184382 matches found
PT-2024-37979
Name of the Vulnerable Software and Affected Versions ThinkSAAS version 3.7.0 Description A problematic issue has been found in the processing of the file app/system/action/do.php. The manipulation of the arguments site title, site subtitle, site key, site desc, site url, site email, site icp lea...
PT-2024-37803 · WordPress · Wp Mail Smtp
Name of the Vulnerable Software and Affected Versions: WP Mail SMTP plugin for WordPress versions up to, and including, 4.0.1 Description: The issue allows authenticated attackers with administrative-level access and above to view the SMTP password for the supplied server when viewing the setting...
PT-2024-37812 · WordPress · Reglevel
Name of the Vulnerable Software and Affected Versions: RegLevel plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages due to insufficient input...
PT-2024-19444 · Unknown · Admin Console
Name of the Vulnerable Software and Affected Versions: Admin console affected versions not specified Description: A cross-site scripting issue exists in the admin console OIDC Policy Management Editor, with the impact contained to admin console users only. Recommendations: At the moment, there is...
PT-2024-29748
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue arises from a race condition between the ice ptp extts event function and ice ptp release, leading to a NULL pointer dereference and resulting in a kernel panic. This occurs...
PT-2024-18881 · Qualcomm · Snapdragon +105
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue concerns information disclosure when handling Multi-link IE in a beacon frame. No details are provided about the estimated number of potential...
PT-2024-37117 · Itsourcecode · Itsourcecode Bakery Online Ordering System
Name of the Vulnerable Software and Affected Versions: itsourcecode Bakery Online Ordering System version 1.0 Description: A critical issue has been found in the itsourcecode Bakery Online Ordering System, affecting an unknown function of the file /admin/modules/product/controller.php?action=add...
PT-2024-5068 · Roku · Roku Indoor Camera Se
Name of the Vulnerable Software and Affected Versions: Kalay SDK versions affected versions not specified Owlet Cam version affected versions not specified Owlet Cam v1 Owlet Cam v2 Wyze Cam v3 Roku Indoor Camera SE Description: The issue is related to insufficient authentication of received data...
PT-2024-10351
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the incomplete cleanup of temporary or auxiliary resources in the Linux kernel, specifically in the s390/pkey component. This could allow an attacker to cause a...
PT-2024-14805 · Honeywell · Honeywell C300
Name of the Vulnerable Software and Affected Versions: Honeywell C300 affected versions not specified Description: The issue is related to a denial of service due to improper handling of a specially crafted message received by the controller. This can be exploited remotely. There is a critical...
PT-2024-4891 · Oracle · Oracle Complex Maintenance
Name of the Vulnerable Software and Affected Versions: Oracle Complex Maintenance, Repair, and Overhaul versions 12.2.3 through 12.2.13 Description: The issue is related to insufficient input validation in the LOV component of Oracle Complex Maintenance, Repair, and Overhaul, allowing an...
PT-2024-2997 · Siemens · Teamcenter Visualization +2
Name of the Vulnerable Software and Affected Versions: Parasolid versions prior to V35.1.254 Parasolid versions prior to V36.0.207 Parasolid versions prior to V36.1.147 JT2Go versions prior to V2312.0004 Teamcenter Visualization versions prior to V14.2.0.12 Teamcenter Visualization versions prior...
PT-2024-17997 · WordPress · Wp-Stateless
Name of the Vulnerable Software and Affected Versions: WP-Stateless – Google Cloud Storage plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to a missing capability check on the dismiss notices function, which allows authenticated attackers with...
PT-2024-15320 · Google · Android
Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: A logic error in the code of UserManagerService.java causes device policies to be serialized with an incorrect tag. This can lead to a local denial of service when policies are deserialized...
PT-2024-22112 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14.4 Description: A path handling issue was addressed with improved validation, which may allow an app to access user-sensitive data. Recommendations: For versions prior to 14.4, update to macOS Sonoma 14.4 to resolve...
PT-2024-18194
Name of the Vulnerable Software and Affected Versions Pyhtml2pdf version 0.0.6 Description The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. Recommendations For Pyhtml2pd...
PT-2024-18015 · Linksys · Linksys Wrt54G
Name of the Vulnerable Software and Affected Versions: Linksys WRT54GL version 4.30.18 Description: A vulnerability was found in the Web Management Interface of the Linksys WRT54GL, affecting an unknown part of the file /wlaninfo.htm. This issue leads to information disclosure. The exploit has be...
PT-2024-15878 · WordPress · Instant Images – One Click Image Uploads
Name of the Vulnerable Software and Affected Versions: The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress versions prior to 6.1.1 Description: The issue allows unauthorized arbitrary options update due to an insufficient check that...
PT-2023-16268 · Mongodb · Mongodb Atlas Kubernetes Operator
Name of the Vulnerable Software and Affected Versions: MongoDB Atlas Kubernetes Operator versions 1.5.0 through 1.7.0 Description: The issue affects MongoDB Atlas Kubernetes Operator, causing it to print sensitive information like GCP service account keys and API integration secrets when DEBUG mo...
PT-2023-29521 · Unknown · Online Food Ordering System
Name of the Vulnerable Software and Affected Versions: Online Food Ordering System version 1.0 Description: The issue concerns multiple Unauthenticated SQL Injection vulnerabilities in the Online Food Ordering System. Specifically, the deleted parameter of the routers/user-router.php resource doe...
PT-2023-6638 · Oracle · Oracle Flexcube Universal Banking
Name of the Vulnerable Software and Affected Versions: Oracle FLEXCUBE Universal Banking versions 12.3, 12.3 through 12.4, 14.0 through 14.3, 14.5 through 14.7 Description: The issue is related to insufficient input validation in the Infrastructure component of Oracle FLEXCUBE Universal Banking,...
PT-2023-27199 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions 4.1 through 4.1.38 WordPress versions 4.2 through 4.2.35 WordPress versions 4.3 through 4.3.31 WordPress versions 4.4 through 4.4.30 WordPress versions 4.5 through 4.5.29 WordPress versions 4.6 through 4.6.26 WordPress...
PT-2023-9488 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the mctp component in the Linux kernel, where route lookups are performed without proper read-side critical section locks, leading to potential preemption and...
PT-2023-27461 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 14 Description: A permissions issue was addressed with additional restrictions. This issue allows a sandboxed process to potentially circumvent sandbox restrictions. Recommendations: For versions prior to 14, update to...
PT-2023-8744 · Linux +8 · Linux Kernel +8
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.0-rc1-syzkaller-00236-gad8a69f361b9 Description: The vulnerability is related to a data-race condition in the br handle frame finish function, which can run from multiple CPUs without mutual exclusion. This...
PT-2023-9655 · Autodesk · Autodesk Autocad
Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: The issue is related to an Out-of-Bounds Write vulnerability in the libodxdll.dll library of Autodesk AutoCAD, caused by parsing a maliciously crafted MODEL file. This can allow an...
PT-2023-7510 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.62 Description: The issue is related to an inappropriate implementation in the Web Browser UI, allowing a remote attacker to potentially spoof the contents of an iframe dialog context menu via a...
PT-2025-18579 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the tipc nl compat name table dump header function. The issue was caused by a missing type cast of sizeof.. to int, whi...
PT-2023-3585 · Git +10 · Git +10
Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.30.9 Git versions prior to 2.31.8 Git versions prior to 2.32.7 Git versions prior to 2.33.8 Git versions prior to 2.34.8 Git versions prior to 2.35.8 Git versions prior to 2.36.6 Git versions prior to 2.37.7 Git versio...
PT-2023-23726 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud server versions 24.0.0 through 24.0.10 Nextcloud server versions 25.0.0 through 25.0.4 Nextcloud server versions prior to 26.0.0 Description: The issue is related to missing brute-force protection on the WebDAV endpoints via the bas...
PT-2023-13393 · Dell · Dell Precision Bios +1
Name of the Vulnerable Software and Affected Versions: Dell PowerEdge BIOS affected versions not specified Dell Precision BIOS affected versions not specified Description: The issue is related to an Improper SMM communication buffer verification vulnerability. A local malicious user with high...
PT-2023-12689 · Red Hat · Keycloak Node.Js Adapter
Name of the Vulnerable Software and Affected Versions: Keycloak Node.js Adapter affected versions not specified Description: A flaw was found in the Keycloak Node.js Adapter, allowing an attacker to benefit from an Open Redirect vulnerability in the checkSso function. This issue is also present...
PT-2025-13313 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the hv balloon component when using the debugfs lookup function. The issue arises because the result of...
PT-2022-26532 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue, such as general information, estimated number of potentially affected devices...
PT-2022-5921 · Linux +4 · Linux +4
Name of the Vulnerable Software and Affected Versions: Linux affected versions not specified Description: A use-after-free flaw caused by a race among the superblock operations in the gadgetfs Linux driver was found. It could be triggered by yanking out a device that is running the gadgetfs side...
PT-2024-11847 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a crash when replugging CSR fake controllers in the Linux kernel's Bluetooth component. It seems that fake CSR 5.0 clones can cause the suspend notifier to be...
PT-2022-26759 · Unknown · Sourcecodester Password Storage Application
Name of the Vulnerable Software and Affected Versions: Sourcecodester Password Storage Application in PHP/OOP and MySQL version 1.0 Description: The issue concerns multiple cross-site scripting XSS vulnerabilities. These vulnerabilities can be exploited via the Name, Username, Description, and Si...
PT-2022-23624 · D Link · D-Link G Integrated Access Device4
Name of the Vulnerable Software and Affected Versions: D-Link - G integrated Access Device4 affected versions not specified Description: The issue concerns information disclosure and authorization bypass. It involves a file containing a URL with a private IP address and default username value...
PT-2022-33242 · Unknown · Openvswitch
Name of the Vulnerable Software and Affected Versions: openvswitch versions prior to v5.19.8 Description: A memory leak issue was discovered in openvswitch, related to failed datapath creation. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior...
PT-2022-7210 · Linux +7 · Linux Kernel +7
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.6 Description: An issue in the Linux kernel's net/netfilter/nf tables api.c component can cause a denial of service when binding to an already bound chain. The vulnerability is related to errors in resource...
PT-2022-3986 · Cisco · Cisco Webex Meetings
Name of the Vulnerable Software and Affected Versions: Cisco Webex Meetings affected versions not specified Description: The issue exists due to insufficient protection of the web page structure in the web interface of Cisco Webex Meetings. This could allow a remote attacker to conduct a cross-si...
PT-2022-20494 · Glpi +1 · Glpi +1
Name of the Vulnerable Software and Affected Versions: GLPI versions prior to 10.0.2 Description: The issue affects all assistance forms, including Ticket, Change, and Problem, allowing sql injection on the actor fields. This has been resolved in version 10.0.2. Recommendations: For versions prio...
PT-2022-2509 · Linux +9 · Linux Kernel +9
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a memory leak problem in the TCP source port generation algorithm, which may allow an attacker to leak information and potentially cause a denial of service...
PT-2022-7490 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to a race condition in the configfs component of the Linux kernel. When configfs register subsystem or configfs unregister subsystem is executing link grou...
PT-2022-12590 · Siemens · Simcenter Femap
Name of the Vulnerable Software and Affected Versions: Simcenter Femap versions 2020.2 through 2021.1 Description: A memory corruption issue has been identified in the affected application while parsing NEU files. This could allow an attacker to execute code in the context of the current process...
PT-2021-7531 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.16-rc6 Description: An issue was discovered in the Linux kernel where the uapi finalize function in drivers/infiniband/core/uverbs uapi.c lacks a check of kmalloc array. This issue is related to a pointer...
PT-2021-8146 · Linux +4 · Linux Kernel +4
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16.0-rc5+ Description: The vulnerability is related to the veth component of the Linux kernel, which fails to properly check for shared or cloned skbs when GRO is enabled on a veth device and TSO is disabled o...
PT-2021-7530 · Linux +5 · Linux Kernel +5
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16-rc6 Description: The issue is related to the ef100 update stats function in the drivers/net/ethernet/sfc/ef100 nic.c module of the Linux kernel, which lacks a check of the return value of kmalloc. This can...
PT-2021-5354 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle versions 3.11 to 3.11.3 Moodle versions 3.10 to 3.10.7 Moodle versions 3.9 to 3.9.10 Moodle versions earlier than 3.9 Description: The issue is related to errors in code generation management, allowing a remote attacker to execute...
PT-2021-23860 · Mozilla +2 · Firefox +2
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 94 Description: The issue allows a website to potentially steal authentication tokens by tricking a user into copying and pasting an image link that contains the token. This can happen when an image triggers...