182 matches found
PT-2024-13025 · Win Zapp · Win Zapp
Name of the Vulnerable Software and Affected Versions: Win ZApp versions prior to 4.3.0.121 Description: The issue is related to a missing password type validation in the Revert Password check. This could be disabled for some features, potentially leading to security issues. Recommendations: For...
Important: composer
Issue Overview: Composer is a dependency Manager for the PHP language. In affected versions several files within the local working directory are included during the invocation of Composer and in the context of the executing user. As such, under certain conditions arbitrary code execution may lead...
PT-2024-21015 · Unknown · Microdicom Dicom Viewer
Name of the Vulnerable Software and Affected Versions: MicroDicom DICOM Viewer versions 2023.3 Build 9342 and prior Description: The issue is related to a lack of proper validation of user-supplied data, which could result in memory corruption within the application. Recommendations: For MicroDic...
PT-2024-15099 · Bestwebsoft · Error Log Viewer
Name of the Vulnerable Software and Affected Versions: The Error Log Viewer by BestWebSoft WordPress plugin versions prior to 1.1.3 Description: The issue allows users to read and download PHP logs without authorization, potentially exposing sensitive data. This is a Directory Listing issue...
PT-2024-2226 · Intel · Intel Xtu
Name of the Vulnerable Software and Affected Versions: IntelR XTU versions prior to 7.12.0.29 Description: The issue is related to improper access control in IntelR XTU software, which may allow an authenticated user to potentially enable escalation of privilege via local access. This could permi...
CVE-2024-22419
CVE-2024-22419 affects the Vyper compiler/runtime: the built-in concat can write past the allocated memory buffer, potentially corrupting memory and changing contract semantics. The root cause is the build_IR path not properly conforming to the copy_bytes API for versions >= 0.3.2, enabling a ...
PT-2024-1444 · Unknown · Rapid Scada
Name of the Vulnerable Software and Affected Versions: Rapid SCADA versions prior to Version 5.8.4 Description: The issue is related to the use of open redirection due to incorrect data cleaning on the user login page. This allows an attacker to redirect users to malicious pages through the login...
Important: bluez
Issue Overview: bluez: unauthorized HID device connections allows keystroke injection and arbitrary commands execution CVE-2023-45866 Affected Packages: bluez Issue Correction: Run dnf update bluez --releasever 2023.3.20240108 or dnf update --advisory ALAS2023-2024-473 --releasever 2023.3.2024010...
PT-2023-30931 · Unknown · Quantumcloud Chatbot
Name of the Vulnerable Software and Affected Versions: QuantumCloud AI ChatBot versions through 4.7.8 Description: The issue is related to an Improper Neutralization of Special Elements used in an SQL Command, also known as SQL Injection. This allows for potential exploitation of the QuantumCloud...
PT-2023-30947 · Svgator · Svgator
Name of the Vulnerable Software and Affected Versions: SVGator – Add Animated SVG Easily versions 1.2.4 and earlier Description: A Cross-Site Request Forgery CSRF issue has been identified. This type of issue allows an attacker to trick a user into performing unintended actions on a web applicati...
PT-2023-22021 · Ncp · Ncp Secure Enterprise Client
Name of the Vulnerable Software and Affected Versions: NCP Secure Enterprise Client versions prior to 12.22 Description: The issue allows attackers to read registry information of the operating system by creating a symbolic link. This is possible due to a flaw in the Support Assistant component o...
PT-2023-30753 · Nitin Rathod · Wp Forms Puzzle Captcha
Name of the Vulnerable Software and Affected Versions: WP Forms Puzzle Captcha versions n/a through 4.1 Description: A Cross-Site Request Forgery CSRF vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Stored XSS. Recommendations: For WP Forms Puzzle Captcha versions n/a through 4.1,...
PT-2023-6633 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 119.0.6045.105 Description: The issue is related to a use after free vulnerability in the Profiles component of Google Chrome. This vulnerability can be exploited by a remote attacker who convinces a user to...
PT-2023-28073 · Yydevelopment · Back To The Top Button
Name of the Vulnerable Software and Affected Versions: YYDevelopment Back To The Top Button plugin versions = 2.1.5 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin or higher privileges. Recommendations: For YYDevelopment...
PT-2023-27508 · Flatsome · Flatsome
Name of the Vulnerable Software and Affected Versions: Flatsome | Multi-Purpose Responsive WooCommerce Theme versions 3.17.5 and earlier Description: The issue is related to Deserialization of Untrusted Data, which can lead to Unauthenticated PHP Object Injection. It is estimated to affect over...
CVE-2023-39360
Cacti is an open source operational monitoring and fault management framework.Affected versions are subject to a Stored Cross-Site-Scripting XSS Vulnerability allows an authenticated user to poison data. The vulnerability is found in graphsnew.php. Several validations are performed, but the...
Important: kernel-livepatch-5.10.179-166.674
Issue Overview: A flaw was found in the Linux kernel's networking subsystem within the RPL protocol's handling. This issue results from the improper handling of user-supplied data, which can lead to an assertion failure. This flaw allows an unauthenticated, remote attacker to create a denial of...
PT-2023-25602 · WordPress · Woocommerce Order Barcodes
Name of the Vulnerable Software and Affected Versions: WooCommerce Order Barcodes plugin versions 1.6.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended action...
CVE-2023-36469 Code injection through NotificationRSSService in XWiki Platform
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including...
GHSA-WHJ9-M24X-QHHP FastAsyncWorldEdit vulnerable to Uncontrolled Resource Consumption
Coordinated Disclosure Timeline - 10.06.2023: Issue reported to IntellectualSites - 11.06.2023: Issue is acknowledged - 12.06.2023: Issue has been fixed - 22.06.2023: Advisory has been published Impacted version range Before 2.6.3 Details Proof of Concept As a user, do the following: 1. Select...