44 matches found
GHSA-558G-H753-6M33 Weblate: Remote code execution during backup restoration
Impact The project backup didn't filter Git and Mercurial configuration files and this could lead to remote code execution under certain circumstances. Patches https://github.com/WeblateOrg/weblate/pull/18549 Workarounds The project backup is only accessible to users who can create projects...
CVE-2025-46819
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua...
CVE-2025-52559 Zulip XSS in digest preview URL
Zulip is an open-source team chat application. From versions 2.0.0-rc1 to before 10.4 in Zulip Server, the /digest/ URL of a server shows a preview of what the email weekly digest would contain. This URL, though not the digest itself, contains a cross-site scripting XSS vulnerability in both topi...
PT-2025-15339
Name of the Vulnerable Software and Affected Versions: SamsungContacts versions prior to SMR Apr-2025 Release 1 Description: The issue is related to improper access control, allowing local attackers to access protected data. This affects SamsungContacts, potentially exposing sensitive information...
PT-2025-14119 · Openemr · Openemr
Name of the Vulnerable Software and Affected Versions: OpenEMR versions prior to 7.0.3.1 Description: The Patient Image feature in OpenEMR is vulnerable to cross-site scripting attacks via the EXIF title in an image. Recommendations: For versions prior to 7.0.3.1, update to version 7.0.3.1 to...
PT-2025-3350 · Technitium · Technitium Dns Server
Name of the Vulnerable Software and Affected Versions: Technitium DNS Server versions = 13.2.2 Description: The issue allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. This can lead to a deni...
PT-2025-4213 · Microsoft · Windows Secure Kernel Mode +1
Name of the Vulnerable Software and Affected Versions: Windows Secure Kernel Mode affected versions not specified Description: An elevation-of-privilege issue allows attackers to affect the system. The issue is related to incorrect permission assignment for a critical resource. Technical details...
PT-2024-36634 · Unknown · Nabz Image Gallery
Name of the Vulnerable Software and Affected Versions: Nabz Image Gallery versions n/a through v1.00 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to manipulate SQL commands,...
PT-2024-17473 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7.116 Description: A problematic vulnerability was found in DedeCMS, affecting an unknown functionality of the file /member/uploads add.php of the component SWF File Handler. The manipulation of the mediatype argument leads ...
PT-2024-7961 · Librenms · Librenms
Name of the Vulnerable Software and Affected Versions: LibreNMS versions prior to 24.9.0 Description: A Stored Cross-Site Scripting XSS vulnerability in the "Device Dependencies" feature allows authenticated users to inject arbitrary JavaScript through the hostname parameter. This can lead to the...
PT-2024-32056 · Draytek · Draytek Vigor 3910
Name of the Vulnerable Software and Affected Versions: Draytek Vigor 3910 version 4.3.2.6 Description: A buffer overflow was discovered in the sProfileName parameter at the "usergrp.cgi" endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations: F...
PT-2024-30427 · Mediavine · Create By Mediavine
Name of the Vulnerable Software and Affected Versions: Create by Mediavine versions 1.9.8 and earlier Description: This issue exposes sensitive information to unauthorized actors. Users are urged to upgrade to the latest version to mitigate risks. Recommendations: For versions 1.9.8 and earlier,...
PT-2024-31522 · Skysystem · Arfa-Cms
Name of the Vulnerable Software and Affected Versions: SkySystem Arfa-CMS versions prior to 5.1.3124 Description: A SQL injection issue in the poll component allows remote attackers to execute arbitrary SQL commands via the psid parameter. This enables attackers to manipulate database queries,...
PT-2024-38690 · Zzcms · Zzcms
Name of the Vulnerable Software and Affected Versions: ZZCMS version 2023 Description: A critical vulnerability was found in ZZCMS 2023, affecting unknown code in the file /I/list.php. The manipulation of the skin argument leads to path traversal. This issue can be exploited remotely. The exploit...
PT-2024-7956 · Siemens · Sinema Remote Connect Server
Name of the Vulnerable Software and Affected Versions: SINEMA Remote Connect Server versions prior to V3.2 SP1 Description: The issue is related to improper authorization. It allows a remote attacker to gain unauthorized access to participant groups they should not have access to. The vulnerabili...
PT-2024-25952 · Yvan Dotet · Postgresql Query Deluxe
Name of the Vulnerable Software and Affected Versions: Yvan Dotet PostgreSQL Query Deluxe module versions 17.x before 17.0.0.4 Description: A SQL injection issue allows a remote attacker to gain privileges via the query parameter to models/querydeluxe.py:QueryDeluxe::get result from query. This...
PT-2024-28760 · WordPress · Essential Addons For Elementor
Name of the Vulnerable Software and Affected Versions: The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress versions up to, and including, 5.9.15 Description: The issue is related to Stored Cross-Site Scripting via the eael team...
PT-2024-24101 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A problematic vulnerability was found in DedeCMS, affecting unknown code of the file /src/dede/makehtml map.php. This issue leads to cross-site request forgery and can be initiated remotely. The exploit has be...
PT-2024-23096 · Unknown · Sentrifugo
Name of the Vulnerable Software and Affected Versions: Sentrifugo version 3.2 Description: The issue is related to a SQL injection vulnerability. It could allow a remote user to send a specially crafted query to the server and extract all the data from it. The vulnerability is exploited through t...
PT-2024-20133 · Cups Easy · Cups Easy
Name of the Vulnerable Software and Affected Versions: Cups Easy Purchase & Inventory version 1.0 Description: A vulnerability has been reported in Cups Easy Purchase & Inventory whereby user-controlled inputs are not sufficiently encoded, resulting in a Cross-Site Scripting XSS vulnerability via...