PT-2025-8783

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.0 Description A vulnerability has been identified in the Linux kernel, specifically in the net sched module, where the sch sfq implementation does not work correctly with a limit of 1 packet. This issue can...

PT-2024-36056 · Click Studios · Passwordstate

Name of the Vulnerable Software and Affected Versions: Click Studios Passwordstate versions prior to build 9920 Description: The issue concerns a potential permission escalation on the edit folder screen. Recommendations: For versions prior to build 9920, update to a version that includes the fix...

PT-2024-16598 · WordPress · The Popup Box – Create Countdown

Name of the Vulnerable Software and Affected Versions: The Popup Box – Create Countdown, Coupon, Video, Contact Form Popups plugin for WordPress versions up to, and including, 4.9.7 Description: The issue is related to a missing capability check on the deactivate plugin option function, which...

PT-2024-34376 · Unknown · Python Book

Name of the Vulnerable Software and Affected Versions: python book version V1.0 Description: The issue concerns an arbitrary file upload vulnerability in the user avatar upload function. This vulnerability allows for the upload of arbitrary files, which could potentially lead to security issues...

CBL Mariner 2.0 Security Update: ruby / rubygem-rexml (CVE-2024-49761)

The version of ruby / rubygem-rexml installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-49761 advisory. - REXML is an XML toolkit for Ruby. The REXML gem before 3.3.9 has a ReDoS vulnerability when it...

Fedora 40 : chromium (2024-b92c0289c9)

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-b92c0289c9 advisory. Update to 130.0.6723.91 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

PT-2024-16499 · Unknown · Codezips Free Exam Hall Seating Management System

Name of the Vulnerable Software and Affected Versions: Codezips Free Exam Hall Seating Management System version 1.0 Description: A critical issue affects the processing of the file /student.php, where the manipulation of the email argument leads to SQL injection. The attack can be initiated...

PT-2024-34620 · Unknown · Open Floodlight Sdn Controller

Name of the Vulnerable Software and Affected Versions: Floodlight SDN Open Flow Controller version 1.2 Description: The issue allows local hosts to build fake LLDP packets, which can cause Floodlight to miss specific clusters. This, in turn, leads to missed hosts inside and outside the cluster. T...

PT-2024-33089 · Qualitor · Qualitor

Name of the Vulnerable Software and Affected Versions: Qualitor version 8.24 Description: The issue is a remote code execution RCE vulnerability. It can be exploited via the gridValoresPopHidden parameter. Recommendations: For Qualitor version 8.24, avoid using the gridValoresPopHidden parameter...

PT-2024-10127

Name of the Vulnerable Software and Affected Versions rsync versions prior to 3.4.0 Description Rsync contains multiple vulnerabilities, including a critical heap-buffer overflow that allows for remote code execution. The heap-based buffer overflow occurs due to improper handling of...

PT-2024-39299 · Circutor · Circutor Q-Smt

Name of the Vulnerable Software and Affected Versions: CIRCUTOR Q-SMT version 1.0.4 Description: The issue allows an attacker with access to the web service to bypass authentication mechanisms on the login page, enabling them to use all functionalities implemented at the web level that allow...

Exploit for Code Injection in Mjml Mjml_App

MJML Local Code Execution PoC A Proof-Of-Concept for CVE-2024...

PT-2024-13925 · Synology · Video Station

Name of the Vulnerable Software and Affected Versions: Video Station versions prior to 5.8.1 Description: A SQL injection vulnerability has been reported to affect Video Station. If exploited, the vulnerability could allow authenticated users to inject malicious code via a network. Recommendation...

PT-2024-26439 · Tenda · Tenda I29

Name of the Vulnerable Software and Affected Versions: Tenda i29V1.0 version 1.0.0.5 Description: The issue is related to a hardcoded password for the root user. This means that the password is embedded directly into the software, potentially allowing unauthorized access. Recommendations: For Ten...

PT-2024-4759

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint versions prior to the fixed version Description: The vulnerability in Microsoft SharePoint is related to deserialization and allows remote attackers to execute arbitrary code. This issue has been exploited in real-world...

PT-2024-26233 · F Logic · F-Logic Datacube3

Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: The issue is related to command injection due to improper string filtering at the command execution point in the ./admin/transceiver schedule.php file. An unauthenticated remote attacker can exploit...

PT-2024-25499 · Globitel · Globitel Ksa Speechlog

Name of the Vulnerable Software and Affected Versions: Globitel KSA SpeechLog version 8.1 Description: A stored cross-site scripting XSS issue was found in the Save Query function. Recommendations: For version 8.1, consider disabling the Save Query function until a patch is available to prevent...

PT-2024-25123 · Roothub · Roothub

Name of the Vulnerable Software and Affected Versions: Roothub version 2.6 Description: A SQL injection issue was discovered in Roothub via the s parameter in the search function. This allows for potential exploitation. No information is provided about the estimated number of potentially affected...

CVE-2024-31442

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...

PT-2024-22795 · Gotortc · Gotortc

Name of the Vulnerable Software and Affected Versions: gotortc versions 1.8.5 and prior Description: The issue is related to DOM-based cross-site scripting. The links page links.html appends the src GET parameter 0 in all of its links for 1-click previews. The context in which src is being append...