933 matches found
PT-2024-36394 · Unknown · Calendar Module
Name of the Vulnerable Software and Affected Versions: Calendar module affected versions not specified Description: The issue concerns function vulnerabilities in the Calendar module. Successful exploitation of this vulnerability will affect availability. Recommendations: At the moment, there is ...
SSRF (Server-Side Request Forgery) org.springframework:spring-web Dependency in Confluence Data Center and Server
This High severity org.springframework:spring-web Dependency vulnerability was introduced in versions 1.0 of Confluence Data Center and Server. This org.springframework:spring-web Dependency vulnerability, with a CVSS Score of 8.1 and a CVSS Vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N...
CRLF Injection
tornado is vulnerable to CRLF Injection. The vulnerability is due to improper CR/LF checks allowing for the inclusion of attacker-controlled header values in requests, which allows arbitrary headers or requests to be sent to a specified server...
PT-2024-12636 · Ibm · Domino Catalog Template
Name of the Vulnerable Software and Affected Versions: Domino Catalog template affected versions not specified Description: The Domino Catalog template is susceptible to a Stored Cross-Site Scripting XSS vulnerability. An attacker with the ability to edit documents in the catalog...
PT-2024-13962 · Lexmark · Lexmark Cx331Adwe
Name of the Vulnerable Software and Affected Versions: Lexmark CX331adwe affected versions not specified Description: A method to override the firmware downgrade protection has been identified in some Lexmark products. This issue allows for a bypass of the downgrade protection feature that was...
PT-2024-40176 · Packagist · Typo3/Cms-Core
Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned, use: Software affected versions not specified Description: A security issue has been found where session data of authenticated frontend users is not properly cleared during the logout process. As a...
PT-2024-11773 · Huawei · Huawei Smart Speakers
Name of the Vulnerable Software and Affected Versions: Huawei smart speakers affected versions not specified Description: The issue is related to a memory overflow, which may cause certain functions to fail upon successful exploitation. Recommendations: At the moment, there is no information abou...
PT-2024-40449 · Unknown · Silverstripe
Name of the Vulnerable Software and Affected Versions: Silverstripe affected versions not specified Description: The issue is related to an incorrectly encoded URL, which is a minor unresolved fix following a previous security release. Recommendations: At the moment, there is no information about...
Silverstripe XSS In FormAction
A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be specified...
GHSA-4H54-VWX9-3VR3 Silverstripe XSS In FormAction
A cross-site scripting vulnerability has been discovered in the FormAction field where a user-specified title may be specified...
PT-2024-40470 · Orocrm · Orocrm
Name of the Vulnerable Software and Affected Versions: OroCRM affected versions not specified Description: The issue allows attackers to redirect users to an external website due to open redirection. Recommendations: At the moment, there is no information about a newer version that contains a fix...
PT-2024-4561 · Cisco · Cisco Asyncos
Name of the Vulnerable Software and Affected Versions: Cisco AsyncOS Software for Cisco Secure Email Gateway affected versions not specified Description: The issue is related to insufficient validation of user input in the web-based management interface, allowing an authenticated, remote attacker...
PT-2024-40069 · Prism +1 · Prism +1
Name of the Vulnerable Software and Affected Versions: codehighlight extension affected versions not specified Description: The issue concerns a vulnerable version of the 3rd party JavaScript component prism bundled with the codehighlight extension, which is susceptible to Regular expression Deni...
PT-2024-12630 · Hcl · Hcl Dryice Lucy
Name of the Vulnerable Software and Affected Versions: HCL DRYiCE Lucy now AEX affected versions not specified Description: The issue is related to a Cross Origin Resource Sharing CORS misconfiguration in the mobile app, which could allow unauthorized access to application resources from any web...
PT-2024-12981 · Motorola · Motorola Phone Calls
Name of the Vulnerable Software and Affected Versions: Motorola Phone Calls affected versions not specified Description: An improper export issue in the Motorola Phone Calls application could allow a local attacker to read unauthorized information. Recommendations: At the moment, there is no...
PT-2024-30244
Name of the Vulnerable Software and Affected Versions HGiga iSherlock versions affected versions not specified MailSherlock versions affected versions not specified SpamSherock versions affected versions not specified AuditSherlock versions affected versions not specified Description The system...
PT-2024-27537 · Electrolink · Electrolink Transmitters
Name of the Vulnerable Software and Affected Versions: Electrolink transmitters affected versions not specified Description: The issue concerns Electrolink transmitters storing credentials in clear-text, which could allow an attacker to access the system using these credentials. Recommendations: ...
Honeywell Experion Server 安全漏洞
Honeywell Experion Server is a high-performance industrial control system server from Honeywell, primarily used in the Experion Process Knowledge System PKS platform. A security vulnerability exists in Honeywell Experion Server, which stems from the fact that the server's receipt of a malformed...
CVE-2024-30261
...
PT-2024-24005 · Unknown · Benchmark Email Lite
Name of the Vulnerable Software and Affected Versions: Benchmark Email Lite versions n/a through 4.1 Description: A Cross-Site Request Forgery CSRF issue affects the software, which can be exploited to perform unintended actions on behalf of the user. Recommendations: For versions n/a through 4.1...