Payload has Authenticated SSRF via Upload Functionality

Impact An authenticated Server-Side Request Forgery SSRF vulnerability existed in the upload functionality. Authenticated users with create or update access to an upload-enabled collection could cause the server to make outbound HTTP requests to arbitrary URLs. Consumers are affected if ALL of...

PT-2025-6044 · Gnu +1 · Gnu Binutils +1

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.43 Description: A problem has been found in the function sanitizer::internal strlen of the file binutils/nm.c of the component nm. The manipulation of the argument const leads to buffer overflow. The attack can be...

PT-2025-6004 · Qingscan · Qingscan

Name of the Vulnerable Software and Affected Versions: QingScan versions =1.8.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in "/webscan/sqlmap/index.html" due to improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript...

PT-2024-17738 · Unknown · Codezips Technical Discussion Forum

Name of the Vulnerable Software and Affected Versions: Codezips Technical Discussion Forum version 1.0 Description: A critical issue affects some unknown functionality of the file signinpost.php. The manipulation of the username argument leads to SQL injection. The attack may be launched remotely...

PT-2024-29311

Name of the Vulnerable Software and Affected Versions: tsMuxer version nightly-2024-05-10-02-00-45 Description: A heap-based buffer overflow in tsMuxer allows attackers to cause Denial of Service DoS via a crafted MKV video file. This issue is related to a problem with heap-based buffer overflow,...

PT-2024-24326 · Engenius · Engenius Esr580

Name of the Vulnerable Software and Affected Versions: EnGenius ESR580 A8J-EMR5000 devices affected versions not specified Description: The issue allows a remote attacker to conduct stored XSS attacks, potentially leading to arbitrary JavaScript code execution under the context of the user's...

CVE-2024-7490

Improper Input Validation vulnerability in Microchip Techology Advanced Software Framework example DHCP server can cause remote code execution through a buffer overflow. This vulnerability is associated with program files tinydhcpserver.C and program routines lwipdhcpfindoption. This issue affect...

PT-2024-5556

Name of the Vulnerable Software and Affected Versions FortiAIOps version 2.0.0 Description The issue is related to an improper neutralization of formula elements in a CSV file, which may allow a remote authenticated attacker to execute arbitrary commands on a client's workstation via poisoned CSV...

PT-2024-23076

Name of the Vulnerable Software and Affected Versions Evolution Controller versions 2.04.560.31.03.2024 and below Description The Web interface of Evolution Controller contains poorly configured access control on the DESKTOP EDIT USER GET CARD endpoint, allowing an unauthenticated attacker to...

PT-2024-22961 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was discovered in DedeCMS, specifically via the component /src/dede/makehtml homepage.php, allowing a remote attacker to execute arbitrary code. Recommendations: For...

PT-2023-30416 · Unknown · Silverpeas Core

Name of the Vulnerable Software and Affected Versions: Silverpeas Core version 6.3.1 Description: The notification/messaging feature does not enforce access control on the ID parameter. This allows an attacker to read all messages sent between other users, including those sent only to...

PT-2023-31555 · Jfinalcms · Jfinalcms

Name of the Vulnerable Software and Affected Versions: JFinalCMS version 5.0.0 Description: The issue allows a remote attacker to read files via ../ Directory Traversal in the "/common/down/file" fileKey parameter. This could potentially lead to unauthorized access to sensitive information...

PT-2023-12409 · Unknown · Woorank Robots-Txt-Guard

Name of the Vulnerable Software and Affected Versions: Woorank robots-txt-guard affected versions not specified Description: A vulnerability was found in the function makePathPattern of the file lib/patterns.js. The manipulation of the argument pattern leads to inefficient regular expression...

PT-2021-8091 · Unknown +6 · Ansible Engine +6

Name of the Vulnerable Software and Affected Versions: Ansible Engine versions prior to 2.8.15 Description: A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The...

PT-2021-11316 · Stmicroelectronics · Stm32L4

Name of the Vulnerable Software and Affected Versions: STMicroelectronics STM32L4 devices through 2020-10-19 Description: The issue concerns incorrect access control in the affected devices. Specifically, the flash read-out protection RDP can be degraded from RDP level 2, which allows no access v...

PT-2007-3801 · Phpmychat · Phpmychat

Name of the Vulnerable Software and Affected Versions: phpMyChat version 0.14.5 Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the ChatPath parameter in the phpMyChat.php3 file. However, it has been disputed by multiple third parties because the $ChatPat...

PT-1999-1008 · Microsoft · Iis

Name of the Vulnerable Software and Affected Versions: IIS versions 2.0 through 3.0 Description: The issue allows remote attackers to read the source code for ASP pages by appending a . dot to the end of the URL. Recommendations: For IIS versions 2.0 through 3.0, consider restricting access to AS...