PT-2024-35515 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a maliciou...

GHSA-V35G-4RRW-H4FW Symfony Cross-Site Request Forgery vulnerability in the Web Profiler

All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony WebProfiler bundle are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore...

PT-2024-26452 · Unknown · Diño Physics School Assistant

Name of the Vulnerable Software and Affected Versions: Diño Physics School Assistant version 2.3 Description: A vulnerability has been discovered that impacts an unidentified code within the file /classes/Users.php?f=save. Manipulating the id argument can result in improper authorization...

PT-2024-26443 · Anpviz · Anpviz

Name of the Vulnerable Software and Affected Versions: Anpviz products versions 3.2.2.2 and lower Description: The issue allows unauthenticated users to modify or disable camera-related settings, including microphone volume, speaker volume, LED lighting, NTP, motion detection, etc. This affects...

PT-2024-36060 · Unknown · Phpmybackuppro

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/scheduled.php" API endpoint, utilizing all parameters. This issue could enable an attacker to...

PT-2024-22626 · Utau · Utau

Name of the Vulnerable Software and Affected Versions: UTAU versions prior to v0.4.19 Description: An OS command injection issue exists, allowing the execution of arbitrary OS commands if a user opens a crafted UTAU project file .ust file. Recommendations: For versions prior to v0.4.19, update to...

PT-2024-36018 · Winnmp · Winnmp

Name of the Vulnerable Software and Affected Versions: WinNMP version 19.02 Description: A vulnerability has been discovered that allows for an XSS attack via the /tools/redis.php page, specifically in the k, hash, key, and p parameters. This could enable a remote user to submit a specially craft...

PT-2024-25761

Name of the Vulnerable Software and Affected Versions QDOCS Smart School version 7.0.0 Description The issue is related to Cross Site Scripting XSS, which results in arbitrary code execution in admin functions, specifically when adding or updating records. This could potentially allow an attacker...

CVE-2023-40660 affecting package opensc for versions less than 0.25.1-3

CVE-2023-40660 affecting package opensc for versions less than 0.25.1-3. An upgraded version of the package is available that resolves this issue...

PT-2024-20216 · Intel · Intel Server D50Fcp Family

Name of the Vulnerable Software and Affected Versions: IntelR Server D50FCP Family products affected versions not specified Description: The issue is related to improper buffer restrictions in the PlatformPfrDxe driver in UEFI firmware, which may allow a privileged user to enable escalation of...

PT-2024-21306 · WordPress · Elementor Header & Footer Builder

Name of the Vulnerable Software and Affected Versions: Elementor Header & Footer Builder for WordPress versions up to, and including, 1.6.26 Description: The issue is related to HTML Injection due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

CVE-2024-34082

Grav is a file-based Web platform. Prior to version 1.7.46, a low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/.yaml. This file stores hashed user password, 2FA secret, and the password res...

AZL-43041 CVE-2024-32004 affecting package git for versions less than 2.45.2-1

Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, an attacker can prepare a local repository in such a way that, when cloned, will execute arbitrary code during the operation. The problem has been patched in versions 2.45.1, 2.44.1,...

PT-2024-25952 · Yvan Dotet · Postgresql Query Deluxe

Name of the Vulnerable Software and Affected Versions: Yvan Dotet PostgreSQL Query Deluxe module versions 17.x before 17.0.0.4 Description: A SQL injection issue allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get result from query. This...

PT-2024-24150 · WordPress · Jeg Elementor Kit

Name of the Vulnerable Software and Affected Versions: Jeg Elementor Kit plugin for WordPress versions up to, and including, 2.6.4 Description: The issue is related to Stored Cross-Site Scripting via the countdown widget's attributes due to insufficient input sanitization and output escaping. Thi...

Zitadel exposing internal database user name and host information

Impact In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. Patches 2.x versions are fixed on = 2.50.3 2.49.x versions are fixed on = 2.49.5 2.48.x versions are fixed on = 2.48.5 2.47.x versions are...

CVE-2024-32967 Zitadel exposes internal database user name and host information

Zitadel is an open source identity management system. In case ZITADEL could not connect to the database, connection information including db name, username and db host name could be returned to the user. This has been addressed in all supported release branches in a point release. There is no...

PT-2024-40749 · Git +1 · Libpcap

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of "Use-of-uninitialized-value". The crash state involves several functions: pcapint filter with aux data, pcapint...

PT-2024-12115 · Libmodbus · Libmodbus

Name of the Vulnerable Software and Affected Versions: libmodbus version 3.1.10 Description: The issue is a heap-based buffer overflow vulnerability in the read io status function located in src/modbus.c. This vulnerability can potentially be exploited, but there is no information provided about...

CVE-2023-45288 affecting package git-lfs for versions less than 3.5.1-1

CVE-2023-45288 affecting package git-lfs for versions less than 3.5.1-1. A patched version of the package is available...