19 matches found
GHSA-JXHV-7H78-9775 Wasmtime: Panic when transcoding misaligned utf-16 strings
Impact Wasmtime's implementation of transcoding strings into the Component Model's utf16 or latin1+utf16 encodings improperly verified the alignment of reallocated strings. This meant that unaligned pointers could be passed to the host for transcoding which would trigger a host panic. This panic ...
PT-2025-33432 · Lemon S · Lemonos
Name of the Vulnerable Software and Affected Versions: LemonOS versions prior to nightly-2024-07-13 Description: A stack-based buffer overflow issue exists in the HTTP Client component of LemonOS. The HTTPGet function within the /Applications/Steal/main.cpp file is affected, specifically due to...
CVE-2025-38212 affecting package kernel for versions less than 6.6.96.1-1
CVE-2025-38212 affecting package kernel for versions less than 6.6.96.1-1. A patched version of the package is available...
CVE-2024-56551 affecting package kernel for versions less than 5.15.182.1-1
CVE-2024-56551 affecting package kernel for versions less than 5.15.182.1-1. A patched version of the package is available...
CVE-2023-27043 affecting package python3 for versions less than 3.12.0-1
CVE-2023-27043 affecting package python3 for versions less than 3.12.0-1. A patched version of the package is available...
PT-2025-2961 · Easyvirt · Easyvirt Dcscope +1
Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.0 and earlier EasyVirt CO2Scope versions 1.3.0 and earlier Description: The issue allows remote authenticated attackers with low privileges to perform various actions, including adding admin users, modifying user...
PT-2024-35837 · Unknown · Plumeria Web Design Blizzard Quotes
Name of the Vulnerable Software and Affected Versions: Plumeria Web Design Blizzard Quotes versions n/a through 1.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can perform unauthorized actions on the website. The estimat...
PT-2024-35847 · Unknown · Cool Plugins Cryptocurrency Widgets For Elementor
Name of the Vulnerable Software and Affected Versions: Cool Plugins Cryptocurrency Widgets For Elementor versions 1.6.4 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which...
PT-2024-33582 · WordPress · Noor Alam Wordpress Image Seo
Name of the Vulnerable Software and Affected Versions: Noor Alam WordPress Image SEO versions 1.1.4 and earlier Description: A Cross-Site Request Forgery CSRF issue affects Noor Alam WordPress Image SEO, allowing attackers to perform unauthorized actions. This can be exploited by misusing...
PT-2024-30883 · Minhyeong Lim · Mboard
Name of the Vulnerable Software and Affected Versions: MinHyeong Lim MH Board versions 1.3.2.1 and earlier Description: The issue is related to an improper limitation of a pathname to a restricted directory, also known as a 'Path Traversal' vulnerability, which allows PHP Local File Inclusion. Th...
PT-2024-6243 · Microsoft · Windows
Name of the Vulnerable Software and Affected Versions: Windows versions prior to the fixed version Description: The issue is related to an uninitialized pointer in the Windows Networking service, which can be exploited by a remote attacker to disclose protected information. This can potentially...
PT-2024-9210 · Sonatype · Sonatype Nexus Repository 2
Name of the Vulnerable Software and Affected Versions: Sonatype Nexus Repository 2 versions up to and including 2.15.1 Description: A stored Cross-site Scripting vulnerability has been discovered, which affects the structure of web pages. This issue may allow a remote attacker to perform cross-si...
CVE-2023-44402 ASAR Integrity bypass via filetype confusion in electron
Electron is an open source framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. This only impacts apps that have the embeddedAsarIntegrityValidation and onlyLoadAppFromAsar fuses enabled. Apps without these fuses enabled are not impacted. This issue is specifi...
PT-2023-29302 · WordPress · Auto Amazon Links
Name of the Vulnerable Software and Affected Versions: Auto Amazon Links plugin for WordPress versions up to, and including, 5.3.1 Description: The issue is related to Stored Cross-Site Scripting via the style parameter due to insufficient input sanitization and output escaping. This allows...
PT-2022-26268 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.3.7 Liferay DXP versions 7.3 fix pack 2 through update 4 Description: A SQL injection issue in the Friendly Url module allows attackers to execute arbitrary SQL commands via a crafted payload injected into the title...
PT-2021-2300 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to the lack of automatic termination of all sessions after a password change, which could allow a...
PT-2021-2328 · Adobe · Magento
Name of the Vulnerable Software and Affected Versions: Magento versions 2.4.1 and earlier Magento versions 2.4.0-p1 and earlier Magento versions 2.3.6 and earlier Description: The issue is related to a stored cross-site scripting XSS in the customer address upload feature. Successful exploitation...
PT-2019-7738 · Pagelines +1 · Pagelines +1
Name of the Vulnerable Software and Affected Versions: PageLines theme version 1.1.4 Description: The issue concerns a CSRF vulnerability in the PageLines theme for WordPress. It affects the "wp-admin/admin-post.php?page=pagelines" endpoint. Recommendations: For PageLines theme version 1.1.4,...
PT-2018-5033 · Foreman · Foreman
Name of the Vulnerable Software and Affected Versions: Foreman version 1.5.1 Description: A flaw in the remote execution plugin allows commands to be run on hosts over SSH from the Foreman web UI. When a job containing HTML tags is submitted, the console output in the web UI does not escape the...