PT-2025-19730 · Rhymix · Rhymix

Name of the Vulnerable Software and Affected Versions: Rhymix version 2.1.22 Description: The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the procFileAdminEditImage method in the /file/file.admin.controller.php file. Recommendations: For...

PT-2024-16150 · Red Hat · Keycloak-Services

Name of the Vulnerable Software and Affected Versions: Keycloak-services affected versions not specified Red Hat products affected versions not specified Description: A vulnerability was found in the Keycloak-services package. If untrusted data is passed to the SearchQueryUtils method, it could...

PT-2023-31758 · Unknown · Hutool-Core

Name of the Vulnerable Software and Affected Versions: hutool-core version 5.8.23 Description: The NumberUtil.toBigDecimal method in hutool-core was discovered to contain a stack overflow. Recommendations: For hutool-core version 5.8.23, consider disabling the toBigDecimal method in the NumberUti...

PT-2023-29977 · Prestashop · Motivationsale

Name of the Vulnerable Software and Affected Versions: motivationsale module for PrestaShop versions prior to 3.5.0 Description: The issue concerns a SQL injection flaw in the motivationsaleDataModel::getProductsByIds method, allowing a guest to execute sensitive SQL calls with a simple HTTP...

PT-2023-20740 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue is related to missing authentication in the SearchStudents method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For versions 3.1.0...

PT-2023-21083 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the StudentPopupDetails StudentDetails method, allowing unauthenticated attackers to extract sensitive student data. Recommendations: For...

PT-2023-21036 · Idweb · Idweb

Name of the Vulnerable Software and Affected Versions: IDWeb application versions 3.1.052 and earlier Description: The issue concerns missing authentication in the GetActiveToiletPasses method, allowing unauthenticated attackers to retrieve student information. Recommendations: For versions 3.1.0...

PT-2023-29978 · Unknown · Referral/Affiliation Program

Name of the Vulnerable Software and Affected Versions: Referral and Affiliation Program referralbyphone versions 3.5.1 and earlier Description: The issue allows a guest to perform SQL injection. The method ReferralByPhoneDefaultModuleFrontController::ajaxProcessCartRuleValidate contains sensitive...

PT-2023-27483 · Lg · Lg Simple Editor

Name of the Vulnerable Software and Affected Versions: LG Simple Editor affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of LG Simple Editor. Authentication is not required to exploit this issue. The specific flaw...

PT-2022-21159 · Unknown · Rocket.Chat

Name of the Vulnerable Software and Affected Versions: Rocket.Chat versions prior to 5 Description: An information disclosure issue exists due to the getUserMentionsByChannel meteor server method, which discloses messages from private channels and direct messages regardless of the user's access...

PT-2022-22982 · Inductive Automation · Inductive Automation Ignition

Name of the Vulnerable Software and Affected Versions: Inductive Automation Ignition version 8.1.15 b2022030114 Description: This issue allows remote attackers to execute arbitrary code on affected installations. Authentication is not required to exploit this issue. The specific flaw exists withi...

PT-2009-3421 · Elby +1 · Virtual Clonedrive +4

Name of the Vulnerable Software and Affected Versions: ElbyCDIO.sys versions 6.0.2.0 and earlier AnyDVD versions prior to 6.5.2.6 Virtual CloneDrive versions 5.4.2.3 and earlier CloneDVD versions 2.9.2.0 and earlier CloneCD versions 5.3.1.3 and earlier Description: The issue exists due to an erro...

PT-2007-7113 · Realnetworks · Realplayer

Name of the Vulnerable Software and Affected Versions: RealPlayer version 11 Description: The issue allows remote attackers to cause a denial of service, resulting in a browser crash, by providing a certain argument to the GetSourceTransport method in the RealAudioObjects.RealAudio ActiveX contro...