Vulnerability Summary for the Week of February 5, 2024 | CISA
1panel-dev — 1panel 1Panel is an open source Linux server operation and maintenance management panel. The HTTPS cookie that comes with the panel does not have the Secure keyword, which…
Vulnerability Summary for the Week of January 29, 2024 | CISA
aam — advanced_access_manager_restricted_content_users_&_roles_enhanced_security_and_more Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in AAM Advanced Access Manager – Restricted Content, Users & Roles, Enhanced Security and More allows…
Vulnerability Summary for the Week of January 22, 2024 | CISA
BORGChat — borgchat A vulnerability, which was classified as problematic, was found in BORGChat 1.0.0 Build 438. This affects an unknown part of the component Service Port 7551. The manipulation…
Vulnerability Summary for the Week of January 15, 2024 | CISA
ELAN — match-on-Chip_FPR ELAN Match-on-Chip FPR solution has design fault about potential risk of valid SID leakage and enumeration with spoof sensor. This fault leads to that Windows Hello recognition…
Vulnerability Summary for the Week of January 8, 2024 | CISA
abocms — abo.cms SQL Injection vulnerability in ABO.CMS v.5.9.3, allows remote attackers to execute arbitrary code via the d parameter in the Documents module. 2024-01-06 9.8 [email protected] acme — ultra_mini_httpd…
Vulnerability Summary for the Week of January 1, 2024 | CISA
7-card — fakabao A vulnerability has been found in 7-card Fakabao up to 1.0_build20230805 and classified as critical. Affected by this vulnerability is an unknown functionality of the file shop/alipay_notify.php.…
Vulnerability Summary for the Week of December 25, 2023 | CISA
advplyr — audiobookshelf Audiobookshelf is a self-hosted audiobook and podcast server. Prior to 2.7.0, Audiobookshelf is vulnerable to unauthenticated blind server-side request (SSRF) vulnerability in Auth.js. This vulnerability has been…
Vulnerability Summary for the Week of December 18, 2023 | CISA
adobe — experience_manager Adobe Experience Manager versions 6.5.18 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious…
Vulnerability Summary for the Week of December 11, 2023 | CISA
adobe — after_effects Adobe After Effects versions 24.0.3 (and earlier) and 23.6.0 (and earlier) are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An…
Vulnerability Summary for the Week of December 4, 2023 | CISA
alen_soft — ttplayer DLL hijacking vulnerability in TTplayer version 7.0.2, allows local attackers to escalate privileges and execute arbitrary code via urlmon.dll. 2023-12-07 not yet calculated CVE-2023-48861 ami — aptiov…