PT-2024-19336 · Ibm · Ibm Storage Defender - Resiliency Service

Name of the Vulnerable Software and Affected Versions: IBM Storage Defender - Resiliency Service version 2.0 Description: The issue concerns hard-coded credentials, such as a password or cryptographic key, used by IBM Storage Defender - Resiliency Service for inbound authentication, outbound...

CVE-2022-21698 affecting package prometheus-node-exporter for versions less than 1.3.1-23

CVE-2022-21698 affecting package prometheus-node-exporter for versions less than 1.3.1-23. A patched version of the package is available...

CVE-2023-39325 affecting package packer for versions less than 1.8.7-2

CVE-2023-39325 affecting package packer for versions less than 1.8.7-2. A patched version of the package is available...

GHSA-22R3-9W55-CJ54 Pkg Local Privilege Escalation

Impact Any native code packages built by pkg are written to a hardcoded directory. On unix systems, this is /tmp/pkg/ which is a shared directory for all users on the same local system. There is no uniqueness to the package names within this directory, they are predictable. An attacker who has...

PT-2024-19458 · Allegra · Allegra

Name of the Vulnerable Software and Affected Versions: Allegra affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can ...

PT-2024-20594 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: pkg affected versions not specified Description: The issue arises from the pkg tool writing native code packages to a hardcoded directory, specifically /tmp/pkg/ on Unix systems, which is a shared directory for all users on the same local...

PT-2024-20873 · Code Projects · Code-Projects Simple School Managment System

Name of the Vulnerable Software and Affected Versions: Code-projects Simple School Managment System version 1.0 Description: The issue allows SQL Injection via the apass parameter at the "School/index.php" endpoint. This could potentially lead to unauthorized access to sensitive data...

PT-2024-20226 · Jsherp · Jsherp

Name of the Vulnerable Software and Affected Versions: jshERP version 3.3 Description: The issue concerns an Arbitrary File Upload vulnerability. The jshERP-boot/systemConfig/upload interface does not check the uploaded file type, and the biz parameter can be spliced into the upload path, resulti...

PT-2024-16297 · WordPress · Profilepress

Name of the Vulnerable Software and Affected Versions: ProfilePress plugin for WordPress versions up to, and including, 4.14.3 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the...

WordPress BEAR Plugin <= 1.1.4 is vulnerable to Broken Access Control

Software BEAR Type Plugin Vulnerable versions = 1.1.4 Fixed in 1.1.4.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24835 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5d569bb55eee Credits Mika Required privilege Subscriber...

PT-2024-14050 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI versions up to and including 2024R1 Description: A stored cross-site scripting XSS vulnerability in the NOC component allows low-privileged users to execute malicious HTML or JavaScript code via the audio file upload functionality...

PT-2024-19642 · Eyoucms · Eyoucms

Name of the Vulnerable Software and Affected Versions: eyoucms version 1.6.5 Description: The issue allows a remote attacker to run arbitrary code via a crafted URL, exploiting a Cross Site Scripting vulnerability in the input parameter. Recommendations: For eyoucms version 1.6.5, consider...

PT-2024-1440 · Kaspersky · Kaspersky Security 8.0 For Linux Mail Server

Name of the Vulnerable Software and Affected Versions: Kaspersky Security 8.0 for Linux Mail Server Description: The issue allows an attacker to potentially force an administrator to click on a malicious link to perform unauthorized actions. This is due to the lack of measures to neutralize speci...

PT-2024-11748 · Sparx Systems · Enterprise Architect

Name of the Vulnerable Software and Affected Versions: Enterprise Architect version 16.0.1605 Description: The issue allows attackers to run arbitrary SQL commands via the Find parameter in the Select Classifier dialog box. This can be exploited by attackers to execute unauthorized SQL queries...

PT-2024-19520 · Seo Panel · Seo Panel

Name of the Vulnerable Software and Affected Versions: SEO Panel version 4.10.0 Description: A user enumeration issue was found, occurring during user authentication. This issue allows an attacker to determine if a username is valid or not through differences in error messages, enabling a...

PT-2024-20148 · Cups Easy · Cups Easy

Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A Cross-Site Scripting XSS issue has been reported, where user-controlled inputs are not sufficiently encoded. This can be exploited via the /cupseasylive/statemodify.php endpoint,...

Fedora 39 : atril (2024-3914113f25)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3914113f25 advisory. - update to 1.26.2 - fix security security advisory Tenable has extracted the preceding description block directly from the Fedora security advisory...

PT-2024-11023 · Unknown · Contiki-Ng Tinydtls

Name of the Vulnerable Software and Affected Versions: Contiki-NG tinyDTLS through master branch 53a0d97 Description: An assertion failure in the check certificate request function allows attackers to cause a denial of service. This issue affects Contiki-NG tinyDTLS, enabling attackers to exploit...

PT-2024-4875 · Solarwinds · Solarwinds Access Rights Manager

Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager affected versions not specified Description: The issue is related to the createGlobalServerChannelInternal method in SolarWinds Access Rights Manager, which has weaknesses in its deserialization mechanism. Thi...

Important: firefox

Issue Overview: A vulnerability was found in SQLite SQLite3 up to 3.43.0 and classified as critical. This issue affects the function sessionReadRecord of the file ext/session/sqlite3session.c of the component make alltest Handler. The manipulation leads to heap-based buffer overflow. It is...