4571 matches found
PT-2023-11542 · Unknown · Jbt Markdown Editor
Name of the Vulnerable Software and Affected Versions: jbt Markdown Editor versions prior to commit 2252418c27dffbb35147acd8ed324822b8919477 Description: The issue is related to a Cross Site Scripting XSS vulnerability in the Rendering Engine of the jbt Markdown Editor. This vulnerability allows...
CVE-2023-37369 affecting package qt5-qtbase for versions less than 5.12.11-9
CVE-2023-37369 affecting package qt5-qtbase for versions less than 5.12.11-9. A patched version of the package is available...
CVE-2023-35823 affecting package kernel for versions less than 5.15.118.1-2
CVE-2023-35823 affecting package kernel for versions less than 5.15.118.1-2. A patched version of the package is available...
CVE-2023-38409 affecting package hyperv-daemons for versions less than 5.15.122.1-1
CVE-2023-38409 affecting package hyperv-daemons for versions less than 5.15.122.1-1. A patched version of the package is available...
CVE-2023-38430 affecting package kernel for versions less than 5.15.122.1-2
CVE-2023-38430 affecting package kernel for versions less than 5.15.122.1-2. A patched version of the package is available...
CVE-2023-38432 affecting package kernel for versions less than 5.15.122.1-2
CVE-2023-38432 affecting package kernel for versions less than 5.15.122.1-2. A patched version of the package is available...
PT-2023-26733 · Opnsense · Opnsense Community Edition +1
Name of the Vulnerable Software and Affected Versions: OPNsense Community Edition versions prior to 23.7 OPNsense Business Edition versions prior to 23.4.2 Description: The issue allows for XSS via the openAction in the app/controllers/OPNsense/Cron/ItemController.php file, specifically in the...
PT-2023-26323 · Microsoft · Azure Arc-Enabled Servers
Name of the Vulnerable Software and Affected Versions: Azure Arc-Enabled Servers affected versions not specified Description: The issue is related to an elevation of privilege vulnerability. There is no information provided about the estimated number of potentially affected devices worldwide or...
PT-2023-4385 · Microsoft · Windows Smart Card Resource Management Server +1
Name of the Vulnerable Software and Affected Versions: Windows Smart Card Resource Management Server affected versions not specified Description: The issue is related to a lack of protection for service data, which can be exploited to reveal protected information. It allows attackers to affect th...
PT-2023-25620 · Pestudio · Pestudio
Name of the Vulnerable Software and Affected Versions: PEStudio version 9.52 Description: An issue in PEStudio allows a remote attacker to execute arbitrary code via a crafted DLL file to the PEStudio executable. Recommendations: For PEStudio version 9.52, consider disabling the execution of...
CVE-2023-39528 PrestaShop vulnerable to file reading through path traversal
PrestaShop is an open source e-commerce web application. Prior to version 8.1.1, the displayAjaxEmailHTML method can be used to read any file on the server, potentially even outside of the project if the server is not correctly configured. Version 8.1.1 contains a patch for this issue. There are ...
PT-2023-22287 · Zoho · Zoho Manageengine Network Configuration Manager
Name of the Vulnerable Software and Affected Versions: Zoho ManageEngine Network Configuration Manager version 12.6.165 Description: An issue was discovered in the WebSocket endpoint, allowing Cross-site WebSocket hijacking. Recommendations: For Zoho ManageEngine Network Configuration Manager...
CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3
CVE-2022-25883 affecting package nodejs18 for versions less than 18.16.0-3. A patched version of the package is available...
CVE-2023-25012 affecting package hyperv-daemons for versions less than 5.15.118.1-1
CVE-2023-25012 affecting package hyperv-daemons for versions less than 5.15.118.1-1. A patched version of the package is available...
Moxa AWK-3121 Cleartext Transmission of Sensitive Information (CVE-2018-10690)
An issue was discovered on Moxa AWK-3121 1.14 devices. The device by default allows HTTP traffic thus providing an insecure communication mechanism for a user connecting to the web server. This allows an attacker to sniff the traffic easily and allows an attacker to compromise sensitive data such...
PT-2023-24470 · Teleadapt · Teleadapt Roomcast Ta-2400
Name of the Vulnerable Software and Affected Versions: TeleAdapt RoomCast TA-2400 versions 1.0 through 3.1 Description: The issue concerns Improper Privilege Management. After establishing an adb connection, accessing the shell and entering the su command provides root access without requiring a...
Design/Logic Flaw
Strapi is an open-source headless content management system. Prior to version 4.10.8, anyone Strapi developers, users, plugins can make every attribute of a Content-Type public without knowing it. The vulnerability only affects the handling of content types by Strapi, not the actual content types...
CVE-2023-35078
CVE-2023-35078 is an authentication-bypass vulnerability affecting Ivanti Endpoint Manager Mobile (EPMM) / MobileIron Core. Public exploit/tooling exists targeting the API path /mifs/aad/api/v2/authorized/users to access restricted data without authentication. Affected versions include Ivanti/Mob...
PT-2023-36317 · Trove · Trove
Name of the Vulnerable Software and Affected Versions: Trove affected versions not specified Description: The issue is related to the incorrect handling of arguments to the backup command by Trove. A remote attacker could possibly use this issue to execute arbitrary code. Recommendations: At the...
CVE-2023-35078
An authentication bypass vulnerability in Ivanti EPMM allows unauthorized users to access restricted functionality or resources of the application without proper authentication. Recent assessments: cbeek-r7 at July 26, 2024 7:47pm UTC reported: A July 2024 bulletin from multiple U.S. government...