121 matches found
PT-2023-23989 · Unknown · Contact Form To Any Api
Name of the Vulnerable Software and Affected Versions: Contact Form to Any API versions 1.1.2 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...
PT-2023-29838 · Userback · Userback
Name of the Vulnerable Software and Affected Versions: Userback plugin versions 1.0.13 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability. This means an attacker can trick a user into performing unintended actions on a web application that the user is...
PT-2023-20073 · WordPress · Ian Sadovy Wordpress Tables Plugin
Name of the Vulnerable Software and Affected Versions: Ian Sadovy WordPress Tables plugin versions = 1.3.9 Description: The issue is an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This means that an attacker can inject malicious scripts into a website without proper authentication,...
PT-2023-26401
Name of the Vulnerable Software and Affected Versions Hiroaki Miyashita Custom Field Template plugin versions = 2.5.9 Description The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. Recommendations For versions = 2.5.9, update to a version higher than 2.5.9 to...
PT-2023-32994 · Unknown · Pocketmine
Name of the Vulnerable Software and Affected Versions: PocketMine versions prior to 4.22.3 PocketMine versions prior to 5.2.1 Description: A player can cause the server to crash by sending a packet with incorrect sign data in NBT in the BlockActorDataPacket. This can be achieved by sending an NBT...
PT-2023-3804
Name of the Vulnerable Software and Affected Versions SonicWall GMS versions 9.3.2-SP1 and earlier SonicWall Analytics versions 2.5.0.4-R7 and earlier Description The issue is related to improper neutralization of special elements used in an SQL command, allowing an unauthenticated attacker to...
PT-2023-22260 · WordPress · Flyn San Iframe Shortcode
Name of the Vulnerable Software and Affected Versions: Flyn San IFrame Shortcode plugin versions 1.0.5 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects users with contributor or higher permissions. This allows for malicious scripts to b...
PT-2023-17405 · Tenable · Tenable.Io +2
Name of the Vulnerable Software and Affected Versions: Tenable.Io versions before Plugin Feed ID 202306261202 Tenable Nessus versions before Plugin Feed ID 202306261202 Tenable Security Center versions before Plugin Feed ID 202306261202 Description: This issue could allow a malicious actor with...
PT-2023-23401 · Zammad · Zammad
Name of the Vulnerable Software and Affected Versions: Zammad version 5.4.0 Description: An issue in the software allows attackers to bypass e-mail verification using an arbitrary address and manipulate the data of the generated user. Attackers are also able to gain unauthorized access to existin...
PT-2023-13776 · Ibm · Ibm Sterling B2B Integrator Standard Edition
Name of the Vulnerable Software and Affected Versions: IBM Sterling B2B Integrator Standard Edition versions 6.0.0.0 through 6.0.3.7 IBM Sterling B2B Integrator Standard Edition versions 6.1.0.0 through 6.1.2.0 Description: The issue is related to improper access controls, which could allow an...
PT-2023-13483 · Intel · Intel Ethernet Network Controllers/Adapters E810 Series +1
Name of the Vulnerable Software and Affected Versions: IntelR Ethernet Network Controllers and Adapters E810 Series versions prior to 1.7.0.8 IntelR Ethernet 700 Series Controllers and Adapters versions prior to 9.101 Description: The issue is related to an out-of-bounds write in firmware, which...
PT-2023-34806 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v6.1.7 Description: The issue is related to the io uring/poll component. It was introduced in version v6.0 and fixed in version v6.1.7. The actual impact and attack plausibility have not yet been proven...
PT-2023-33552 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions v5.4 through v6.0.17 Description: A use-after-free UAF issue was discovered in the clone dtr function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v5.4 and is...
PT-2023-34022 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.87 Description: A potential security issue has been identified in the Linux Kernel, related to the fs/ntfs3 module. The issue concerns the attr load runs vcn function, where a null pointer check has been...
PT-2023-33392 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v4.19.269 Description: The issue is related to an out of bounds check in the mvneta driver. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...
PT-2022-25906 · WordPress · Contest Gallery Pro +1
Name of the Vulnerable Software and Affected Versions: Contest Gallery WordPress plugin versions prior to 19.1.5 Contest Gallery Pro WordPress plugin versions prior to 19.1.5 Description: The issue allows malicious users with at least author privilege to leak sensitive information from the site's...
PT-2022-27077 · Unknown · Simmeth Lieferantenmanager
Name of the Vulnerable Software and Affected Versions: Simmeth Lieferantenmanager versions prior to 5.6 Description: An issue in the design of the API allows a user to fetch arbitrary SQL tables, leaking all user passwords and MSSQL hashes via the "/DS/LM API/api/SelectionService/GetPaggedTab" AP...
PT-2022-25104 · Samsung · Samsung Pass
Name of the Vulnerable Software and Affected Versions: Samsung Pass versions prior to 4.0.06.7 Description: The issue is related to improper access control in Samsung Pass, allowing physical attackers to access data on an unlocked device in a specific state using a pop-up view. Recommendations: F...
PT-2022-26170 · Unknown · Knative.Dev/Func
Name of the Vulnerable Software and Affected Versions: knative.dev/func versions prior to 1.8.1 Description: The issue affects developers using malicious or compromised third-party buildpacks, potentially exposing their registry credentials or local docker socket to a malicious lifecycle containe...
CVE-2022-43687
Concrete CMS formerly concrete5 below 8.5.10 and between 9.0.0 and 9.1.2 does not issue a new session ID upon successful OAuth authentication. Remediate by updating to Concrete CMS 9.1.3+ or 8.5.10+...