHSA-R87Q-FJ25-F8JF Cross-site Scripting vulnerability in SimpleXLSXEx::readThemeColors, SimpleXLSXEx::getColorValue and SimpleXLSX::toHTMLEx

Impact When calling the extended toHTMLEx method, it is possible to execute arbitrary JavaScript code. Patches The supplied patch resolves this vulnerability for SimpleXLSX. Use 1.1.13 Workarounds Don't use data publication via toHTMLEx This vulnerability was discovered by Aleksey Solovev Positiv...

CVE-2024-49765

Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...

PT-2024-36458 · Quectel · Quectel Bc95-Cnv

Name of the Vulnerable Software and Affected Versions: Quectel BC95-CNV version V100R001C00SPC051 Description: An issue in Quectel BC95-CNV allows attackers to bypass authentication via a crafted NAS message. This enables attackers to elude authentication through a manipulated message...

BeyondTrust Issues Urgent Patch for Critical Vulnerability in PRA and RS Products

BeyondTrust has disclosed details of a critical security flaw in Privileged Remote Access PRA and Remote Support RS products that could potentially lead to the execution of arbitrary commands. Privileged Remote Access controls, manages, and audits privileged accounts and credentials, offering zer...

GHSA-6PFC-W86R-54Q6 Welcome and About GeoServer pages communicate version and revision information

Impact The welcome and about page includes version and revision information about the software in use including library and components used. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Proof of Concept 1. Welco...

CBL Mariner 2.0 Security Update: binutils (CVE-2023-1972)

The version of binutils installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-1972 advisory. - A potential heap based buffer overflow was found in bfdelfslurpversiontables in bfd/elf.c. This may lead to...

CVE-2024-55877 XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList

XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of XWiki.WikiMacroClass to any page. This compromises the confidentiality, integrity...

CVE-2024-55877

XWiki Platform is affected. Versions 9.7-rc-1 through prior to 15.10.11, 16.4.1, and 16.5.0 allow arbitrary remote code execution via adding instances of XWiki.WikiMacroClass to a page, compromising confidentiality, integrity, and availability. Root cause is improper handling of WikiMacroClass in...