CVE-2023-5633 affecting package kernel for versions less than 5.15.153.1-1

CVE-2023-5633 affecting package kernel for versions less than 5.15.153.1-1. A patched version of the package is available...

CVE-2024-2496 affecting package libvirt for versions less than 7.10.0-8

CVE-2024-2496 affecting package libvirt for versions less than 7.10.0-8. A patched version of the package is available...

PT-2024-2865 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: The issue is related to the getWiFiExtenderConfig function, which can allow an attacker to obtain sensitive information without authorization. This can be exploited by a remote attacke...

AZL-39749 CVE-2024-22189 affecting package coredns for versions less than 1.11.1-2

quic-go is an implementation of the QUIC protocol in Go. Prior to version 0.42.0, an attacker can cause its peer to run out of memory sending a large number of NEWCONNECTIONID frames that retire old connection IDs. The receiver is supposed to respond to each retirement frame with a...

PT-2024-12051 · Unknown · Mt Safeline X-Ray X3310

Name of the Vulnerable Software and Affected Versions: MT Safeline X-Ray X3310 webserver version NXG 19.05 Description: A reflected cross-site scripting XSS vulnerability exists, enabling a remote attacker to execute JavaScript code and obtain sensitive information in a victim's browser...

WordPress WooCommerce Cart Abandonment Recovery Plugin < 1.2.27 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce Cart Abandonment Recovery Type Plugin Vulnerable versions 1.2.27 Fixed in 1.2.27 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-2322 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 266dfc803e4a Credit...

PT-2024-24216 · Totolink · Totolink Ex200

Name of the Vulnerable Software and Affected Versions: TOTOLINK EX200 version 4.0.3c.7646 B20201211 Description: A remote code execution RCE issue was discovered, which can be exploited via the webWlanIdx parameter in the setWebWlanIdx function. Recommendations: For TOTOLINK EX200 version...

PT-2024-23713 · Unknown · Phpgurukul Men Salon Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Men Salon Management System version 2.0 Description: The issue allows remote attackers to execute arbitrary code and obtain sensitive information via the email parameter in the "index.php" component. This enables attackers to acces...

PT-2024-23640 · Netentsec · Netentsec Ns-Asg

Name of the Vulnerable Software and Affected Versions: netentsec NS-ASG version 6.3 Description: The issue is related to SQL Injection. It can be exploited via the "/3g/index.php" API endpoint. Recommendations: For netentsec NS-ASG version 6.3, consider restricting access to the "/3g/index.php"...

PT-2024-23346 · Sourcecodester · Sourcecodester Simple Subscription Website

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Subscription Website version 1.0 Description: A critical issue affects the processing of the file manage user.php, where the manipulation of the id argument leads to SQL injection. The attack can be initiated remotely. T...

PT-2024-23518 · Tenda · Tenda F1203

Name of the Vulnerable Software and Affected Versions: Tenda FH1203 version 2.0.1.6 Description: The issue is related to a stack overflow vulnerability. This vulnerability is located in the deviceId parameter of the saveParentControlInfo function. Recommendations: For Tenda FH1203 version 2.0.1.6...

Exploit for Improper Access Control in Adobe Coldfusion

CVE-2024-20767 CVE-2024-20767https://nvd.nist.gov/vuln...

WordPress Co-marquage service-public.fr Plugin <= 0.5.71 is vulnerable to Cross Site Scripting (XSS)

Software Co-marquage service-public.fr Type Plugin Vulnerable versions = 0.5.71 Fixed in 0.5.72 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29908 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 763202f8c632 Credits LVT-tholv2k Required...

CVE-2024-24813

Frappe is a full-stack web application framework. Prior to versions 14.64.0 and 15.0.0, SQL injection from a particular whitelisted method can result in access to data which the user doesn't have permission to access. Versions 14.64.0 and 15.0.0 contain a patch for this issue. No known workaround...

PT-2024-23102 · Unknown · Sentrifugo

Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: A Cross-Site Scripting XSS issue exists in Sentrifugo, specifically through the /sentrifugo/index.php/sitepreference/add endpoint, where the description parameter is vulnerable. This could allow a remote us...

CVE-2023-41038 Server crash when using specific form of SET BIND statement

Firebird is a relational database. Versions 4.0.0 through 4.0.3 and version 5.0 beta1 are vulnerable to a server crash when a user uses a specific form of SET BIND statement. Any non-privileged user with minimum access to a server may type a statement with a long CHAR length, which causes the...

CVE-2022-41717 affecting package golang for versions less than 1.17.13-2,1.18.8-2,1.21.6-1

CVE-2022-41717 affecting package golang for versions less than 1.17.13-2,1.18.8-2,1.21.6-1. A patched version of the package is available...

CVE-2018-18384 affecting package unzip for versions less than 6.0-20

CVE-2018-18384 affecting package unzip for versions less than 6.0-20. A patched version of the package is available...

CVE-2016-9844 affecting package unzip for versions less than 6.0-20

CVE-2016-9844 affecting package unzip for versions less than 6.0-20. A patched version of the package is available...

CVE-2023-36328 affecting package tcl for versions less than 8.6.13-3

CVE-2023-36328 affecting package tcl for versions less than 8.6.13-3. A patched version of the package is available...