CVE-2023-44487 affecting package opa for versions less than 0.50.2-6

CVE-2023-44487 affecting package opa for versions less than 0.50.2-6. A patched version of the package is available...

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2. A patched version of the package is available...

CVE-2018-18384 affecting package unzip for versions less than 6.0-20

CVE-2018-18384 affecting package unzip for versions less than 6.0-20. A patched version of the package is available...

CVE-2023-29409 affecting package golang for versions less than 1.20.7-1

CVE-2023-29409 affecting package golang for versions less than 1.20.7-1. A patched version of the package is available...

CVE-2022-2601 affecting package grub2 for versions less than 2.06-14

CVE-2022-2601 affecting package grub2 for versions less than 2.06-14. A patched version of the package is available...

PT-2024-19618 · WordPress · Site Reviews

Name of the Vulnerable Software and Affected Versions: Site Reviews plugin for WordPress versions up to, and including, 6.11.4 Description: The issue is related to Stored Cross-Site Scripting via the user display name due to insufficient input sanitization and output escaping. This allows...

PT-2024-12319 · Ibm · Ibm Maximo Application Suite +1

Name of the Vulnerable Software and Affected Versions: IBM Maximo Application Suite versions 8.10 through 8.11 IBM Maximo Asset Management version 7.6.1.3 Description: The software stores sensitive information in URL parameters, which may lead to information disclosure if unauthorized parties hav...

PT-2024-22510 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS. The vulnerability is exploited via the "/dede/freelist edit.php" endpoint. Recommendations: For DedeCMS version 5.7, as a temporary workaround,...

PT-2024-18122 · WordPress · Essential Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor plugin for WordPress versions up to, and including, 5.9.9 Description: The issue is related to Stored Cross-Site Scripting via the plugin's event calendar widget due to insufficient input sanitization and...

PT-2024-20019 · Zoho · Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9, build 90055 Description: A critical flaw in ManageEngine Desktop Central poses a major security risk due to an unrestricted file upload vulnerability. This issue could allow a remote attacker to upload ...

PT-2024-19555 · Unknown · Bdtask G-Prescription Gynaecology & Obs Consultation

Name of the Vulnerable Software and Affected Versions: Bdtask G-Prescription Gynaecology & OBS Consultation Software version 1.0 Description: A vulnerability was found in the Password Reset Handler component, specifically affecting some unknown functionality of the file /Setting/change password...

BIT-DISCOURSE-2022-46159 Any authenticated Discourse user can create an unlisted topic

Discourse is an open-source discussion platform. In version 2.8.13 and prior on the stable branch and version 2.9.0.beta14 and prior on the beta and tests-passed branches, any authenticated user can create an unlisted topic. These topics, which are not readily available to other users, can take u...

CVE-2024-24806 affecting package libuv for versions less than 1.43.0-2

CVE-2024-24806 affecting package libuv for versions less than 1.43.0-2. A patched version of the package is available...

PT-2024-21358 · Swftools · Swftools

Name of the Vulnerable Software and Affected Versions: swftools version 0.9.2 Description: The issue is related to a segmentation violation in the state free function located at swftools/src/swfc-history.c. Recommendations: For swftools version 0.9.2, consider disabling the state free function as...

PT-2024-2266 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical vulnerability was found in the function setSchedWifi of the file /goform/openSchedWifi. The manipulation of the arguments schedStartTime and schedEndTime leads to a stack-based buffer...

CVE-2024-20022

In lk, there is a possible escalation of privilege due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08528255; Issue ID: ALPS08528255...

Directory traversal

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

PYSEC-2024-45

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

CVE-2024-28088

LangChain through 0.1.10 allows ../ directory traversal by an actor who is able to control the final part of the path parameter in a loadchain call. This bypasses the intended behavior of loading configurations only from the hwchase17/langchain-hub GitHub repository. The outcome can be disclosure...

PT-2024-38410

Name of the Vulnerable Software and Affected Versions oFono affected versions not specified Description This issue allows local attackers to execute arbitrary code on affected installations of oFono. An attacker must first obtain the ability to execute code on the target modem in order to exploit...