PT-2025-5990 · Tally · Tally Prime Edit Log

Name of the Vulnerable Software and Affected Versions: Tally Prime Edit Log version 2.1 Description: A DLL hijacking issue was discovered in the TextShaping.dll component, allowing attackers to execute arbitrary code through a manipulated DLL. This issue enables the execution of arbitrary code vi...

PT-2025-6007 · Beijing Guoju Information Technology Co. · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: Beijing Guoju Information Technology Co., Ltd JeecgBoot version 3.7.2 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the getTotalData component. There is no information provided about the...

PT-2025-4724 · Bplugins Llc · Button Block

Name of the Vulnerable Software and Affected Versions: bPlugins LLC Button Block versions 1.1.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. Recommendations: For bPlugin...

PT-2024-34716 · Unknown · Ml Responsive Audio Player With Playlist Shortcode

Name of the Vulnerable Software and Affected Versions: ML Responsive Audio player with playlist Shortcode versions 0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

PT-2024-21873 · Samsung · Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 1380 through 1480 Description: A vulnerability was discovered in the slsi handle nan rx event log ind function related to no input validation check on tag len for tx coming from userspace, which can le...

PT-2024-23630 · Silversky · Silversky E-Mail Service

Name of the Vulnerable Software and Affected Versions: SilverSky E-mail service version 5.0.3126 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the version parameter. This could potentially lead to unauthorized actions on the...

PT-2024-25157 · Asustek Computer · Aisuite3

Name of the Vulnerable Software and Affected Versions: AISuite3 version 3.03.36 Description: An issue in the component AslO3 64.sys allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Recommendations: For version 3.03.36, consider disabling the...

PT-2024-13949 · Unknown · Xiweicheng Tms

Name of the Vulnerable Software and Affected Versions: xiweicheng TMS version 2.28.0 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via a crafted script to the click here function. This enables the attacker to perform unauthorized actions on the...

PT-2023-8322 · Tenda · Tenda W9

Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 CN Description: A command injection issue exists due to the lack of neutralization of special elements in the formexeCommand function. This could allow a remote attacker to execute arbitrary code. Recommendations:...

PT-2023-29968 · Unknown · Ndk Steppingpack

Name of the Vulnerable Software and Affected Versions: ndk steppingpack versions 1.5.6 and before Description: The issue allows a guest to perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial HTTP call and exploited to forge a SQL...

PT-2023-23218

Name of the Vulnerable Software and Affected Versions SoftEther VPN version 5.01.9674 Description An information disclosure issue exists in the ClientConnect functionality. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a...

PT-2023-20508 · Unknown · Keep-Module-Latest

Name of the Vulnerable Software and Affected Versions: keep-module-latest versions all Description: The issue arises due to missing input sanitization or other checks and sandboxes being employed to the installModule function, leading to Command Injection. To potentially exploit this, an attacker...

PT-2022-27148 · Totolink · Totolink Nr1800X

Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue is related to a command injection via the FileName parameter in the UploadFirmwareFile function. This allows for potential exploitation. No information is provided about th...

PT-2022-25395 · Unknown · Phpgurukul Blood Bank & Donor Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Blood Donor Management System version 1.0 Description: The issue allows Cross Site Scripting via the Add Blood Group Name Feature. Recommendations: For Phpgurukul Blood Donor Management System version 1.0, consider disabling the Ad...

PT-2022-22620 · Sourcecodester · Sanitization Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Sanitization Management System version 1.0 Description: A problematic vulnerability has been found in the User Creation Handler component. The manipulation of the First Name/Middle Name/Last Name argument leads to cross-site...

PT-2022-11322 · Unknown · Underscore-99Xp

Name of the Vulnerable Software and Affected Versions: underscore-99xp version 1.7.2 Description: A Regular Expression Denial of Service ReDOS issue was found when the deepValueSearch function is called. Recommendations: For underscore-99xp version 1.7.2, consider disabling the deepValueSearch...

PT-2021-21095 · Digi · Digi Realport

Name of the Vulnerable Software and Affected Versions: Digi RealPort versions through 4.8.488.0 Description: The issue concerns the 'encrypted' mode of Digi RealPort, which is susceptible to man-in-the-middle attacks due to a lack of authentication. Recommendations: For versions through 4.8.488.0...

PT-2017-8054 · Atutor · Atutor

Name of the Vulnerable Software and Affected Versions: ATutor version 2.2.1 Description: A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved through the searchFriends function to friends.inc.php. Recommendations: For ATutor version 2.2.1, consider...