Latest CVE Feed
-
0.0
NONECVE-2023-42232
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Navigator/Index function.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2023-42231
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can delete admin users by sending a request to the "WSCView/Delete" function.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2023-42229
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal. Arbitrary files can be created on the system via authenticated SOAP requests to the WSConnector service.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2023-42228
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Incorrect Access Control. Low privileged users can edit their own ACL rules by sending a request to the "AclList/SaveAclRules" administrative function.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2023-42227
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the WSCView/Save function.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2023-42226
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via Email/SaveAttachment function.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2023-42225
Pat Infinite Solutions HelpdeskAdvanced <= 11.0.33 is vulnerable to Directory Traversal via the Attachment/DownloadTempFile function.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
6.1
CVSS31CVE-2025-23026
jte (Java Template Engine) is a secure and lightweight template engine for Java and Kotlin. In affected versions Jte HTML templates with `script` tags or script attributes that include a Javascript template string (backticks) are subject to XSS. The `java... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22619
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_permissoes.php` endpoint of the WeGIA application. This vulnerabili... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22618
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_cargo.php` endpoint of the WeGIA application. This vulnerability al... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22617
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `editar_socio.php` endpoint of the WeGIA application. This vulnerability al... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22616
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_parentesco_adicionar.php` endpoint of the WeGIA application. This ... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22615
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `Cadastro_Atendido.php` endpoint of the WeGIA application. This vulnerabili... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22614
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `dependente_editarInfoPessoal.php` endpoint of the WeGIA application. This vul... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22144
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. A user with admincp.core.emails or admincp.users.edit permissions can validate users and an attacker can reset their password. When the account is successfully approved b... Read more
Affected Products : nameless- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22142
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In affected versions an admin can add the ability to have users fill out an additional field and users can inject javascript code into it that would be activated once a s... Read more
Affected Products : nameless- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-22138
@codidact/qpixel is a Q&A-based community knowledge-sharing software. In affected versions when a category is set to private or limited-visibility within QPixel's admin tools, suggested edits within this category can still be viewed by unprivileged or ano... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
4.2
CVSS31CVE-2025-22134
When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore may try to access beyond the end of a line in a buffer. In Patch ... Read more
Affected Products : vim- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
0.0
NONECVE-2025-23027
next-forge is a Next.js project boilerplate for modern web application. The BASEHUB_TOKEN commited in apps/web/.env.example. Users should avoid use of this token and should remove any access it may have in their systems.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025
-
7.2
CVSS31CVE-2024-46481
The login page of Venki Supravizio BPM up to 18.1.1 is vulnerable to open redirect leading to reflected XSS.... Read more
Affected Products :- Published: Jan. 13, 2025
- Modified: Jan. 13, 2025