PT-2025-27329 · Unknown · Code-Projects Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Inventory Management System version 1.0 Description: A critical vulnerability was found in the code-projects Inventory Management System. This affects an unknown part of the file /php action/editOrder.php. The manipulation leads...

PT-2025-27079 · Sofass · Sofass

Name of the Vulnerable Software and Affected Versions: Sofass versions 1.3.4 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This means...

CVE-2024-28213

nGrinder before 3.5.9 allows to accept serialized Java objects from unauthenticated users, which could allow remote attacker to execute arbitrary code via unsafe Java objects deserialization...

CVE-2023-2329

The WooCommerce Google Sheet Connector WordPress plugin before 1.3.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2023-2330

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

CVE-2023-2326

The Gravity Forms Google Sheet Connector WordPress plugin before 1.3.5, gsheetconnector-gravityforms-pro WordPress plugin through 1.3.5 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF...

CVE-2022-25226

ThinVNC version 1.0b1 allows an unauthenticated user to bypass the authentication process via 'http://thin-vnc:8080/cmd?cmd=connect' by obtaining a valid SID without any kind of authentication. It is possible to achieve code execution on the server by sending keyboard or mouse events to the serve...

CVE-2022-39147

A vulnerability has been identified in Parasolid V33.1 All versions = V33.1.262 = V35.0.161 V35.0.164, Simcenter Femap V2022.1 All versions V2022.1.3, Simcenter Femap V2022.2 All versions V2022.2.2. The affected application is vulnerable to uninitialized pointer access while parsing specially...

CVE-2020-29042

An issue was discovered in BigBlueButton through 2.2.29. A brute-force attack may occur because an unlimited number of codes can be entered for a meeting that is protected by an access code...

CVE-2023-2334

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a...

CVE-2023-2334

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a...

CVE-2023-2334

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a...

CVE-2023-2334

CVE-2023-2334 affects the edd-google-sheet-connector-pro WordPress plugin (< 1.4) and the Easy Digital Downloads Google Sheet Connector plugin (

CVE-2023-2334 Easy Digital Downloads Google Sheet Connector < 1.6.6 - Access Code Update via CSRF

The edd-google-sheet-connector-pro WordPress plugin before 1.4, Easy Digital Downloads Google Sheet Connector WordPress plugin before 1.6.6 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a...

PT-2025-20996

Name of the Vulnerable Software and Affected Versions: Microsoft Office affected versions not specified Description: The issue is related to a use-after-free condition in Microsoft Office, allowing an unauthorized attacker to execute code locally. This can potentially enable remote attackers to...

CVE-2025-3711

The CVE-2025-3711 entry concerns the ATEN LCD KVM over IP Switch CL5708IM. Reported as a stack-based buffer overflow in firmware versions prior to v2.2.215, it allows unauthenticated remote attackers to execute arbitrary code on the device. Several connected sources corroborate a network-exposed ...

PT-2025-24452

Name of the Vulnerable Software and Affected Versions: Android affected versions not specified Description: The issue resides within the System component of the Android operating system and is related to improper code generation management. Remote attackers may be able to execute arbitrary code b...

CVE-2025-31352

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UpdateGateways' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32846

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

CVE-2025-32872

TeleControl Server Basic (Siemens) prior to v3.1.2.2 contains SQL injection in the GetOverview path, enabling an authenticated remote attacker to bypass authorization, read/write the database and execute code with NT AUTHORITY\NetworkService permissions. Attack requires access to port 8000 where ...