Category: Bulletins

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. 2025-03-04 10 CVE-2024-50704 n/a–n/a …

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info n/a–n/a  Unauthenticated remote code execution vulnerability in Uniguest Tripleplay before 24.2.1 allows remote attackers to execute arbitrary code via a specially crafted HTTP POST request. 2025-03-04 10 CVE-2024-50704 n/a–n/a …

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info jupyterhub–ltiauthenticator  `jupyterhub-ltiauthenticator` is a JupyterHub authenticator for learning tools interoperability (LTI). LTI13Authenticator that was introduced in `jupyterhub-ltiauthenticator` 1.3.0 wasn’t validating JWT signatures. This is believed to allow the LTI13Authenticator…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info a1post–A1POST.BG Shipping for Woo  Cross-Site Request Forgery (CSRF) vulnerability in a1post A1POST.BG Shipping for Woo allows Privilege Escalation. This issue affects A1POST.BG Shipping for Woo: from n/a through 1.5.1.…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info ABB–System 800xA  A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info ABB–System 800xA  A vulnerability exists in the VideONet product included in the listed System 800xA versions, where VideONet is used.  An attacker who successfully exploited the vulnerability could, in…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info .TUBE gTLD–.TUBE Video Curator  Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in .TUBE gTLD .TUBE Video Curator allows Reflected XSS. This issue affects .TUBE Video…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 0xPolygonZero–plonky2  Plonky2 is a SNARK implementation based on techniques from PLONK and FRI. Lookup tables, whose length is not divisible by 26 = floor(num_routed_wires / 3) always include the…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info aEnrich Technology–a+HRD  The a+HRD from aEnrich Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents. 2025-01-20…

Read more →

High Vulnerabilities PrimaryVendor — Product Description Published CVSS Score Source Info 1000 Projects–Campaign Management System Platform for Women  A vulnerability was found in 1000 Projects Campaign Management System Platform for Women 1.0. It has been declared as critical. Affected by…

Read more →