PT-2025-6076 · Unknown · Cool-Admin-Java

Name of the Vulnerable Software and Affected Versions: cool-admin-java version v1.0 Description: A stored cross-site scripting XSS vulnerability in the Parameter List module of cool-admin-java allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the...

PT-2025-6067 · Unknown +2 · Pam Pkcs11 +2

Name of the Vulnerable Software and Affected Versions: PAM-PKCS11 versions 0.6.12 and prior Description: The issue affects a Linux-PAM login module that allows X.509 certificate-based user login. When a user presses ctrl-c/ctrl-d while being asked for a PIN, the pam pkcs11 module segfaults...

PT-2025-5256 · Unknown · Ppo Call To Actions

Name of the Vulnerable Software and Affected Versions: PPO Call To Actions versions 0.1.3 and earlier Description: A Cross-Site Request Forgery CSRF issue affects PPO Call To Actions, allowing unauthorized requests. The estimated number of potentially affected devices worldwide is not specified...

PT-2025-4754 · Unknown · Dingfanzu Cms

Name of the Vulnerable Software and Affected Versions: dingfanzuCMS version 1.0 Description: The issue allows a local attacker to execute arbitrary code due to incorrect filtering of content at the checkOrder.php shopId module. This enables the attacker to perform SQL injection attacks...

DRUPAL-CONTRIB-2024-073

This module enables you to prevent existing users from logging in to your Drupal site unless they know the secret key to add to the end of the ?q=user login form page. The Login Disable module does not correctly prevent a user with a disabled login from logging in, allowing those users to by-pass...

Drupal Login Disable module 2.0.0-2.1.0 - Authenticated Broken Access Control vulnerability

Authenticated Broken Access Control vulnerability discovered by e5sego in WordPress Module Login Disable versions 2.0.0-2.1.0...

PT-2024-10480 · Drupal · Node Export

Name of the Vulnerable Software and Affected Versions: Drupal Node export versions 7.X- through 7.X-3.2 Description: The issue is related to the deserialization of untrusted data in the Node export module of the Drupal CMS, which can lead to object injection. This allows a remote attacker to...

PT-2024-20850 · Sublime Text · Sublime Text

Name of the Vulnerable Software and Affected Versions: Sublime Text version 4 Description: A command injection issue was found in Sublime Text via the New Build System module. It is noted that multiple third parties report this behavior as intended. Recommendations: For Sublime Text version 4, as...

PT-2024-7993 · F5 +1 · F5 Networks +1

Name of the Vulnerable Software and Affected Versions: NGINX OpenID Connect affected versions not specified F5 Networks affected versions not specified Description: A session fixation issue was discovered in the NGINX OpenID Connect reference implementation, where a nonce was not checked at login...

PT-2025-2102 · Drupal · Drupal Views Svg Animation

Name of the Vulnerable Software and Affected Versions: Drupal Views SVG Animation versions 0.0.0 through 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows Cross-Site Scripting XSS. This can be exploited by a remote attacker to...

PT-2024-33357 · Unknown · Cookie Scanner

Name of the Vulnerable Software and Affected Versions: Cookie Scanner versions 1.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that also allows Stored XSS in Cookie Scanner. This means an attacker can perform unintended actions on a user's account without...

PT-2024-30042 · Unknown · Warehouse Inventory System

Name of the Vulnerable Software and Affected Versions: Warehouse Inventory System version 2.0 Description: A Cross-Site Request Forgery CSRF issue in the edit group.php component allows attackers to escalate privileges. Recommendations: For Warehouse Inventory System version 2.0, consider disabli...

PT-2024-5828 · Twisted +4 · Twisted +4

Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 24.7.0rc1 Description: The HTTP 1.0 and 1.1 server provided by twisted.web could process pipelined HTTP requests out-of-order, possibly resulting in information disclosure. This issue is related to the incorrect...

PT-2024-5735 · Webmin +1 · Webmin +1

Name of the Vulnerable Software and Affected Versions: Webmin versions prior to 2.003 Description: A cross-site request forgery vulnerability exists in the ajaxterm module. If exploited, unintended operations may be performed when a user views a malicious page while logged in, potentially allowin...

PT-2024-28697 · Znc +2 · Znc +2

Name of the Vulnerable Software and Affected Versions: ZNC versions prior to 1.9.1 Description: The issue allows for remote code execution in the modtcl module of ZNC, which can be triggered through a prepared kick message. Recommendations: For versions prior to 1.9.1, update to version 1.9.1 or...

PT-2024-3973

Name of the Vulnerable Software and Affected Versions NGINX Plus affected versions not specified NGINX OSS affected versions not specified Description The issue is related to the HTTP/3 QUIC module in NGINX Plus and NGINX OSS. It involves undisclosed HTTP/3 encoder instructions that can cause NGI...

PT-2024-25502 · Yapi · Yapi

Name of the Vulnerable Software and Affected Versions: yapi version 1.10.2 Description: A stored cross-site scripting XSS vulnerability in the Advanced Expectation - Response module allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the body field...

PT-2024-6490

Name of the Vulnerable Software and Affected Versions Ffmpeg version N113007-g8d24a28d06 Description The issue is related to a buffer overflow vulnerability in the libavfilter/af stereowiden.c file of the FFmpeg library. This vulnerability can be exploited by a local attacker to execute arbitrary...

PT-2024-21241 · Dell · Dell Grab For Windows

Name of the Vulnerable Software and Affected Versions: Dell Grab for Windows versions 5.0.4 and below Description: The issue concerns a cleartext storage of sensitive information in the appsync module. An authenticated local attacker could potentially exploit this, leading to information disclosu...

PT-2024-22917 · Oneblog · Oneblog

Name of the Vulnerable Software and Affected Versions: OneBlog version 2.3.4 Description: A stored cross-site scripting XSS issue was found in the Notice Manage module. This allows for malicious scripts to be stored and executed on the site, potentially leading to unauthorized actions or data...