PT-2023-5839 · Triangle Microworks · Scada Data Gateway

Name of the Vulnerable Software and Affected Versions: Triangle MicroWorks SCADA Data Gateway affected versions not specified Description: The issue is related to the disclosure of information in the SCADA Data Gateway system. It allows remote attackers to disclose sensitive information on affect...

WordPress Product Catalog Simple Plugin <= 1.6.17 is vulnerable to Cross Site Scripting (XSS)

Software Product Catalog Simple Type Plugin Vulnerable versions = 1.6.17 Fixed in 1.7.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-29388 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 48939529292d Credits minhtuana...

PT-2023-17280 · Unknown · Sourcecodester Online Payroll System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Payroll System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /admin/attendance row.php. The manipulation of the id argument leads to sql injection,...

PT-2023-21333 · Wondershare · Wondershare Anireel

Name of the Vulnerable Software and Affected Versions: Wondershare Anireel version 1.5.4 Description: An issue in Wondershare Anireel allows a remote attacker to execute arbitrary commands via the anireel setup full9589.exe file. Recommendations: For Wondershare Anireel version 1.5.4, consider...

AZL-26772 CVE-2023-28625 affecting package mod_auth_openidc for versions less than 2.4.14.2-1

modauthopenidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur,...

PT-2023-17250 · Sourcecodester · Sourcecodester Simple Mobile Comparison Website

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Mobile Comparison Website version 1.0 Description: A critical issue was found in the file /admin/fields/manage field.php of the component GET Parameter Handler. The manipulation of the id argument leads to sql injection...

PT-2023-17230 · Sourcecodester · Sourcecodester Grade Point Average Gpa Calculator

Name of the Vulnerable Software and Affected Versions: SourceCodester Grade Point Average GPA Calculator version 1.0 Description: A critical issue has been found, affecting the function get scale of the file Master.php. The manipulation of the argument perc leads to sql injection. The attack can ...

Use of hard-coded, security-relevant constants in deepset-ai/haystack

Use of Hard-coded, Security-relevant Constants in GitHub repository deepset-ai/haystack in version 1.15.0 and prior. A patch is available at commit 5fc84904f198de661d5b933fde756aa922bf09f1...

PT-2023-17189 · Deepset Ai · Haystack

Name of the Vulnerable Software and Affected Versions: deepset-ai/haystack versions prior to 0.1.30 deepset-ai/haystack version 1.15.0 and prior Description: The issue is related to the use of hard-coded, security-relevant constants in the GitHub repository deepset-ai/haystack. A patch is availab...

WordPress Swatchly – WooCommerce Variation Swatches for Products Plugin <= 1.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software Swatchly – WooCommerce Variation Swatches for Products Type Plugin Vulnerable versions = 1.2.0 Fixed in 1.2.1 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-23792 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...

PT-2023-20953 · Unknown · Opengoofy Hippo4J

Name of the Vulnerable Software and Affected Versions: OpenGoofy Hippo4j version 1.4.3 Description: The issue allows an attacker to obtain sensitive information via the ConfigVerifyController function of the Tenant Management module. Recommendations: For OpenGoofy Hippo4j version 1.4.3, consider...

PT-2023-17129 · Unknown · Jiangmin Antivirus

Name of the Vulnerable Software and Affected Versions: Jianming Antivirus version 16.2.2022.418 Description: A vulnerability was found in the library kvcore.sys of the component IoControlCode Handler, which can lead to denial of service. The manipulation can be launched on the local host. The...

CVE-2024-28182 affecting package rust for versions less than 1.68.0-1

CVE-2024-28182 affecting package rust for versions less than 1.68.0-1. A patched version of the package is available...

CVE-2023-23004 affecting package kernel for versions less than 5.15.102.1-1

CVE-2023-23004 affecting package kernel for versions less than 5.15.102.1-1. A patched version of the package is available...

PT-2023-21030 · Swfdump · Swfdump

Name of the Vulnerable Software and Affected Versions: swfdump version 0.9.2 Description: A heap buffer overflow was discovered in the function swf GetPlaceObject at swfobject.c. Recommendations: For swfdump version 0.9.2, consider disabling the swf GetPlaceObject function as a temporary workarou...

PT-2023-17081 · Feifeicms · Feifeicms

Name of the Vulnerable Software and Affected Versions: FeiFeiCMS version 2.7.130201 Description: A vulnerability was found in the Extension Tool component, specifically affecting the file Publicsystemslide add.html. This issue leads to cross-site scripting and can be initiated remotely. The explo...

CVE-2023-28428 PDFio vulnerable to Denial Of Service when opening a corrupt PDF file

PDFio is a C library for reading and writing PDF files. In versions 1.1.0 and prior, a denial of service vulnerability exists in the pdfio parser. Crafted pdf files can cause the program to run at 100% utilization and never terminate. This is different from CVE-2023-24808. A patch for this issue ...

PT-2023-17047 · Pimcore · Pimcore

Name of the Vulnerable Software and Affected Versions: pimcore/pimcore versions prior to 10.5.19 Description: The issue is related to Cross-site Scripting XSS - DOM, which has the potential to steal a user's cookie and gain unauthorized access to that user's account through the stolen cookie or...

PT-2023-17032 · Rebuild · Rebuild

Name of the Vulnerable Software and Affected Versions: Rebuild versions up to 3.2.3 Description: A critical vulnerability was found in the function queryListOfConfig of the file /admin/robot/approval/list. The manipulation of the argument q leads to sql injection. The attack can be launched...

Design/Logic Flaw

Miniflux is a feed reader. Since v2.0.25, Miniflux will automatically proxy images served over HTTP to prevent mixed content errors. When an outbound request made by the Go HTTP client fails, the html.ServerError is returned unescaped without the expected Content Security Policy header added to...