PT-2024-1991 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an out-of-bounds access in the of pwm single xlate function of the Linux kernel's PWM Pulse Width Modulation driver. This can potentially allow an attacker to...

PT-2024-2766 · Isc +10 · Bind 9 +10

Name of the Vulnerable Software and Affected Versions: BIND 9 versions 9.12.0 through 9.16.45 BIND 9 versions 9.18.0 through 9.18.21 BIND 9 versions 9.19.0 through 9.19.19 BIND 9 versions 9.16.8-S1 through 9.16.45-S1 BIND 9 versions 9.18.11-S1 through 9.18.21-S1 Description: A flaw in...

PT-2024-19005 · Unknown · Discord-Recon

Name of the Vulnerable Software and Affected Versions: Discord-Recon versions prior to 0.0.8 Description: Discord-Recon is a Discord bot created to automate bug bounty recon, automated scans, and information gathering via a Discord server. It is vulnerable to remote code execution, allowing an...

PT-2024-4517 · WordPress · Learnpress

Name of the Vulnerable Software and Affected Versions: LearnPress plugin for WordPress versions up to, and including, 4.2.5.7 Description: The issue is related to the LearnPress plugin for WordPress, which is vulnerable to command injection in all versions up to, and including, 4.2.5.7. This...

PT-2023-32867 · Uniway · Uniway Uw-302Vp

Name of the Vulnerable Software and Affected Versions: Uniway UW-302VP version 2.0 Description: A vulnerability was found in the Admin Web Interface of Uniway UW-302VP, affecting the processing of the file /boaform/wlan basic set.cgi. The manipulation of the wlanssid/password argument leads to...

PT-2023-31020 · Unknown · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 6.1.53 Description: An arbitrary file upload issue in the /admin/api.upload/file component allows attackers to execute arbitrary code via a crafted Zip file. Recommendations: For ThinkAdmin version 6.1.53, consider disablin...

PT-2023-7442 · Schweitzer Engineering Laboratories · Sel-451

Name of the Vulnerable Software and Affected Versions: Schweitzer Engineering Laboratories SEL-451 affected versions not specified Description: The issue is related to insufficient entropy in the microprogram of the protective relay phase sequence of the Schweitzer Engineering Laboratories SEL-45...

PT-2023-32292 · WordPress · Wordpress Backup & Migration

Name of the Vulnerable Software and Affected Versions: WordPress Backup & Migration plugin versions prior to 1.4.4 Description: The issue allows users with a role as low as Subscriber to perform Cross-Site Scripting attacks due to the plugin's failure to sanitise and escape some parameters...

PT-2023-31808 · WordPress · Bonus For Woo

Name of the Vulnerable Software and Affected Versions: Bonus for Woo WordPress plugin versions prior to 5.8.3 Description: The issue is related to Reflected Cross-Site Scripting, which occurs because some parameters are not properly sanitised and escaped before being outputted back in pages. This...

PT-2023-7216 · Microsoft +6 · Net +8

Name of the Vulnerable Software and Affected Versions: .NET, .NET Framework, and Visual Studio affected versions not specified Description: The issue is related to insufficient access restrictions in the Microsoft .NET Framework and Visual Studio, allowing a remote attacker to elevate their...

PT-2023-27325 · Unknown · Rednao Donations Made Easy – Smart Donations

Name of the Vulnerable Software and Affected Versions: RedNao Donations Made Easy – Smart Donations versions 4.0.12 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL...

PT-2023-30028 · Sourcecodester · Sourcecodester Inventory Management System

Name of the Vulnerable Software and Affected Versions: Sourcecodester Free and Open Source inventory management system version 1.0 Description: The issue allows an arbitrary user to change the password of another user and take over the account via Insecure Direct Object Reference IDOR in the...

PT-2023-7331 · Google +5 · Mojo Ipc +6

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 119.0.6045.199 Microsoft Edge versions affected versions not specified Description: The issue is related to a use after free vulnerability in the Mojo IPC library, which can be exploited by a remote attacker to...

PT-2023-6457 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x through 20.x Description: The issue arises when the Node.js policy feature checks the integrity of a resource against a trusted manifest. An application can intercept this operation and return a forged checksum to the...

PT-2023-6540 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.117 Microsoft Edge versions prior to 118.0.5993.117 Description: The issue is related to a use after free in the Profiles component, which can be exploited by a remote attacker using a crafted HTML...

PT-2023-21122 · WordPress · Yas Global Team Make Paths Relative

Name of the Vulnerable Software and Affected Versions: YAS Global Team Make Paths Relative versions 1.3.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the YAS Global Team Make Paths Relative plugin, allowing for Cross Site Request Forgery. Recommendations: For versions...

PT-2024-5217 · Libvpx +7 · Libvpx +7

Name of the Vulnerable Software and Affected Versions: libvpx versions prior to 1.13.1 Description: A heap overflow issue exists in libvpx when encoding a frame with larger dimensions than the originally configured size using VP9, potentially resulting in a heap overflow. Recommendations: For...

PT-2023-27908 · Sofarpc · Sofarpc

Name of the Vulnerable Software and Affected Versions: SOFARPC versions prior to 5.11.0 Description: SOFARPC is a Java RPC framework. Through a carefully crafted payload, an attacker can achieve JNDI injection or system command execution. The default configuration of the SOFARPC framework uses a...

PT-2023-28583 · WordPress · Masterstudy Lms Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS WordPress Plugin versions prior to 3.0.18 Description: The issue allows anyone to register on the site as an instructor due to improper checks during registration. This enables them to add courses and/or posts. Recommendations...

PT-2023-27068 · Prestashop · Updateproducts Prestashop Module +1

Name of the Vulnerable Software and Affected Versions: MyPrestaModules Prestashop Module version 6.2.9 UpdateProducts Prestashop Module version 3.6.9 Description: A PHPInfo information disclosure issue was discovered in the send.php file, allowing potential access to sensitive information...

PT-2023-4781 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.179 Description: The issue is related to incorrect security UI in the BFCache component of Google Chrome, allowing a remote attacker to spoof the contents of the Omnibox URL bar via a crafted HTML...

PT-2023-19190 · Github · Github Enterprise Server

Name of the Vulnerable Software and Affected Versions: GitHub Enterprise Server affected versions not specified Description: An incorrect comparison issue was identified that allows commit smuggling by displaying an incorrect diff in a re-opened Pull Request. To exploit this, an attacker needs...

PT-2023-8716

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified kernel-image-rpi-un version 6.1.77-alt1 Description The Linux kernel contains a flaw within the ksmbd module, specifically in the ksmbd decode ntlmssp auth blob function. This issue relates to a...

PT-2023-9332 · Unknown +5 · Alertmanager +5

Name of the Vulnerable Software and Affected Versions: Alertmanager versions prior to 0.2.51 Description: The issue is related to the improper neutralization of input data during web page generation in the /api/v1/alerts endpoint of the Alertmanager component in the Prometheus monitoring system. ...

PT-2023-4494 · Google +2 · Google Chrome +2

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 116.0.5845.110 Description: The issue is related to an out of bounds memory access in the Fonts component of Google Chrome, which can be exploited by a remote attacker. This can allow the attacker to perform an...

PT-2023-28584 · WordPress · User Activity Log

Name of the Vulnerable Software and Affected Versions: User Activity Log WordPress plugin versions prior to 1.6.7 Description: The issue allows an attacker to manipulate the client IP address value retrieved by the plugin, potentially hiding the source of malicious traffic. This is due to the...

PT-2023-27354 · Apache · Apache Airflow Spark Provider

Name of the Vulnerable Software and Affected Versions: Apache Airflow Spark Provider versions prior to 4.1.3 Description: The issue allows an attacker to pass in malicious parameters when establishing a connection, giving an opportunity to read files on the Airflow server. Recommendations: For...

PT-2023-27405 · Jenkins · Jenkins Gogs Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Gogs Plugin versions 1.0.15 and earlier Description: The webhook endpoint in Jenkins Gogs Plugin provides unauthenticated attackers with information about the existence of jobs in its output. This endpoint, located at "/gogs-webhook",...

PT-2023-15937 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder WordPress plugin versions prior to 3.5.5 Description: The issue allows user-controlled URLs to be loaded into the DOM without proper filtering. This could be exploited to inject rogue iframes that point to malicious...

PT-2023-24910

Name of the Vulnerable Software and Affected Versions Canto plugin for WordPress versions up to, and including, 3.0.4 Description The Canto plugin for WordPress is vulnerable to Remote File Inclusion via the wp abspath parameter. This allows unauthenticated attackers to include and execute...

PT-2023-23688 · Opentext / Micro Focus · Opentext / Micro Focus Arcsight Management Center

Name of the Vulnerable Software and Affected Versions: OpenText / Micro Focus ArcSight Management Center affected versions not specified Description: A potential issue has been identified in OpenText / Micro Focus ArcSight Management Center, which could be remotely exploited. Recommendations: At...

PT-2023-4548 · Node.Js +10 · Node.Js +10

Name of the Vulnerable Software and Affected Versions: Node.js versions 16.x through 20.x Description: The issue is related to the use of module.constructor.createRequire, which can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This...

PT-2023-4303 · Amd +10 · Amd Cpus +12

Name of the Vulnerable Software and Affected Versions: AMD CPUs affected versions not specified AMD Zen CPUs affected versions not specified AMD Zen1 to Zen4 CPUs affected versions not specified Description: A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence t...

PT-2023-6795 · Apple +6 · Safari +7

Name of the Vulnerable Software and Affected Versions: Safari versions prior to 17 Description: This issue is related to improved iframe sandbox enforcement. An attacker with JavaScript execution may be able to execute arbitrary code. The vulnerability is also associated with the WPE WebKit and...

PT-2023-4108 · Google +3 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.170 Description: The issue is related to a type confusion in the V8 JavaScript engine, which can potentially allow a remote attacker to exploit heap corruption via a crafted HTML page. This can lead ...

PT-2023-26094 · Powerjob · Powerjob

Name of the Vulnerable Software and Affected Versions: PowerJob version 4.3.3 Description: A remote command execution issue was discovered, allowing exploitation via the instanceId parameter at the "/instance/detail" API endpoint. Recommendations: For PowerJob version 4.3.3, consider restricting...

PT-2023-26321 · Unknown · Y Project Ruoyi

Name of the Vulnerable Software and Affected Versions: y project RuoYi versions up to 4.7.7 Description: A vulnerability has been found in the function uploadFilesPath of the component File Upload. The manipulation of the argument originalFilenames leads to cross site scripting. The attack may be...

PT-2023-24633 · Woocommerce · Pi Websolution Conditional Shipping & Advanced Flat Rate Shipping Rates / Flexible Shipping

Name of the Vulnerable Software and Affected Versions: PI Websolution Conditional shipping & Advanced Flat rate shipping rates / Flexible shipping for WooCommerce shipping plugin versions = 1.6.4.4 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This means an...

PT-2023-17427 · WordPress · Prepost Seo

Name of the Vulnerable Software and Affected Versions: PrePost SEO WordPress plugin versions through 3.0 Description: The issue arises from the plugin's failure to properly sanitize some of its settings. This could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks, eve...

PT-2023-4277 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.1.2 Description: The issue is related to a lack of authentication and authorization in the eventon ics download ajax action of the EventON WordPress plugin. This allows unauthenticated visitors to...

PT-2023-25706 · Sealos · Sealos

Name of the Vulnerable Software and Affected Versions: Sealos versions 4.2.0 and prior Description: Sealos, a Cloud Operating System for managing cloud-native applications, has a permission flaw in its billing system. This flaw allows users to control the recharge resource account via the...

PT-2023-19340 · WordPress · Qubot

Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue concerns the QuBot WordPress plugin, where it fails to filter user input on chat. This allows malicious code to be inserted and reflected on the user dashboard...

PT-2023-19360 · WordPress · Qubot

Name of the Vulnerable Software and Affected Versions: QuBot WordPress plugin versions prior to 1.1.6 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example in multisit...

PT-2023-15780 · Unknown · Cp Dump Driver

Name of the Vulnerable Software and Affected Versions: cp dump driver affected versions not specified Description: The issue is related to a missing bounds check in the cp dump driver, which could lead to a possible out of bounds write. This might result in a local denial of service and requires...

PT-2023-21652 · WordPress · Reviewx

Name of the Vulnerable Software and Affected Versions: ReviewX plugin for WordPress versions up to, and including, 1.6.13 Description: The issue is related to privilege escalation due to insufficient restriction on the rx set screen options function. This allows authenticated attackers with minim...

PT-2023-23648 · Vipre · Vipre Antivirus Plus

Name of the Vulnerable Software and Affected Versions: VIPRE Antivirus Plus affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target syste...

PT-2023-24605 · Multiversx · Mx-Chain-Go

Name of the Vulnerable Software and Affected Versions: mx-chain-go versions prior to 1.4.16 Description: The metachain cannot process a cross-shard miniblock. An invalid transaction with the wrong username on metachain is not treated correctly on the metachain transaction processor, which is a...

PT-2023-19322 · Broadcom · Symantec Siteminder Webagent

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned. Description: A user can supply malicious HTML and JavaScript code that will be executed in the client browser. Recommendations: At the moment, there is no information about a newer version that...

PT-2023-2947 · Google +2 · Swiftshader +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 114.0.5735.90 Description: The issue is related to an out of bounds write in Swiftshader, a library used by Google Chrome. This could potentially allow a remote attacker to exploit heap corruption via a crafted...

PT-2023-20394 · Eclipse +2 · Eclipse Openj9 +2

Name of the Vulnerable Software and Affected Versions: Eclipse Openj9 versions prior to 0.38.0 Description: The issue is caused by improper bounds checking in the implementation of the shared cache, which is enabled by default in OpenJ9 builds. Specifically, the size of a string is not properly...