PT-2023-9332 · Unknown +5 · Alertmanager +5

Name of the Vulnerable Software and Affected Versions: Alertmanager versions prior to 0.2.51 Description: The issue is related to the improper neutralization of input data during web page generation in the /api/v1/alerts endpoint of the Alertmanager component in the Prometheus monitoring system. ...

PT-2023-4485 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome on Android versions prior to 116.0.5845.96 Description: The issue is related to an inappropriate implementation in the WebShare component of Google Chrome for Android, which can allow a remote attacker to spoof the contents of a...

PT-2023-4393 · Onlyoffice · Onlyoffice Document Server

Name of the Vulnerable Software and Affected Versions: ONLYOFFICE DocumentServer versions 4.0.3 through 7.3.2 Description: An out of bounds memory access issue in the JavaScript File Handler component allows remote attackers to execute arbitrary code via a crafted JavaScript file. This can be...

PT-2023-4548 · Node.Js +10 · Node.Js +10

Name of the Vulnerable Software and Affected Versions: Node.js versions 16.x through 20.x Description: The issue is related to the use of module.constructor.createRequire, which can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This...

PT-2023-4108 · Google +3 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.170 Description: The issue is related to a type confusion in the V8 JavaScript engine, which can potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. This can lead ...

PT-2023-26217 · Gen Technology · Gen Technology Four Mountain Torrent Disaster Prevention/Control Of Monitoring/Early Warning System

Name of the Vulnerable Software and Affected Versions: Gen Technology Four Mountain Torrent Disaster Prevention and Control of Monitoring and Early Warning System up to 20230712 Description: A critical issue was found in the system, affecting the /Duty/AjaxHandle/UploadFloodPlanFileUpdate.ashx...

PT-2023-25738 · Layui · Layui

Name of the Vulnerable Software and Affected Versions: layui versions up to v2.8.0-rc.16 Description: A problematic issue was found in the HTML Attribute Handler component, where the manipulation of the title argument leads to cross-site scripting. This can be initiated remotely. Recommendations:...

PT-2023-26370 · Netkit +8 · Netkit +3

netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778...

PT-2023-24339 · WordPress · User Registration

Name of the Vulnerable Software and Affected Versions: User Registration plugin for WordPress versions up to, and including, 3.0.2 Description: The issue arises from a hardcoded encryption key and missing file type validation on the ur upload profile pic function. This allows authenticated...

PT-2023-21949 · WordPress · Formidable Forms

Name of the Vulnerable Software and Affected Versions: Formidable Forms WordPress plugin versions prior to 6.3.1 Description: The issue allows a user with a low role, such as Subscriber, to install and activate arbitrary plugins of any version from the WordPress.org plugin repository, leading to...

PT-2023-19080 · WordPress · Float Menu +11

Name of the Vulnerable Software and Affected Versions: Float menu WordPress plugin versions prior to 5.0.2 Bubble Menu WordPress plugin versions prior to 3.0.4 Button Generator WordPress plugin versions prior to 2.3.5 Calculator Builder WordPress plugin versions prior to 1.5.1 Counter Box WordPre...

PT-2023-23260 · Elementor · Elementor Pro

Name of the Vulnerable Software and Affected Versions: Elementor Pro versions up to, and including, 3.11.6 Description: The issue allows authenticated attackers with subscriber-level capabilities to update arbitrary site options, potentially leading to privilege escalation, due to a missing...

PT-2023-23088 · Unknown · Kylin-Software-Properties

Name of the Vulnerable Software and Affected Versions: kylin-software-properties versions prior to 0.0.1-130 Description: A critical issue has been found in the changedSource function, leading to improper access controls. This can be exploited locally. It is reported that the exploit has been...

PT-2023-2947 · Google +2 · Swiftshader +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 114.0.5735.90 Description: The issue is related to an out of bounds write in Swiftshader, a library used by Google Chrome. This could potentially allow a remote attacker to exploit heap corruption via a crafted...

PT-2023-24126 · Jenkins · Jenkins Saml Single Sign On(Sso) Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins SAML Single Sign OnSSO Plugin versions 2.0.0 and earlier Description: A cross-site request forgery CSRF vulnerability allows attackers to send an HTTP POST request with a JSON body containing attacker-specified content to miniOrange's...

PT-2023-17932 · WordPress · Nex-Forms

Name of the Vulnerable Software and Affected Versions: NEX-Forms WordPress plugin versions prior to 8.4 Description: The issue arises from improper escaping of the table parameter, which is populated with user input, before it is concatenated to an SQL query. Recommendations: For versions prior t...

PT-2023-23024

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads versions 3.1 through 3.1.1.4.1 Description The issue is related to an Improper Authentication vulnerability in the Easy Digital Downloads plugin, which allows unauthorized Privilege Escalation. Recommendations For versio...

PT-2023-22542 · Unknown · Medicine Tracker System

Name of the Vulnerable Software and Affected Versions: Medicine Tracker System in PHP version 1.0.0 Description: The issue is related to Cross Site Scripting XSS, which is a type of security vulnerability that can be exploited by attackers to inject malicious scripts into a website. No informatio...

PT-2023-02: Auth Path Traversal and Command Injection in account_print.cgi in Zyxel products

An issue was identified in Zyxel products affecting: USG FLEX ZLD V4.50-V5.35 и VPN ZLD V4.30-V5.35. Discovered vulnerability in accountprint.cgi can be exploited by an authenticated attacker with administrator privileges to execute unauthorized OS commands in the tmp directory if hotspot functio...

PT-2023-23121 · Unknown · Backdrop Cms

Name of the Vulnerable Software and Affected Versions: Backdrop CMS versions prior to 1.24.2 Description: A stored Cross-site scripting XSS issue in Text Editors and Formats allows remote attackers to inject arbitrary web script or HTML via the name parameter. When a user is editing any content...

PT-2023-4888

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M2 through 11.0.0-M4 Apache Tomcat versions 10.1.5 through 10.1.7 Apache Tomcat versions 9.0.71 through 9.0.73 Apache Tomcat versions 8.5.85 through 8.5.87 Bamboo Data Center and Server version 8.1.12 and later,...

PT-2023-18758 · Strapi · Strapi

Name of the Vulnerable Software and Affected Versions: Strapi versions 4.5.5 and earlier Strapi versions 4.7.1 and earlier Description: The issue allows attackers with access to the admin panel to discover sensitive user details by exploiting the query filter. An attacker can filter users by...

PT-2023-4872

Name of the Vulnerable Software and Affected Versions gRPC affected versions not specified Description The issue is related to a base64 encoding error for -bin suffixed headers, which can cause a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. This can be exploited by...

PT-2023-20846 · Diasoft · Diasoft File Replication Pro

Name of the Vulnerable Software and Affected Versions: Diasoft File Replication Pro version 7.5.0 Description: The issue allows attackers to escalate privileges by replacing a legitimate file with a Trojan horse that will be executed as LocalSystem. This occurs because the directory...

PT-2023-18591 · Securepoint · Securepoint Utm

Name of the Vulnerable Software and Affected Versions: SecurePoint UTM versions prior to 12.2.5.1 Description: An issue was discovered in the firewall's endpoint at "/spcgi.cgi" that allows sessionid information disclosure via an invalid authentication attempt. This can be used to bypass the...

PT-2023-2203 · Microsoft · Edge

Name of the Vulnerable Software and Affected Versions: Microsoft Edge Chromium-based affected versions not specified Description: The issue is related to a tampering vulnerability in Microsoft Edge, where errors in the user interface's representation of information can be exploited. This can allo...

PT-2023-3590 · Apple +7 · Macos Ventura +13

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 16.4 macOS Ventura versions prior to 13.3 iOS versions prior to 16.4 iPadOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 15.7.4 tvOS versions prior to 16.4 watchOS versions prior to 9.4...

PT-2023-4753 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.4 Description: The issue is related to a use-after-free problem in the r592 remove function of the Linux kernel's r592 device driver. This can lead to a race condition, potentially causing system crashes or...

PT-2023-16886 · Cloudflare · Cloudflared

Name of the Vulnerable Software and Affected Versions: cloudflared versions = 2023.3.0 Description: A vulnerability has been discovered in cloudflared's installer for Windows 32-bits devices that allows a local attacker with no administrative permissions to escalate their privileges on the affect...

PT-2023-1564 · Unknown · Class/Exam Timetabling System

Name of the Vulnerable Software and Affected Versions: Class and Exam Timetabling System version 1.0 Description: The issue is related to the lack of protection against SQL query structure manipulation when handling the password parameter in the index3.php script of the Class and Exam Timetabling...

PT-2023-19289 · Unknown · Hasthemes Extensions For Cf7

Name of the Vulnerable Software and Affected Versions: HasThemes Extensions For CF7 plugin versions = 2.0.8 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which can lead to arbitrary plugin activation. This means an attacker could potentially activate any...

PT-2023-15011 · WordPress · Mongoose Page Plugin

Name of the Vulnerable Software and Affected Versions: Mongoose Page Plugin WordPress plugin versions prior to 1.9.0 Description: The issue concerns a lack of validation and escaping of one of the shortcode attributes in the Mongoose Page Plugin, potentially allowing users with a role as low as...

PT-2023-6601 · Plesk · Plesk Obsidian

Name of the Vulnerable Software and Affected Versions: Plesk Obsidian versions through 18.0.49 Description: A Host Header Injection issue on the Login page allows attackers to redirect users to malicious websites via a Host request header. The issue is related to the ability to use arbitrary doma...

PT-2023-9426 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the nilfs2 component of the Linux kernel. It occurs when nilfs2 reads a corrupted disk image and attempts to read a b-tree node block using an invalid...

PT-2023-14413 · Linksys · Linksys Wumc710 Wireless-Ac Universal Media Connector

Name of the Vulnerable Software and Affected Versions: Linksys WUMC710 Wireless-AC Universal Media Connector version 1.0.02 build3 and earlier Description: An arbitrary code execution issue exists due to the do setNTP function within the httpd binary using unvalidated user input in the constructi...

PT-2022-24505 · Ibm · Bigfix Webui

Name of the Vulnerable Software and Affected Versions: BigFix WebUI affected versions not specified Description: The issue concerns BigFix WebUI non-master operators who are missing necessary controls. These operators can modify the relevance of fixlets or deploy fixlets from the BES Support...

PT-2022-21751 · Qualcomm · Qualcomm Snapdragon

Name of the Vulnerable Software and Affected Versions: Qualcomm Snapdragon affected versions not specified Description: The issue is related to memory corruption in video processing due to a configuration weakness. This affects various Qualcomm Snapdragon products, including Snapdragon Auto,...

PT-2022-6640 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.2 Description: The issue is related to the ntfs3 subsystem in the Linux kernel, which does not properly check for correctness during disk reads. This leads to an out-of-bounds read in the ntfs set ea function ...

PT-2022-26110

Name of the Vulnerable Software and Affected Versions Parse Server versions prior to 4.10.19 Parse Server versions prior to 5.3.2 Description The issue allows keywords specified in the requestKeywordDenylist option to be injected via Cloud Code Webhooks or Triggers, resulting in the keyword being...

PT-2023-2026

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.0 through 2.4.55 Description The issue is related to HTTP Request Smuggling attacks, which can occur when mod proxy is enabled along with certain RewriteRule or ProxyPassMatch configurations. These configuration...

PT-2022-5188

Name of the Vulnerable Software and Affected Versions Keccak XKCP SHA-3 reference implementation versions before fdc6fef Description The issue is related to an integer overflow and resultant buffer overflow in the sponge function interface of the Keccak XKCP SHA-3 reference implementation. This...

PT-2022-6242 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux Kernel affected versions not specified Description: A vulnerability was found in the Linux Kernel, classified as problematic. It affects the nilfs new inode function of the fs/nilfs2/inode.c file in the BPF component, leading to use aft...

PT-2022-03: Stored Cross-Site Scripting (XSS)

Since the Site Configuration tool has an upload option, it doesn’t validate the file contents. An attacker can upload a Zip file which, when processed, exploits Stored XSS. The attack can only be performed by an internal user. NetAct 22 SP1037 is already delivered on top of NetAct 22 FP2208, SP...

PT-2022-01: XML External Entity (XXE)

Input validation and proper XML parsers configuration was missing. On the Configuration Dashboard page, an attacker can import XML files. Support of external entities External Entity is enabled for processing of such files, which leads to Arbitrary File Read and SSRF. The attack can only be...

PT-2022-21787 · Inventree · Inventree

Name of the Vulnerable Software and Affected Versions: Inventree versions prior to 0.8.3 Description: The issue is related to stored Cross-site Scripting XSS in the GitHub repository inventree/inventree. This occurs by uploading SVG files, allowing for the storage of malicious scripts that can be...

PT-2022-6530 · Unknown · Pdf-Xchange Editor

Name of the Vulnerable Software and Affected Versions: PDF-XChange Editor affected versions not specified Description: The issue is related to a buffer overflow in memory when parsing EMF files, which can be exploited by remote attackers to execute arbitrary code. This requires user interaction,...

PT-2022-21130 · Microsoft · Uxtheme.Dll

Name of the Vulnerable Software and Affected Versions: Notepad++ versions 8.4.1 and before Description: The issue allows an attacker to replace the vulnerable dll UxTheme.dll with their own dll, enabling them to run arbitrary code in the context of Notepad++. This is a result of DLL hijacking...

PT-2022-20881 · Harbor · Harbor

Name of the Vulnerable Software and Affected Versions: Harbor versions prior to 2.5.2 Description: The issue arises from Harbor's failure to validate user permissions when updating tag immutability policies. This can be exploited by sending a request to update a tag immutability policy with an id...

PT-2022-15671 · WordPress · Featured Image From Url

Name of the Vulnerable Software and Affected Versions: Featured Image from URL FIFU WordPress plugin versions prior to 4.0.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks when the unfiltered html capability is disallowed, for...

PT-2022-9504 · WordPress +1 · Transposh Wordpress Translation Plugin +1

Name of the Vulnerable Software and Affected Versions: Transposh WordPress Translation plugin versions prior to 1.0.8 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because the a parameter is not properly sanitised and escaped via an AJAX action. This...