EUVD-2026-31505

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

PT-2026-36604

Name of the Vulnerable Software and Affected Versions itsourcecode Courier Management System version 1.0 Description A remote SQL injection exists in the /edit user.php file. This issue occurs when the ID argument is manipulated, allowing an attacker to execute arbitrary SQL commands...

PT-2025-53626

Name of the Vulnerable Software and Affected Versions jackq XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261 Description A flaw exists in jackq XCMS that allows for unrestricted file upload. The issue is located in the Upload function within the...

PT-2025-50974

Name of the Vulnerable Software and Affected Versions Atcom 100M IP Phones versions 2.7.x.x Description The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The cmd parameter within the 'web...

PT-2025-34705 · Itsourcecode · Apartment Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security issue exists in itsourcecode Apartment Management System 1.0. The vulnerability is located in the file /owner/addowner.php within an unknown function. Manipulation o...

PT-2025-33731

Name of the Vulnerable Software and Affected Versions: Plesk Obsidian version 18.0.70 Description: The isAdminPasswordValid function in Plesk Obsidian uses a weak comparison == which allows an attacker to bypass the administrator password if the correct password is in the format "0e" followed by...

PT-2025-29497 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SemCms version 5.0 Description: SemCms version 5.0 contains a SQL injection issue via the lgid parameter at the SEMCMS Link.php file. Recommendations: As a temporary workaround, consider restricting access to the SEMCMS Link.php file to...

PT-2025-17345

Name of the Vulnerable Software and Affected Versions DaiCuo version 1.3.13 Description A vulnerability was found in the SEO Optimization Settings Section component, which can lead to cross-site scripting. The attack may be launched remotely. Recommendations For DaiCuo version 1.3.13, consider...

PT-2025-9510 · Unknown +1 · Tuleap Community Edition +2

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 16.4.99.1740067916 Tuleap Enterprise Edition versions prior to 16.4-5 and 16.3-10 Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. It allows cross-site...

PT-2025-5584 · Acronis · Acronis Cyber Protect Cloud Agent

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Cloud Agent Windows versions prior to build 39378 Description: The issue is related to a local privilege escalation due to a DLL hijacking vulnerability. This means that an attacker could potentially exploit the...

PT-2025-1115

Name of the Vulnerable Software and Affected Versions Moxa EDS-508A Series versions 3.11 and earlier Description The Moxa EDS-508A Series Ethernet switch is vulnerable to an authentication bypass due to flaws in its authorization mechanism. Although both client-side and back-end server verificati...

PT-2025-1804 · WordPress · Infility Global

Name of the Vulnerable Software and Affected Versions: Infility Global plugin for WordPress versions up to, and including, 2.9.8 Description: The issue is related to Reflected Cross-Site Scripting via the set type parameter due to insufficient input sanitization and output escaping. This allows...

PT-2024-17160 · Engenius · Engenius Ens500-Ac +2

Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT versions up to 20241118 Description: A critical issue affects an unknown function of the file /admin/network/wifi schedule. The manipulation of the argument wifi schedule day em 5 leads to command...

PT-2024-33254 · Zohocorp · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADManager Plus versions 7241 and prior Description: The issue is related to SQL Injection in the Archived Audit Report. This allows for potential exploitation. Recommendations: For versions 7241 and prior, update to a...

PT-2024-11553 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for an Account Takeover via a POST request to "/profile/updateProfile" using the userId and email parameters. Authentication is required to exploit this issue. Recommendation...

PT-2024-33374 · WordPress · Ahmeti Wp Timeline

Name of the Vulnerable Software and Affected Versions: Ahmeti Wp Timeline versions prior to 5.1 Description: A Cross-Site Request Forgery CSRF issue exists in Ahmet Imamoglu Ahmeti Wp Timeline, allowing Stored XSS. Recommendations: For versions prior to 5.1, update to a version that includes a fi...

PT-2024-39868 · WordPress · The Imagepress – Image Gallery

Name of the Vulnerable Software and Affected Versions: The ImagePress – Image Gallery plugin for WordPress versions prior to 1.2.3 Description: The issue allows authenticated attackers with Subscriber-level access and above to modify data without authorization. This is due to a missing capability...

PT-2024-27836 · Themesphere · Themesphere Smartmag

Name of the Vulnerable Software and Affected Versions: ThemeSphere SmartMag versions prior to 9.3.0 Description: The issue is related to Exposure of Sensitive Information to an Unauthorized Actor and Missing Authorization vulnerability. It allows excavation and accessing functionality not properl...

PT-2024-38472 · Sourcecodester · Sourcecodester Kortex Lite Advocate Office Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Kortex Lite Advocate Office Management System version 1.0 Description: A critical issue has been found in the processing of the file delete register.php, where the manipulation of the case register id argument leads to SQL...

PT-2024-5838 · Calibre · Calibre

Name of the Vulnerable Software and Affected Versions: Calibre versions prior to 7.14.0 Description: The issue is related to path traversal in the software, allowing unauthenticated attackers to achieve arbitrary file read. This is due to incorrect restriction of the directory path name with...