PT-2026-37087

Name of the Vulnerable Software and Affected Versions OpenCMS versions prior to 21 Description The Admin Import DB feature is susceptible to XML External Entity XXE, a flaw where an application processes XML input containing a reference to an external entity, potentially allowing unauthorized...

GHSA-PR72-8FXW-XX22 Default Credentials in nginx-defender Configuration Files

Impact This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml, docker-compose.yml contain default credentials defaultpassword: "changemeplease", GFSECURITYADMINPASSWORD=admin123. If users deploy nginx-defender without changing these...

PT-2024-9438 · I O Data Device · Ud-Lt1/Ex +1

Name of the Vulnerable Software and Affected Versions: I-O Data Device UD-LT1 versions 2.1.9 and earlier I-O Data Device UD-LT1/EX versions 2.1.9 and earlier Description: The issue allows a remote authenticated attacker with an administrative account to execute arbitrary OS commands. This is due ...

PT-2024-19535 · Unknown · Stupid Simple Cms

Name of the Vulnerable Software and Affected Versions: Stupid Simple CMS versions =1.2.4 Description: A Cross-Site Request Forgery CSRF issue was discovered in the /admin-edit.php component. This allows for potential unauthorized actions on the affected system. Recommendations: For versions =1.2....

PT-2023-29680 · Unknown · Wokamoto Simple Tweet

Name of the Vulnerable Software and Affected Versions: Wokamoto Simple Tweet plugin versions = 1.4.0.2 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability allows an attacker to inject maliciou...

PT-2023-24630 · Unknown · Shopconstruct

Name of the Vulnerable Software and Affected Versions: ShopConstruct plugin versions 1.1.2 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. This vulnerability affects the ShopConstruct plugin...

PT-2023-19831 · WordPress · Stop Spammers Security

Name of the Vulnerable Software and Affected Versions: The Stop Spammers Security | Block Spam Users, Comments, Forms WordPress plugin versions prior to 2023 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because various parameters are not properly...

PT-2023-2597 · D Link · D-Link Dir-879

Name of the Vulnerable Software and Affected Versions: D-Link DIR-879 version v105A1 Description: The issue is related to a component called phpcgi in the D-Link DIR-879 router's firmware, which has weaknesses in its authentication procedure. This can be exploited by a remote attacker to bypass...

PT-2023-8053 · Eurotel · Eurotel Etl3100

Name of the Vulnerable Software and Affected Versions: EuroTel ETL3100 versions v01c01 and v01x37 Description: The issue is related to the lack of limitations on authentication attempts, which can be exploited by a remote attacker to gain full access to the system through brute-force guessing of...

PT-2023-16334 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file admin/abc.php. The manipulation of the id argument leads to SQL injection. I...

PT-2022-27290 · Unknown · Chameleon Plugin

Name of the Vulnerable Software and Affected Versions: Chameleon plugin versions 1.4.3 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability. This vulnerability requires authentication with admin or higher privileges. The estimated number of potentially...

PT-2022-16915 · Fleetdm +1 · Fleet +1

Name of the Vulnerable Software and Affected Versions: fleetdm/fleet versions prior to 4.13 Description: The issue is an authorization bypass problem that affects all versions of fleetdm/fleet that use the teams feature. Fleet instances without teams or with teams but without restricted team...

PT-2022-1636 · Zabbix +1 · Zabbix +1

Name of the Vulnerable Software and Affected Versions: Zabbix versions 4.0 LTS through 5.0 LTS Description: The issue allows for Remote Code Execution RCE due to authorization errors. Any user with the Zabbix Admin role can run custom shell scripts on the application server in the context of the...

PT-2021-22431 · Cachet · Cachet

Name of the Vulnerable Software and Affected Versions: Cachet versions prior to 2.5.1 Description: Cachet is an open source status page system. Authenticated users, regardless of their privileges, can trick Cachet and install the instance again, leading to arbitrary code execution on the server...

PT-2021-2951 · Adobe · Magento

Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a lack of protection for SQL query structures in the Magento Commerce platform, which can be...

PT-2020-12131 · Chadha · Chadha Phpkb Standard Multi-Language

Name of the Vulnerable Software and Affected Versions: Chadha PHPKB Standard Multi-Language version 9 Description: The issue concerns how comments are handled in article.php, specifically through a vulnerable function in include/functions-article.php. This allows attackers to execute Stored Blind...

PT-2005-4231 · Archilles · Archilles Newsworld

Name of the Vulnerable Software and Affected Versions: Archilles Newsworld versions up to 1.3.0 Description: The issue allows attackers to bypass authentication by obtaining the password hash for another user and specifying the hash in the pwd argument. This can be achieved, for example, through...