4571 matches found
CVE-2024-50339 GLPI vulnerable to unauthenticated session hijacking
GLPI is a free asset and IT management software package. Starting in version 9.5.0 and prior to version 10.0.17, an unauthenticated user can retrieve all the sessions IDs and use them to steal any valid session. Version 10.0.17 contains a patch for this issue...
December 2024 Security Advisory Ivanti Performance Manager (CVE-2024-11597)
Summary Ivanti has released updates for Performance Manager which address one high severity vulnerability. Successful exploitation could lead to local privilege escalation. We are not aware of any customers being exploited by this vulnerability at the time of disclosure. Vulnerability Details: CV...
CVE-2024-56651 affecting package kernel for versions less than 5.15.173.1-1
CVE-2024-56651 affecting package kernel for versions less than 5.15.173.1-1. A patched version of the package is available...
Security Advisory Ivanti Desktop and Server Management (DSM) (CVE-2024-7572)
Summary Ivanti has released updates for Ivanti Desktop and Server Management which addresses one high severity vulnerability. Successful exploitation could lead to local arbitrary file deletion. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...
CVE-2024-55602 PenDoc vulnerable to Arbitrary File Read on updating and downloading templates using Path Traversal
PwnDoc is a penetration test report generator. Prior to commit 1d4219c596f4f518798492e48386a20c6e9a2fe6, an authenticated user who is able to update and download templates can inject path traversal ../ sequences into the file extension property to read arbitrary files on the system. Commit...
PT-2024-34457 · Silicon · Z-Wave Series 700/800
Name of the Vulnerable Software and Affected Versions: Silicon Labs SiLabs Z-Wave Series 700 and 800 version 7.21.1 Description: The issue is related to insecure permissions in the affected software, allowing attackers to disrupt communications between the controller and the device by repeatedly...
PT-2025-23606 · NetGear · Netgear Wnr614
Name of the Vulnerable Software and Affected Versions: Netgear WNR614 version 1.1.0.28 1.0.1WW Description: A critical vulnerability exists in the Netgear WNR614 router, related to bypassing the authentication procedure. Manipulation of the input %00currentsetting.htm appended to a URL leads to...
CVE-2024-12307
A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...
CVE-2024-12305
An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...
PT-2024-28929 · Pentaminds · Pentaminds Curovms
Name of the Vulnerable Software and Affected Versions: Pentaminds CuroVMS version 2.0.1 Description: The issue is related to exposed credentials in the software. This means that sensitive information, such as passwords or other authentication data, is not properly secured and can be accessed by...
PT-2024-36451 · Unknown · Kashipara E-Learning Management System
Name of the Vulnerable Software and Affected Versions: Kashipara E-learning Management System version 1.0 Description: The issue concerns a SQL Injection vulnerability in the /admin/delete content.php endpoint. This vulnerability allows for potential exploitation by injecting malicious SQL code...
CVE-2023-42366 affecting package busybox for versions less than 1.36.1-9
CVE-2023-42366 affecting package busybox for versions less than 1.36.1-9. A patched version of the package is available...
CVE-2024-24786 affecting package libcontainers-common for versions less than 20240213-3
CVE-2024-24786 affecting package libcontainers-common for versions less than 20240213-3. A patched version of the package is available...
PT-2024-16486 · Pegasystems · Pega Platform
Name of the Vulnerable Software and Affected Versions: Pega Platform versions 8.1 to Infinity 24.2.0 Description: The issue is related to a Cross-Site Scripting XSS problem in the search feature of the Pega Platform. This type of issue allows attackers to inject malicious scripts into websites,...
PT-2024-16954 · WordPress · Advanced File Manager
Name of the Vulnerable Software and Affected Versions: Advanced File Manager plugin for WordPress versions up to and including 5.2.10 Description: The issue arises from missing file type validation via the 'class fma connector.php' file, allowing authenticated attackers with Subscriber-level acce...
PT-2024-9657 · Adobe · Connect
Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 11.4.7 and earlier Adobe Connect version 12.6 Description: The issue is related to insufficient protection of the web page structure, allowing for a reflected Cross-Site Scripting XSS vulnerability. If an attacker...
CVE-2024-52530 affecting package libsoup for versions less than 3.4.4-2
CVE-2024-52530 affecting package libsoup for versions less than 3.4.4-2. A patched version of the package is available...
CVE-2022-0530 affecting package unzip for versions less than 6.0-21
CVE-2022-0530 affecting package unzip for versions less than 6.0-21. A patched version of the package is available...
PT-2024-35793 · Spip · Spip
Name of the Vulnerable Software and Affected Versions: SPIP version 4.3.3 Description: The issue concerns an authenticated arbitrary file upload vulnerability in the Documents module. This allows attackers to execute arbitrary code by uploading a crafted PDF file. There is no information provided...
PT-2024-16809 · WordPress · Spotify Play Button
Name of the Vulnerable Software and Affected Versions: Spotify Play Button for WordPress plugin versions up to and including 2.11 Description: The issue concerns Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...