PT-2025-8946 · Hkcms · Hkcms

Name of the Vulnerable Software and Affected Versions: HkCms version 2.3.2.240702 Description: The issue is related to an arbitrary file write vulnerability in the Appcenter.php component. This vulnerability allows for the writing of files to arbitrary locations, potentially leading to security...

PT-2025-7583 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-641 Description: A buffer overflow issue in Bento4 allows a local attacker to execute arbitrary code via the AP4 Stz2Atom::AP4 Stz2Atom component located in Ap4Stz2Atom.cpp. This enables local arbitrary code execution...

PT-2025-6899 · Microworld · Microword Escan Antivirus

Name of the Vulnerable Software and Affected Versions: MicroWord eScan Antivirus version 7.0.32 Description: A critical vulnerability was found in the USB Password Handler component of MicroWord eScan Antivirus, leading to os command injection. The attack must be approached locally and has a high...

PT-2025-3550 · Lunasvg · Lunasvg

Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: The issue is related to an allocation-size-too-big bug in the plutovg surface create component. This bug can be exploited. Recommendations: For lunasvg version 3.0.0, consider disabling the plutovg surface...

PT-2025-3122 · Unknown · Rar Extractor - Unarchiver

Name of the Vulnerable Software and Affected Versions: RAR Extractor - Unarchiver Free and Pro version 6.4.0 Description: The issue allows local attackers to inject arbitrary code, potentially leading to remote control and unauthorized access to sensitive user data via the exploit combined.dylib...

PT-2025-3953 · Unknown · Campcodes School Management

Name of the Vulnerable Software and Affected Versions: CampCodes School Management Software version 1.0 Description: A problematic vulnerability was found in the Photo Gallery Page component of the software, specifically in an unknown function of the file /photo-gallery. The manipulation of the...

PT-2025-3482 · Monetdb · Monetdb Server

Name of the Vulnerable Software and Affected Versions: MonetDB Server version 11.47.11 Description: An issue in the BATcalcbetween intern component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server version 11.47.11, consider disablin...

PT-2025-3492 · Monetdb · Monetdb Server

Name of the Vulnerable Software and Affected Versions: MonetDB Server version 11.49.1 Description: An issue in the merge table prune and unionize component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server version 11.49.1, consider...

PT-2025-3557 · Msfm +1 · Msfm +1

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: The issue is related to a fastjson deserialization vulnerability in the component system/table/addField. This vulnerability was discovered in MSFM. Recommendations: For versions prior to...

PT-2025-3096 · Unknown · Wukongcrm-11.0-Java

Name of the Vulnerable Software and Affected Versions: WukongCRM-11.0-JAVA version 11.3.3 Description: An arbitrary file upload vulnerability in the component /adminUser/updateImg allows attackers to execute arbitrary code via uploading a crafted file. This issue enables attackers to potentially...

PT-2025-3177 · Unknown · Dreamwinner Easy Language Switcher

Name of the Vulnerable Software and Affected Versions: Dreamwinner Easy Language Switcher versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This means that an...

PT-2024-36533 · Unknown · Codeastro Complaint Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Complaint Management System version 1.0 Description: An issue in CodeAstro Complaint Management System allows a remote attacker to escalate privileges via the "mess-view.php" component. Recommendations: For CodeAstro Complaint...

PT-2024-17705 · Ruifang Tech · Ruifang-Tech Rebuild

Name of the Vulnerable Software and Affected Versions: ruifang-tech Rebuild version 3.8.5 Description: A problematic issue has been found in the Project Task Comment Handler component, leading to cross-site scripting. The attack can be initiated remotely. The exploit has been disclosed to the...

PT-2024-17140 · Unknown · Macrozheng Mall

Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A problematic issue has been found in the JWT Token Handler component, leading to the use of a default cryptographic key. The complexity of an attack is rather high, and exploitation is known ...

PT-2024-34534 · Unknown · Powertac-Server

Name of the Vulnerable Software and Affected Versions: powertac-server version 1.9.0 Description: An XML External Entity XXE vulnerability in the component DocumentBuilderFactory allows attackers to access sensitive information or execute arbitrary code via supplying a crafted request containing...

PT-2024-26874 · Unknown · Com.Callassistant.Android

Name of the Vulnerable Software and Affected Versions: com.callassistant.android aka AI Call Assistant & Screener version 1.174 Description: The issue allows any installed application, even without permissions, to place phone calls without user interaction by sending a crafted intent via the...

PT-2024-33239 · Unknown · Automatic Systems Maintenance Slimlane

Name of the Vulnerable Software and Affected Versions: Automatic Systems Maintenance SlimLane 29565 d74ecce0c1081d50546db573a499941b10799fb7 Description: A Cross Site Scripting XSS vulnerability allows a remote attacker to escalate privileges via the FtpConfig.php component. This issue enables an...

PT-2024-33237 · Taskmatic · Taskmatic

Name of the Vulnerable Software and Affected Versions: taskmatic version 1.0 Description: The issue allows a remote attacker to execute arbitrary code via the admin id parameter of the "/update-employee.php" API endpoint. Recommendations: For taskmatic version 1.0, consider disabling the...

PT-2024-39838 · Contemporary Control System · Basrouter Bacnet Basrt-B

Name of the Vulnerable Software and Affected Versions: Contemporary Control System BASrouter BACnet BASRT-B version 2.7.2 Description: A problematic issue was found in the UDP Packet Handler component, leading to denial of service. The manipulation can be initiated remotely. The vendor was...

PT-2024-39541 · Unknown · Relaxedjs Relaxed

Name of the Vulnerable Software and Affected Versions: RelaxedJS ReLaXed versions up to 0.2.2 Description: A problematic issue has been found in the Pug to PDF Converter component, which can lead to cross-site scripting. The manipulation requires a local approach to execute an attack. The issue h...