CVE-2024-11836

Server-Side Request Forgery SSRF vulnerability in PlexTrac allowing requests to internal system resources.This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-11837 N1QL Injection

Improper Neutralization of Special Elements used in an N1QL Command 'N1QL Injection' vulnerability in PlexTrac allows N1QL Injection.This issue affects PlexTrac: from 1.61.3 before 2.8.1...

CVE-2024-11837

CVE-2024-11837 describes a N1QL Injection in PlexTrac, affecting versions before 2.8.1 (from 1.61.3). Root cause: improper neutralization of special elements in N1QL commands. Impact as cited: high/critical in CVSS metrics, including potential confidentiality, integrity, and availability impact. ...

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from US-based PlexTrac, Inc. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1 that stems from the presence of a server-side request forgery vulnerability that allows requests to be made to internal...

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from PlexTrac Inc. in the United States. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1 that stems from an untrustworthy data deserialization vulnerability in the Runbook module, which allows obje...

PlexTrac 安全漏洞

PlexTrac is a penetration test reporting and management platform from the US-based PlexTrac, Inc. A security vulnerability exists in PlexTrac versions prior to 1.61.3 through 2.8.1, which stems from the presence of a filename or path external control vulnerability that allows an attacker to achie...

PT-2024-36112 · Unknown · Limit Login Attempts

Name of the Vulnerable Software and Affected Versions: Limit Login Attempts versions n/a through 5.5 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendation...

PT-2024-36136 · Seerox · Seerox Easy Blocks Pro

Name of the Vulnerable Software and Affected Versions: Seerox Easy Blocks pro versions 1.0.0 through 1.0.21 Description: The issue is related to missing authorization, allowing access to functionality not properly constrained by Access Control Lists ACLs. This means that certain features or...

PT-2024-17285 · Plextrac · Plextrac

Name of the Vulnerable Software and Affected Versions: PlexTrac versions 1.61.3 through 2.8.1 Description: The issue affects PlexTrac due to an external control of file name or path vulnerability, allowing local code inclusion through the use of an undocumented API endpoint. Recommendations: For...

PT-2024-12951 · Alphabpo · Alphabpo Easy Newsletter Signups

Name of the Vulnerable Software and Affected Versions: AlphaBPO Easy Newsletter Signups versions 1.0.0 through 1.0.4 Description: The issue is related to missing authorization, allowing exploitation of incorrectly configured access control security levels. This is a broken access control issue th...

PT-2024-12722 · Unknown · Jupiter X Core

Name of the Vulnerable Software and Affected Versions: JupiterX Core versions 3.0.0 through 3.3.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This results in broken access control...

SimpleXLSX 跨站脚本漏洞

SimpleXLSX is a tool by the individual developer Sergey Shuchkin. It is used to parse and retrieve data from Excel XLSx files. A cross-site scripting vulnerability exists in SimpleXLSX version 1.0.12 up to and including version 1.1.12, which stems from the execution of arbitrary JavaScript code...

UBUNTU-CVE-2024-48912

GLPI is a free asset and IT management software package. Starting in version 10.0.0 and prior to version 10.0.17, an authenticated user can use an application endpoint to delete any user account. Version 10.0.17 contains a patch for this issue...

Drupal Open Social module 11.8.0-12.3.9,12.4.0-12.4.8 - Unauthenticated Broken Access Control vulnerability

Unauthenticated Broken Access Control vulnerability discovered by corn696 in WordPress Module Open Social versions 11.8.0-12.3.9,12.4.0-12.4.8...

0.extends.whistle (=1.0.65), @alola-react/plugin-proxy (=0.0.1) +24 more potentially affected by CVE-2024-55500 via whistle (>=0.1.0-beta <=2.9.85-beta)

whistle NPM version =0.1.0-beta, =0.1.21-alpha, =0.0.1, =0.0.0-alpha.202201181327, =0.0.1, =0.1.0, =1.0.0, =1.0.0, =1.0.0, =0.1.1, =0.1.0, =1.2.0 and more Source cves: CVE-2024-55500 Source advisory: OSV:GHSA-GG6X-448Q-PQQM...

aws-service-catalog-factory (>=0.4.0 <=0.102.1), aws-service-catalog-puppet (>=0.1.0 <=0.253.0) +71 more potentially affected by CVE-2024-21542 via luigi (>=1.3.0 <=3.5.2)

luigi PYPI version =1.3.0, =0.4.0, =0.1.0, =0.3.1, =0.4.0, =0.0.8, =0.40.0, =1.0.1, =0.4.0, =1.0.0a20, =0.5.0, =0.0.7, =0.1.0, =0.1.0, =0.2.3, =0.10.20 and more Source cves: CVE-2024-21542 Source advisory: OSV:PYSEC-2024-159...

PT-2024-33548 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30710 through 24.005.20307 Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations suc...

CVE-2024-55637 Drupal core - Moderately critical - Gadget chain - SA-CORE-2024-007

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization...

CVE-2024-55636 Drupal core - Less critical - Gadget chain - SA-CORE-2024-006

Deserialization of Untrusted Data vulnerability in Drupal Core allows Object Injection.This issue affects Drupal Core: from 8.0.0 before 10.2.11, from 10.3.0 before 10.3.9, from 11.0.0 before 11.0.8. Drupal core contains a chain of methods that is exploitable when an insecure deserialization...

org.eclipse.jetty.documentation:code-examples (>=10.0.22 <=11.0.25), org.eclipse.jetty:infinispan-common (>=10.0.21 <=11.0.25) +17 more potentially affected by CVE-2024-12369 via org.wildfly.security:wildfly-elytron-http-oidc (>=2.3.0.Final <=2.6.1.Final)

org.wildfly.security:wildfly-elytron-http-oidc MAVEN version =2.3.0.Final, =10.0.22, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =10.0.21, =26.0.0, =26.0.0, =26.0.0, =2.3.0.Final, =2.1.0.Final, =2.1.4.Final and more Source cves: CVE-2024-12369 Source advisory: SNYK:JAVA-ORGWILDFLYSECURITY-9538807...