PT-2026-2158

Name of the Vulnerable Software and Affected Versions zlib versions up to and including 1.3.1.2 Description zlib versions up to and including 1.3.1.2 contain a global buffer overflow in the untgz utility. The TGZfname function uses an unbounded strcpy call to copy an attacker-supplied archive nam...

PT-2025-7945 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists between ctrl cdev ioctl and ubi cdev ioctl in the Linux kernel. This issue is caused by the locks held by these two functions, ubi devices mutex and ubi-device...

Security Bulletin: Server Side Request Forgery vulnerability affect IBM Business Automation Workflow - CVE-2024-39338

Summary IBM Business Automation Workflow is vulnerable to a Server Side Request Forgery SSRF attack. Vulnerability Details CVEID:CVE-2024-39338 DESCRIPTION: Axios is vulnerable to server-side request forgery, caused by a flaw with requests for path relative URLs get processed as protocol relative...

Smule: Possible Subdomain Takeover For Inbound Emails

The affected URL email.smule.com pointed to sendgrid.net via a DNS CNAME record. As a result, a subdomain takeover was possible by registering the subdomain email.smule.com on Sendgrid...

PT-2024-14534 · Unisoc (Shanghai) Technologies Co. +1 · T760/T770/T820/S8000 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue involves a possible improper input validation in the SecurityCommand message after security has been activated. This could lead to remote...

payable.transfer() call will result in loss of unused Ether

Lines of code Vulnerability details Impact batchContribute function carries out funding and transfer in batches by using the payable.transfer call. This is unsafe as transfer has hard coded gas budget and can fail when the user is a smart contract. This way programmatical usage of batchContribute...

Underflow can be occurred in codebase

Lines of code Vulnerability details Impact Because of the lack of the input validation, underflow can be occurred in the code. Proof of Concept function getRegisteredBorrowers uint256 start, uint256 end external view returns address memory arr uint256 len = borrowers.length; end = MathUtils.minen...

SecurityCouncilMemberElectionGovernor propose() function is not properly restricted

Lines of code Vulnerability details summary The propose function in the SecurityCouncilMemberElectionGovernor contract is not properly restricted. This means that any user can call it, including attackers. Description The propose function in the SecurityCouncilMemberElectionGovernor contract is...

PT-2023-2477 · Hewlett Packard · Futuresmart +2

Name of the Vulnerable Software and Affected Versions: HP Enterprise LaserJet and HP LaserJet Managed Printers versions with FutureSmart version 5.6 Description: The issue is related to a lack of protection for service data, potentially allowing a remote attacker to disclose protected information...

PT-2022-8737 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No vulnerable software or affected versions specified. Description: The provided information does not contain details about a specific vulnerability. It appears to be a notification about a rejected candidate number from the National...

Shopify: XSS in www.shopify.com/markets?utm_source=

Hello, hope you are having a good day : Summary: I found a reflected XSS in www.shopify.com/markets using the utmsource parameter Reflected XSS vulnerabilities arise when the application accepts a malicious input script from a user and then it is executed in the victim's browser. Since the XSS is...

PT-2022-18131 · Sourcecodester · Sourcecodester Company Website Cms

Name of the Vulnerable Software and Affected Versions: SourceCodester Company Website CMS affected versions not specified Description: A critical issue was found in the SourceCodester Company Website CMS, affecting some unknown processing, which leads to unrestricted upload. The attack can be...

Security Bulletin: Vulnerability in Apache Log4j affects Netcool Operation Insight (CVE-2021-44228)

Summary A vulnerability was identified within the Apache Log4j library that is used by Netcool Operation Insight to provide logging functionality. This vulnerability has been addressed. Vulnerability Details CVEID: CVE-2021-44228 DESCRIPTION: Apache Log4j could allow a remote attacker to execute...

Cross-Site Request Forgery (CSRF) in requarks/wiki

Note: Not a vulnerability in ExpressJS Description Fix can by bypassed. Express treats routes as case insensitive while req.path is case sensitive. The fix in the previous report was to check if req.path === "/u"...

Server-Side Request Forgery (SSRF) in chocobozzz/peertube

Description There is an SSRF vulnerability in PeerTube, registered users outside of the external network can issue GET requests into the internal network via the Import With URL option. Proof of Concept Setting a Python3 server on 8080 python3 -m http.server 8080 And importing this URL...

Improper Access Control in splitbrain/dokuwiki

Description Users can access drafts of restricted files if they have create permissions on the same namespace and have the ability to create their own usernames due to the conflicting cache names. This can reveal draft contents, delete draft and overwrite the draft content of the restricted file...

Cross-Site Request Forgery (CSRF) in bookstackapp/bookstack

Description Login CSRF via /register/confirm/token endpoint. Proof of Concept 1: Register account with the same username as our victim, an email confirmation will take place 2: Retrieve token from email. 3: Send a link http://BOOKSTACKAPPURL/register/confirm/token to user. 4: When the user clicks...

Affirm: Subdomain takeover due to non registered TLD [ ██████████.█████.██████.com ]

Summary: I was looking at recent disclosed report 1297689 and I was thinking to take a look for the same issue on this asset as I love to test for subdomain takeover vulnerabilities. While testing I noticed a DNS entry for ███████.████.██████████.com is CNAME ████.███████████ which's TLD is not...

Security Bulletin: IBM PureData System for Operational Analytics is affected by vulnerabilities in OpenSSL (CVE-2014-0160 and CVE-2014-0076)

Summary Security vulnerabilities have been discovered in OpenSSL. Vulnerability Details CVE-ID: CVE-2014-0160 DESCRIPTION: OpenSSL could allow a remote attacker to obtain sensitive information, caused by an error in the TLS/DTLS heartbeat functionality. An attacker could exploit this vulnerabilit...

Mavenlink: User uploaded portfolio files can be accessed by any user even after deleted

Reproduction: ========= 1. Login as a user, e.g: user1 2. Create a portfolio by going to https://app.mavenlink.com/users/1234567-user1/worksamples/new note: replace 1234567-user1 with the actual user id/name endpoint. 3. Uploading any file to the new portfolio and click save. On the right side of...