7 matches found
PT-2025-27193 · Unknown · Plationline Payments
Name of the Vulnerable Software and Affected Versions: PlatiOnline Payments versions through 6.3.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through 6.3.2...
PT-2025-20078 · WordPress · Wpadverts
Name of the Vulnerable Software and Affected Versions: WPAdverts versions through 2.2.2 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This is a ty...
PT-2024-21387 · Tabatkins · Railroad-Diagrams
Name of the Vulnerable Software and Affected Versions: tabatkins/railroad-diagrams versions before commit ea9a123 Description: A DOM based cross-site scripting XSS vulnerability in the component generator.html of tabatkins/railroad-diagrams allows attackers to execute arbitrary Javascript via...
PT-2023-19243 · Steven Henty · Drop Shadow Boxes
Name of the Vulnerable Software and Affected Versions: Steven Henty Drop Shadow Boxes plugin versions 1.7.10 and earlier Description: The issue is related to an Authenticated Cross-Site Scripting XSS vulnerability. This means that an attacker with contributor or higher privileges can inject...
PT-2022-34681 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.4.213 Description: The issue is related to the addition of debugfs lookup and remove in debugfs. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions...
PT-2022-33772 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.63 Description: The issue is related to the btrfs filesystem, specifically in the prepare to relocate function, where the reloc control is not unset if a transaction commit fails. The actual impact and...
CVE-2022-31081 Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') in HTTP::Daemon
HTTP::Daemon is a simple http server class written in perl. Versions prior to 6.15 are subject to a vulnerability which could potentially be exploited to gain privileged access to APIs or poison intermediate caches. It is uncertain how large the risks are, most Perl based applications are served ...