175506 matches found
PT-2024-30345 · Bracketspace · Advanced Cron Manager
Name of the Vulnerable Software and Affected Versions: Advanced Cron Manager versions prior to 2.5.10 Description: The issue is related to a Missing Authorization vulnerability in BracketSpace Advanced Cron Manager, allowing exploitation of incorrectly configured access control security levels...
PT-2024-31040 · Apple · Ios +1
Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.0.1 iPadOS versions prior to 18.0.1 Description: This issue involves audio messages in Messages potentially capturing a few seconds of audio before the microphone indicator is activated. The problem was addressed with...
PT-2024-7275 · Google +5 · Google Chrome +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 130.0.6723.69 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in Extensions, allowing a remote attacker to bypass site isolation via a crafted...
PT-2024-31577 · Xiaomi · Xiaomi Router Ax9000
Name of the Vulnerable Software and Affected Versions: Xiaomi Router AX9000 version 1.0.173 Description: The issue is caused by the lack of validation of user input, allowing an attacker to exploit it and execute arbitrary code. This is a post-authorization command injection vulnerability, enabli...
PT-2024-9698 · Microsoft +5 · Edge +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 131.0.6778.204 Microsoft Edge affected versions not specified Description: A use after free issue in the Compositing component of Google Chrome and Microsoft Edge could allow a remote attacker to potentially...
PT-2024-29050 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15 Description: A permissions issue was addressed with additional restrictions. A malicious app may be able to change network settings. Recommendations: For versions prior to 15, update to macOS Sequoia 15 to resolve t...
PT-2024-37155 · WordPress · Triton Lite
Name of the Vulnerable Software and Affected Versions: Triton Lite theme for WordPress versions up to, and including, 1.3 Description: The issue is related to Stored Cross-Site Scripting via the url attribute within the theme's Button shortcode due to insufficient input sanitization and output...
PT-2024-38716 · WordPress · Starbox
Name of the Vulnerable Software and Affected Versions: The Starbox WordPress plugin versions prior to 3.5.2 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...
PT-2024-6387 · Zyxel · Zyxel Nas326 +1
Name of the Vulnerable Software and Affected Versions: Zyxel NAS326 versions through V5.21AAZF.18C0 Zyxel NAS542 versions through V5.21ABAG.15C0 Description: A command injection vulnerability in the export-cgi program of Zyxel NAS326 and NAS542 firmware could allow an unauthenticated attacker to...
PT-2024-6290 · Google +4 · Google Chrome +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Description: The issue is related to insufficient policy enforcement in Data Transfer, allowing a remote attacker to leak cross-origin data via a crafted HTML page if the user engages in specific ...
PT-2024-5858
Name of the Vulnerable Software and Affected Versions NGINX Open Source and NGINX Plus versions prior to 1.26.2 NGINX Open Source and NGINX Plus versions prior to 1.27.1 Description The issue is related to a buffer overread vulnerability in the ngx http mp4 module, which might allow an attacker t...
PT-2024-38319 · Chargepoint · Chargepoint Home Flex
Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. The specific flaw exists...
PT-2024-21846 · Withsecure · Withsecure Elements Agent +1
Name of the Vulnerable Software and Affected Versions: WithSecure Elements Agent versions through 23.x WithSecure Elements Client Security versions through 23.x Description: An issue allows local users to block an admin from completing an installation, resulting in a Denial-of-Service DoS. This...
PT-2024-27589 · Unknown · Apollo13 Framework Extensions
Name of the Vulnerable Software and Affected Versions: Apollo13 Framework Extensions versions 1.9.3 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
PT-2024-29748
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises from a race condition between the ice ptp extts event function and ice ptp release, leading to a NULL pointer dereference and resulting in a kernel panic. This occurs...
PT-2024-21: OS Command Injection in Pandora FMS
The vulnerability was identified in Pandora FMS versions 700 to 776. The discovered vulnerability can be exploited by an attacker to inject commands into the operating system. The vulnerability is a part of the chain that leads to remote code execution PT-2024-20, CVE-2024-35305. Vulnerability...
PT-2024-22759 · Djl · Djl
Name of the Vulnerable Software and Affected Versions: djl version 0.26.0 Description: A TarSlip vulnerability exists in the djl library, allowing an attacker to manipulate file paths within tar archives to overwrite arbitrary files on the target system. This could lead to remote code execution,...
PT-2024-31337
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.50 Description The issue arises in the net/mlx5e component of the Linux kernel, specifically with the SHAMPO feature. When all strides in a Work Queue Element WQE are consumed, the WQE is unlinked from the Wo...
PT-2024-25627 · Moodle +2 · Moodle +2
Name of the Vulnerable Software and Affected Versions: Moodle affected versions not specified Description: The issue arises from the unsafe direct use of the HTTP REFERER variable in the admin/tool/mfa/index.php file. Specifically, the referrer URL used by Multi-Factor Authentication MFA required...
PT-2024-36495 · WordPress · Html5 Video Player
Name of the Vulnerable Software and Affected Versions: HTML5 Video Player WordPress plugin versions prior to 2.5.27 Description: The issue concerns a failure to sanitize and escape a parameter from a REST route before using it in a SQL statement. This allows unauthenticated users to perform SQL...
PT-2024-32042 · WordPress · Import/Export Users/Customers Plugin For Wordpress
Name of the Vulnerable Software and Affected Versions: Import and export users and customers plugin for WordPress versions up to, and including, 1.26.6.1 Description: The issue arises from insufficient input sanitization and output escaping, allowing authenticated attackers with administrator...
PT-2024-3931 · Google +6 · Google Chrome +6
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 125.0.6422.141 Microsoft Edge affected versions not specified Description: The issue is related to an out of bounds write in the Streams API, which can be exploited by a remote attacker to execute arbitrary cod...
PT-2024-31140 · Red Hat · Red Hat Openstack Platform 16.1 +3
The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Ha...
PT-2024-31579 · Eclipse · Eclipse Dataspace Components
Name of the Vulnerable Software and Affected Versions: Eclipse Dataspace Components versions 0.2.1 through 0.6.2 Description: A security issue has been identified in the EDC Connector component of Eclipse Dataspace Components, related to the OAuth2-protected data sink feature. When using a custom...
PT-2025-26006 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0 Description: The issue arises from an integer overflow in the register shm helper function when calculating the number of pages covered by a user-supplied memory region. This causes a NULL pointer...
PT-2024-19864 · WordPress · Avada
Name of the Vulnerable Software and Affected Versions: Avada theme for WordPress versions up to, and including, 7.11.6 Description: The issue allows unauthenticated attackers to extract sensitive data uploaded via an Avada created form with a file upload mechanism. This is possible due to sensiti...
PT-2024-25007 · Unknown +1 · Rust-Openssl +1
Name of the Vulnerable Software and Affected Versions: rust-openssl affected versions not specified Description: A timing-based side-channel flaw exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve...
PT-2024-20744 · Canto · Canto
Name of the Vulnerable Software and Affected Versions: Canto versions 3.0.7 and earlier Description: The issue is related to improper control of generation of code, also known as 'Code Injection'. This allows for code injection in Canto Inc.'s Canto. Recommendations: For versions 3.0.7 and earlie...
PT-2024-23239 · Apache · Apache Dolphinscheduler
Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions 3.1.0 through 3.2.1 Description: A file read and write vulnerability exists in Apache DolphinScheduler, allowing authenticated users to illegally access additional resource files. Recommendations: For Apache...
PT-2024-2139 · Debian +10 · Debian +10
Name of the Vulnerable Software and Affected Versions: crypto/tls versions affected versions not specified golang affected versions not specified Description: The issue arises when verifying a certificate chain that contains a certificate with an unknown public key algorithm, causing...
PT-2024-2228 · Mozilla +10 · Thunderbird +10
Name of the Vulnerable Software and Affected Versions: Thunderbird versions prior to 115.8.1 Description: The encrypted subject of an email message could be incorrectly and permanently assigned to an arbitrary other email message in Thunderbird's local cache. Consequently, when replying to the...
PT-2024-2566
Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M16 Apache Tomcat versions 10.1.0-M1 through 10.1.18 Apache Tomcat versions 9.0.0-M1 through 9.0.85 Apache Tomcat versions 8.5.0 through 8.5.98 Description The issue is related to a Denial of...
PT-2024-20339 · Yzmcms · Yzmcms
Name of the Vulnerable Software and Affected Versions: yzmcms version 7.0 Description: An issue in the component /member/index/login of yzmcms allows attackers to direct users to malicious sites via a crafted URL. Recommendations: For yzmcms version 7.0, consider restricting access to the...
PT-2024-1504 · Google +6 · Google Chrome +6
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 121.0.6167.139 Microsoft Edge affected versions not specified Description: The issue is related to a use after free vulnerability in the Peer Connection component of Google Chrome and Microsoft Edge browsers,...
PT-2024-10823 · Cloudlinux · Cloudlinux Cagefs
Name of the Vulnerable Software and Affected Versions: CloudLinux CageFS versions 7.1.1-1 and below Description: The issue allows local users to view the authentication token via the process list and gain code execution as another user, because the authentication token is passed as a command line...
PT-2024-11598 · Unknown · Profilegrid
Name of the Vulnerable Software and Affected Versions: ProfileGrid – User Profiles, Memberships, Groups and Communities versions through 5.0.3 Description: The issue is related to a Missing Authorization vulnerability. This means that certain actions or data may be accessible without the necessar...
PT-2024-19005 · Unknown · Discord-Recon
Name of the Vulnerable Software and Affected Versions: Discord-Recon versions prior to 0.0.8 Description: Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans, and information gathering via a Discord server. It is vulnerable to remote code execution, allowing an...
PT-2024-18: Stored Cross-Site Scripting (Stored XSS) in Moodle
The vulnerability was identified in Moodle versions 4.0 - 4.3.3, 4.2 - 4.2.6, 4.1 - 4.1.9 and older unsupported versions. Insufficient escaping of participants' names in the page table leads to Stored XSS attack when interacting with some features. Discovered vulnerability allows an attacker to...
PT-2023-31837 · Unknown · Rencontre – Dating Site
Name of the Vulnerable Software and Affected Versions: Rencontre – Dating Site versions n/a through 3.11.1 Description: The issue is related to Deserialization of Untrusted Data, which affects the Rencontre – Dating Site. There is no information provided about the estimated number of potentially...
PT-2024-11: Local file Inclusion in Cacti
The vulnerability was identified in Cacti version 1.2.25 and below. It leads to the possibility of executing arbitrary code on the server. The vulnerability can be exploited by an authorized user using SQL injection and due to insufficient processing of the path to the included file. Vulnerabilit...
PT-2023-7884
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 9.6 Description The issue is related to OS command injection in OpenSSH, which might occur if a user name or host name has shell metacharacters and this name is referenced by an expansion token in certain situations...
PT-2023-7932
Name of the Vulnerable Software and Affected Versions Go versions 1.21.3 and earlier, 1.20.10 and earlier Description The issue is related to the IsLocal function not correctly detecting reserved device names in some cases on Windows. Specifically, reserved names followed by spaces, such as "COM1...
PT-2023-20415 · Tutor Lms · Tutor Lms
Name of the Vulnerable Software and Affected Versions: Tutor LMS versions 2.1.10 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations: For...
PT-2023-6863 · Netgate · Pfsense Ce +2
Name of the Vulnerable Software and Affected Versions: Netgate pfSense version 2.7.0 Netgate pfSense CE versions 2.7.0 and below Netgate pfSense Plus versions 23.05.1 and below Description: The issue is related to a Cross Site Scripting XSS vulnerability in the status logs filter dynamic.php...
PT-2023-6381 · Oracle +6 · Mysql Server +5
Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.33 and prior Description: The issue is related to the MySQL Server product of Oracle MySQL, specifically the Server: UDF component. It allows a high privileged attacker with network access via multiple protocols to...
PT-2024-5217 · Libvpx +7 · Libvpx +7
Name of the Vulnerable Software and Affected Versions: libvpx versions prior to 1.13.1 Description: A heap overflow issue exists in libvpx when encoding a frame with larger dimensions than the originally configured size using VP9, potentially resulting in a heap overflow. Recommendations: For...
PT-2023-9466 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the RDMA/srp component of the Linux kernel, where a use-after-free condition can occur. This happens when the scmd eh abort handler function calls the SCSI LLD ...
PT-2023-4781 · Google +2 · Google Chrome +2
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.179 Description: The issue is related to incorrect security UI in the BFCache component of Google Chrome, allowing a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML...
PT-2023-8132 · Unknown · Springblade
Name of the Vulnerable Software and Affected Versions: SpringBlade version 3.6.0 Description: The issue is related to the lack of protection against SQL query structure exploitation, allowing a remote attacker to execute arbitrary SQL queries. Specifically, in SpringBlade, when executing SQL...
PT-2023-6289 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.5.4 Description: The issue is related to a use-after-free error in the ext4 file system driver of the Linux kernel, specifically in the fs/ext4/extents status.c file, related to the ext4 es insert extent...