CVE-2023-45288 affecting package opa for versions less than 0.63.0-1

CVE-2023-45288 affecting package opa for versions less than 0.63.0-1. A patched version of the package is available...

CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15

CVE-2020-26160 affecting package dcos-cli for versions less than 1.2.0-15. A patched version of the package is available...

CVE-2022-2879 affecting package containerized-data-importer for versions less than 1.57.0-3

CVE-2022-2879 affecting package containerized-data-importer for versions less than 1.57.0-3. A patched version of the package is available...

CVE-2025-47911 affecting package packer for versions less than 1.9.5-18

CVE-2025-47911 affecting package packer for versions less than 1.9.5-18. A patched version of the package is available...

Vulnerability fixed in SonicOS

A vulnerability has been fixed in SonicWall SonicOS IPSec. The vulnerability in SonicWall SonicOS IPSec allows an unauthenticated remote malicious person to cause Denial of Service DoS. SonicWall has made available a workaround and patch to fix the vulnerability. See the reference for more...

PT-2024-37842 · Naibowang · Naibowang Easyspider

Name of the Vulnerable Software and Affected Versions: NaiboWang EasySpider version 0.6.2 Description: A problematic vulnerability was found in the HTTP GET Request Handler component of NaiboWang EasySpider, specifically in the file server.js. The issue allows for path traversal when an attacker...

CVE-2024-37890 affecting package reaper for versions less than 3.1.1-10

CVE-2024-37890 affecting package reaper for versions less than 3.1.1-10. A patched version of the package is available...

PT-2024-7171 · Unknown · Soplanning

Name of the Vulnerable Software and Affected Versions: SOPlanning versions prior to 1.45 Description: A Cross-Site Scripting XSS issue exists due to the lack of proper validation of user input via the /soplanning/www/process/xajax server.php endpoint, affecting multiple parameters. This could all...

PT-2024-33767

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.21 Description: The issue is related to the rcu-tasks component in the Linux kernel, specifically with the rcu tasks need gpcb function. When the kernel is built with CONFIG FORCE NR CPUS=y, it can lead to a...

CVE-2024-39698

The CVE-2024-39698 entry concerns a Windows code-signing bypass in electron-updater. A flaw in the verification routine in packages/electron-updater/src/windowsExecutableCodeSignatureVerifier.ts arises because the surrounding shell (cmd.exe) expands environment variables in the command line, enab...

WordPress XPlainer - WooCommerce Product FAQ Plugin <= 1.7.0 is vulnerable to Broken Access Control

Software XPlainer - WooCommerce Product FAQ Type Plugin Vulnerable versions = 1.7.0 Fixed in 1.7.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5704 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2fd8e7762c97 Credits Lucio Sá...

PT-2024-29020 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the circuit ID parameter at "/circuits/circuits/id/edit/" API endpoint...

PT-2024-29015 · Netbox · Netbox

Name of the Vulnerable Software and Affected Versions: netbox version 4.0.3 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter at the "/dcim/console-ports/add" API endpoint. Recommendations...

Security Bulletin: TSSC/IMC is vulnerable to aritrary code execution due to Linux Kernel

Summary TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel. A patch that updates the Kernel library has been provided. CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-35001, CVE-2023-35788. Vulnerability Details...

PT-2024-13565 · Realtek · Realtek Rtl819X Jungle Sdk

Name of the Vulnerable Software and Affected Versions: Realtek rtl819x Jungle SDK version 3.4.11 Description: A stack-based buffer overflow vulnerability exists in the boa formDnsv6 functionality of Realtek rtl819x Jungle SDK. A specially crafted series of network requests can lead to arbitrary...

CVE-2024-39683

ZITADEL is an open-source identity infrastructure tool. ZITADEL provides users the ability to list all user sessions of the current user agent browser. Starting in version 2.53.0 and prior to versions 2.53.8, 2.54.5, and 2.55.1, due to a missing check, user sessions without that information e.g...

CVE-2020-27841 affecting package openjpeg2 for versions less than 2.3.1-12

CVE-2020-27841 affecting package openjpeg2 for versions less than 2.3.1-12. A patched version of the package is available...

CVE-2020-27845 affecting package openjpeg2 for versions less than 2.3.1-12

CVE-2020-27845 affecting package openjpeg2 for versions less than 2.3.1-12. A patched version of the package is available...

PT-2024-28396 · Gost +1 · Gost +1

Name of the Vulnerable Software and Affected Versions: gost version 2.11.5 Description: An authentication bypass in the SSH service allows attackers to intercept communications by setting the HostKeyCallback function to ssh.InsecureIgnoreHostKey. This issue is related to missing key verification ...

CVE-2024-5564 affecting package libndp for versions less than 1.8-2

CVE-2024-5564 affecting package libndp for versions less than 1.8-2. A patched version of the package is available...