PT-2024-16657 · Guangzhou Tuchuang Computer Software Development · Interlib Library Cluster Automation Management System

Name of the Vulnerable Software and Affected Versions: Guangzhou Tuchuang Computer Software Development Interlib Library Cluster Automation Management System versions up to 2.0.1 Description: A critical issue has been found in the Interlib Library Cluster Automation Management System, affecting a...

Oracle Linux 8 : bcc (ELSA-2024-8831)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-8831 advisory. - Really prevent the loading of compromised headers RHEL-28768, CVE-2024-2314 Tenable has extracted the preceding description block directly from the Oracle Lin...

PT-2024-34573 · Draytek · Draytek Vigor3900

Name of the Vulnerable Software and Affected Versions: Draytek Vigor3900 version 1.5.1.3 Description: The issue allows attackers to inject malicious commands into mainfunction.cgi and execute arbitrary commands by calling the reboot function. This enables remote reboot and potentially other...

SUSE CVE-2024-49753

Zitadel is open-source identity infrastructure software. Versions prior to 2.64.1, 2.63.6, 2.62.8, 2.61.4, 2.60.4, 2.59.5, and 2.58.7 have a flaw in the URL validation mechanism of Zitadel actions allows bypassing restrictions intended to block requests to localhost 127.0.0.1. The isHostBlocked...

CVE-2023-52601 affecting package kernel for versions less than 5.15.167.1-2

CVE-2023-52601 affecting package kernel for versions less than 5.15.167.1-2. A patched version of the package is available...

CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19

CVE-2024-28180 affecting package dcos-cli for versions less than 1.2.0-19. A patched version of the package is available...

CVE-2023-39130 affecting package gdb for versions less than 11.2-3

CVE-2023-39130 affecting package gdb for versions less than 11.2-3. A patched version of the package is available...

CVE-2024-26875 affecting package kernel for versions less than 5.15.167.1-2

CVE-2024-26875 affecting package kernel for versions less than 5.15.167.1-2. A patched version of the package is available...

CVE-2024-0553 affecting package gnutls for versions less than 3.7.11-1

CVE-2024-0553 affecting package gnutls for versions less than 3.7.11-1. A patched version of the package is available...

WordPress BookingPress Plugin <= 1.1.16 is vulnerable to SQL Injection

Software BookingPress Type Plugin Vulnerable versions = 1.1.16 Fixed in 1.1.17 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2024-10540 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID ae4b89138a08 Credits Arkadiusz Hydzik Required privilege Subscriber...

PT-2024-8002 · Lb Link · Lb-Link Bl-Wr 1300H

Name of the Vulnerable Software and Affected Versions: LB-LINK BL-WR 1300H version 1.0.4 Description: The issue is related to hardcoded credentials stored in the /etc/shadow file of the LB-LINK BL-WR 1300H router. These credentials are easily guessable, which could allow a remote attacker to gain...

AZL-51904 CVE-2024-49761 affecting package ruby for versions less than 3.3.5-1

REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. The REXML...

GHSA-2RXP-V6PW-CH6M REXML ReDoS vulnerability

Impact The REXML gem before 3.3.9 has a ReDoS vulnerability when it parses an XML that has many digits between & and x...; in a hex numeric character reference &x...;. This does not happen with Ruby 3.2 or later. Ruby 3.1 is the only affected maintained Ruby. Note that Ruby 3.1 will reach EOL on...

PT-2024-16263 · Unknown · Code-Projects Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank Management System version 1.0 Description: A problematic issue was found in the system, affecting some unknown functionality of the file /bloodrequest.php. The manipulation of the msg argument leads to cross-site...

CVE-2020-26303

The CVE-2020-26303 entry concerns the insane HTML sanitizer. Affected versions are 2.6.2 and earlier. The underlying issue is a Regular Expression Denial of Service (ReDoS) vulnerability in one or more regular expressions used by the sanitizer. Public documentation indicates that as of publicatio...

CVE-2022-25255 affecting package qt5-qtbase for versions less than 5.12.11-14

CVE-2022-25255 affecting package qt5-qtbase for versions less than 5.12.11-14. A patched version of the package is available...

WordPress Astra Widgets Plugin <= 1.2.14 is vulnerable to Cross Site Scripting (XSS)

Software Astra Widgets Type Plugin Vulnerable versions = 1.2.14 Fixed in 1.2.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-50439 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID aae8162e86d9 Credits João Pedro S Alcântara Kinorth Require...

PT-2024-16163 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A problematic issue was found in ZZCMS, affecting an unknown part of the file 3/qq-connect2.0/API/com/inc.php, leading to information disclosure. The attack can be initiated remotely. Recommendations: For ZZCMS...

PT-2024-33171 · Sage · Sage 1000

Name of the Vulnerable Software and Affected Versions: Sage 1000 version 7.0.0 Description: A Reflected Cross-Site Scripting issue exists, allowing attackers to inject malicious scripts into URLs. These scripts are reflected back by the server in the response without proper sanitization or...

PT-2024-16112 · Code Projects · Pharmacy Management System

Name of the Vulnerable Software and Affected Versions: code-projects Pharmacy Management System version 1.0 Description: A problem was discovered in the Pharmacy Management System, affecting some unknown functionality of the file /manage medicine.php of the component Manage Medicines Page. The...