PT-2023-20755 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue was found in the file view product.php, where the manipulation of the id argument leads to sql injection. This can be initiated remotely. Recommendation...

PT-2023-23880 · Videolan +3 · Dav1D +3

Name of the Vulnerable Software and Affected Versions: VideoLAN dav1d versions prior to 1.2.0 Description: The issue is related to a thread task.c race condition that can lead to an application crash. This condition is associated with the dav1d decode frame exit function. Recommendations: For...

CVE-2023-30850 Pimcore SQL Injection Vulnerability in Admin Translations API

Pimcore is an open source data and experience management platform. Prior to version 10.5.21, a SQL Injection vulnerability exists in the admin translations API. Users should update to version 10.5.21 to receive a patch or, as a workaround, or apply the patch manually...

PT-2023-18380 · Sourcecodester · Sourcecodester Task Reminder System

Name of the Vulnerable Software and Affected Versions: SourceCodester Task Reminder System version 1.0 Description: A vulnerability was found in the processing of the file /classes/Users.php, where the manipulation of the argument id leads to cross-site scripting. The attack may be initiated...

PT-2023-17327 · Sap · Sap Hcm Fiori App My Forms

Name of the Vulnerable Software and Affected Versions: SAP HCM Fiori App My Forms Fiori 2.0 version 605 Description: The issue concerns the lack of necessary authorization checks for authenticated users, resulting in exposure of restricted header data. Recommendations: For SAP HCM Fiori App My...

CVE-2023-0590

A use-after-free flaw was found in qdiscgraft in net/sched/schapi.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 "net: sched: fix race condition in qdiscgraft" not applied yet, then kernel could be affected...

SUSE CVE-2023-1350

A vulnerability was found in liferea. It has been rated as critical. Affected by this issue is the function updatejobrun of the file src/update.c of the component Feed Enrichment. The manipulation of the argument source with the input |date /tmp/bad-item-link.txt leads to os command injection. Th...

PT-2023-16606 · Sourcecodester · Sourcecodester Employee Task Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Employee Task Management System version 1.0 Description: A critical issue affects the processing of the file task-details.php, where the manipulation of the task id argument leads to sql injection. The attack can be initiated...

PT-2023-17706 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12 through Android-12L Description: A possible way to bypass restrictions on starting activities from the background exists due to a missing permission check in the getMainActivityLaunchIntent function of...

PT-2023-10601 · Insteon · Insteon Hub

Name of the Vulnerable Software and Affected Versions: Insteon Hub version 1012 Description: Multiple exploitable buffer overflow vulnerabilities exist in the PubNub message handler for the "cc" channel. Specially crafted commands sent through the PubNub service can cause a stack-based buffer...

PT-2022-7088

Name of the Vulnerable Software and Affected Versions Ghost Foundation Ghost version 5.9.4 Description A user enumeration issue exists in the login functionality, allowing a remote attacker to disclose sensitive information using a specially-crafted HTTP request. This can be triggered by sending ...

PT-2022-9011 · Unknown · Annyshow Duxcms

Name of the Vulnerable Software and Affected Versions: annyshow DuxCMS version 2.1 Description: A vulnerability was found in the file admin.php&r=article/AdminContent/edit of the component Article Handler. The manipulation of the content argument leads to cross-site scripting. It is possible to...

PT-2022-26849 · Telos Alliance · Telos Alliance Omnia Mpx Node

Name of the Vulnerable Software and Affected Versions: Telos Alliance Omnia MPX Node versions 1.3. through 1.4. Description: An unauthenticated command injection issue in the product license validation function allows attackers to execute arbitrary commands via a crafted payload injected into the...

PT-2022-27357 · Webtareas · Webtareas

Name of the Vulnerable Software and Affected Versions: webtareas version 2.4p5 Description: The issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name field in the /clients/listclients.php component. This enables attackers to perform cross-sit...

PT-2022-27431 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: Jeecg-boot version 3.4.3 Description: A SQL injection issue was found in Jeecg-boot via the component /sys/dict/queryTableData. This allows for potential SQL injection attacks. Recommendations: For Jeecg-boot version 3.4.3, as a temporary...

PT-2022-27103 · Lodepng · Lodepng

Name of the Vulnerable Software and Affected Versions: Lodepng version 20220717 Description: A segmentation fault was discovered in the function pngdetail. Recommendations: For version 20220717, consider disabling the pngdetail function until a patch is available...

CVE-2022-3649

A vulnerability was found in Linux Kernel. It has been classified as problematic. Affected is the function nilfsnewinode of the file fs/nilfs2/inode.c of the component BPF. The manipulation leads to use after free. It is possible to launch the attack remotely. It is recommended to apply a patch t...

PT-2022-26093 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.04 Description: An issue was discovered that causes a crash in the gfseek IO FILE, long, int function in the goo/gfile.cc file. Recommendations: For Xpdf version 4.04, as a temporary workaround, consider disabling the gfseek...

PT-2022-26097 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-639 Description: A memory leak issue exists in the AP4 StdcFileByteStream::Create function, specifically in the System/StdC/Ap4StdCFileByteStream.cpp file. This issue can lead to memory exhaustion if exploited...

PT-2022-25019 · Samsung · Samsung Mtower

Name of the Vulnerable Software and Affected Versions: Samsung mTower versions 0.3.0 and earlier Description: The issue is related to a NULL pointer dereference in the aes256 encrypt function due to a missing check on the return value of EVP CIPHER CTX new. Recommendations: For Samsung mTower...