CVE-2024-31402

Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos...

CVE-2024-3699

Use of hard-coded password to the patients' database allows an attacker to retrieve sensitive data stored in the database. The password is the same among all drEryk Gabinet installations.This issue affects drEryk Gabinet software versions from 7.0.0.0 through 9.17.0.0...

drEryk Gabinet Security breach

drEryk Gabinet is a specialized software for clinics and NFZ offices from drEryk Poland. A security vulnerability exists in drEryk Gabinet versions 7.0.0.0 through 9.17.0.0, which stems from the use of hard-coded passwords for the database, allowing an attacker to retrieve sensitive data stored i...

Pandora Security Breach

Pandora is an analytics framework for discovering if a file is suspicious and displaying the results conveniently. A security vulnerability exists in Pandora FMS versions prior to 700 to 777 that stems from the presence of SQL injection, which results in the exploitation of the HTTP Request...

PT-2024-27234

Name of the Vulnerable Software and Affected Versions drEryk Gabinet versions 7.0.0.0 through 9.17.0.0 Description The issue is related to the use of a hard-coded password to access the patients' database, allowing an attacker to retrieve sensitive data. This password is uniform across all drEryk...

CVE-2024-32701

Missing Authorization vulnerability in InstaWP Team InstaWP Connect.This issue affects InstaWP Connect: from n/a through 0.1.0.24...

CVE-2024-32824

Missing Authorization vulnerability in Evergreen Content Poster.This issue affects Evergreen Content Poster: from n/a through 1.4.2...

CVE-2024-30512

Missing Authorization vulnerability in weForms.This issue affects weForms: from n/a through 1.6.20...

PT-2024-26623 · Unknown · Wpecommerce Recurring Paypal Donations

Name of the Vulnerable Software and Affected Versions: wpecommerce Recurring PayPal Donations versions n/a through 1.7 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that...

h2o-wave-ml (>=0.3.0 <=0.5.0), insolver (>=0.4.5 <=0.4.15a1) +2 more potentially affected by CVE-2024-5550 via h2o (>=3.18.0.8 <=3.32.0.3)

h2o PYPI version =3.18.0.8, =0.3.0, =0.4.5, =0.0.1, =0.0.102 - tsanalysis =0.1.0 Source cves: CVE-2024-5550 Source advisory: OSV:GHSA-X234-R5FG-X52M...

a-data-processing (=0.0.1), ab-data-processing (=0.0.1) +849 more potentially affected by CVE-2024-2965 via langchain (>=0.0.100 <=0.2.4)

langchain PYPI version =0.0.100, =0.1.0, =0.1.7, =0.2.1, =0.1.0, =0.0.2, =0.0.1, =0.1.0, =0.0.1, =1.1.2, =0.1.0, =0.0.18, =0.0.19b2 and more Source cves: CVE-2024-2965 Source advisory: OSV:GHSA-3HJH-JH2H-VRG6...

PT-2024-34584 · Lunary · Lunary

Name of the Vulnerable Software and Affected Versions: lunary-ai/lunary versions 1.2.2 through 1.2.25 Description: The issue arises due to insufficient backend validation of roles and permissions, enabling unauthorized users to join a project and potentially exploit roles and permissions not...

PT-2024-15914 · WordPress · Elementor

Name of the Vulnerable Software and Affected Versions: Restrict for Elementor plugin for WordPress versions 1.0.0 through 1.0.6 Description: The issue concerns Sensitive Information Exposure due to improper restrictions on hidden data, making it accessible through the REST API. This allows...

CVE-2023-51544

Improper Control of Interaction Frequency vulnerability in Metagauss RegistrationMagic allows Functionality Misuse.This issue affects RegistrationMagic: from n/a through 5.2.5.0...

ai4data (=0.0.1), aihero (=0.3.1) +37 more potentially affected by CVE-2024-3924 via text-generation (>=0.6.1 <=0.7.0)

text-generation PYPI version =0.6.1, =3.0.0, =0.114.0, =0.0.1a7, =0.3.6.dev0, =0.0.1a8, =0.14.3, =2.0.0, =0.0.2, =0.1.4, =0.1.0, =0.1.10, =0.1.14 and more Source cves: CVE-2024-3924 Source advisory: OSV:GHSA-QQ99-P57R-G3V7...

Joomla core 3.0.0-3.10.16-elts,4.0.0-4.4.6,5.0.0-5.1.2 - Unauthenticated Cache Poisoning in Pagination vulnerability

Unauthenticated Cache Poisoning in Pagination vulnerability discovered by ? in WordPress Core Joomla versions 3.0.0-3.10.16-elts,4.0.0-4.4.6,5.0.0-5.1.2...

PT-2024-25405 · Wpcustomify · Wpcustomify Customify Site Library

Name of the Vulnerable Software and Affected Versions: WPCustomify Customify Site Library versions 0.0.0 through 0.0.9 Description: The issue is related to an Improper Control of Generation of Code, also known as 'Code Injection', which affects the WPCustomify Customify Site Library. This allows...

PT-2024-13378 · Unknown · Ics Calendar

Name of the Vulnerable Software and Affected Versions: ICS Calendar versions n/a through 10.12.0.3 Description: The issue affects ICS Calendar, allowing Absolute Path Traversal and Server Side Request Forgery due to improper limitation of a pathname to a restricted directory. This enables an...

Sunshine 安全漏洞

Sunshine is a Moonlight self-hosted live game host. A security vulnerability exists in Sunshine versions 0.17.0 through 0.22.2 that stems from improperly managed access rights...

PT-2024-5048 · Unknown · Deepjavalibrary

Name of the Vulnerable Software and Affected Versions: DeepJavaLibraryDJL versions 0.1.0 through 0.27.0 Description: The issue is related to the incorrect restriction of the directory path name with limited access. This can allow a remote attacker to overwrite system files. The estimated number o...