Linux Distros Unpatched Vulnerability : CVE-2026-27851

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When safe filter is used with variable expansion, all following pipelines on the same string are incorrectly interpreted as safe too, enabling unsafe data to be...

Linux Distros Unpatched Vulnerability : CVE-2026-33901

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ImageMagick is free and open-source software used for editing and manipulating digital images. In versions below both 7.1.2-19 and 6.9.13-44, a heap buffer...

Linux Distros Unpatched Vulnerability : CVE-2025-15537

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A security vulnerability has been detected in Mapnik up to 4.2.0. This issue affects the function mapnik::dbffile::stringvalue of the file...

AZL-70193 CVE-2024-47866 affecting package ceph for versions less than 16.2.10-11

Ceph is a distributed object, block, and file storage platform. In versions up to and including 19.2.3, using the argument x-amz-copy-source to put an object and specifying an empty string as its content leads to the RGW daemon crashing, resulting in a DoS attack. As of time of publication, no...

PT-2025-44761

Name of the Vulnerable Software and Affected Versions jeecgboot jeewx-boot versions prior to 641ab52c3e1845fec39996d7794c33fb40dad1dd Description A security flaw exists in jeecgboot jeewx-boot. Manipulation of the imgurl argument in the getImgUrl function within the...

CVE-2025-61930 Emlog Pro has CSRF issue that Enables Admin Password Reset

Emlog is an open source website building system. Emlog Pro versions 2.5.19 and earlier are vulnerable to Cross‑Site Request Forgery CSRF on the password change endpoint. An attacker can trick a logged‑in administrator into submitting a crafted POST request to change the admin password without...

CVE-2025-48867

CVE-2025-48867 describes a stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0. The issue allows authenticated admin/privileged users to inject malicious JavaScript into multiple fields in the Project and Task modules; payloads are stored in the database and execute when viewed b...

Linux Distros Unpatched Vulnerability : CVE-2023-23605

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mozilla developers and the Mozilla Fuzzing Team reported memory safety bugs present in Firefox 108 and Firefox ESR 102.6. Some of these bugs showed evidence of...

PT-2025-32435 · Wangzhixuan · Spring-Shiro-Training

Name of the Vulnerable Software and Affected Versions: wangzhixuan spring-shiro-training up to 94812c1fd8f7fe796c931f4984ff1aa0671ab562 Description: A critical issue exists in wangzhixuan spring-shiro-training. The vulnerability is due to command injection in the /role/add file. This allows for...

PT-2025-14830 · Tenda · Tenda W18E

Name of the Vulnerable Software and Affected Versions: Tenda W18E version 16.01.0.11 Description: A problematic vulnerability was found in Tenda W18E, affecting the formSetAccountList function of the file /goform/setModules. The manipulation of the Password argument leads to a stack-based buffer...

PT-2025-14628 · Unknown · Project Worlds Online Lawyer Management System

Name of the Vulnerable Software and Affected Versions: Project Worlds Online Lawyer Management System version 1.0 Description: A critical issue has been found, affecting the /single lawyer.php file. The manipulation of the u id argument leads to SQL injection. This issue can be exploited remotely...

PT-2025-8660 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A signed integer overflow issue has been identified in the Linux kernel, specifically in the ipv6 component, related to the l2tp ip6 sendmsg function. This occurs when the length len i...

PT-2025-6706 · Unknown · Yeqifu Carrental

Name of the Vulnerable Software and Affected Versions: yeqifu carRental version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the "file/downloadFile.action?path=" component. This is a Directory Traversal vulnerability, which can be exploited to access...

PT-2025-6023 · Ibm · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Deploy versions 8.0 through 8.0.1.4 IBM DevOps Deploy versions 8.1 through 8.1.0.0 IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through...

PT-2025-6004 · Qingscan · Qingscan

Name of the Vulnerable Software and Affected Versions: QingScan versions =1.8.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in "/webscan/sqlmap/index.html" due to improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript...

PT-2025-3372 · Midea · Midea Home

Name of the Vulnerable Software and Affected Versions: Midea Home version 9.3.12 Description: The issue allows attackers to access sensitive user information via supplying a crafted link. Recommendations: For version 9.3.12, consider avoiding the use of crafted links until a patch is available. A...

PT-2025-3361 · Mashang Consumer Finance Co. · Anyihua

Name of the Vulnerable Software and Affected Versions: Mashang Consumer Finance Co., Ltd Anyihua iOS version 3.6.2 Description: The issue allows attackers to access sensitive user information by supplying a crafted link. Recommendations: For Mashang Consumer Finance Co., Ltd Anyihua iOS version...

PT-2025-4744 · Re11S · Re11S

Name of the Vulnerable Software and Affected Versions: RE11S version 1.11 Description: A stack overflow issue was discovered in the formStaDrvSetup function through the rootAPmac parameter. This issue allows for a potential overflow, which could lead to security problems. Recommendations: For RE1...

PT-2025-2552 · Wavlink · Wavlink Ac3000

Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A static login vulnerability exists in the wctrls functionality. A specially crafted set of network packets can lead to root access. An attacker can send packets to trigger this...

PT-2025-3485 · Monetdb · Monetdb Server

Name of the Vulnerable Software and Affected Versions: MonetDB Server version 11.47.11 Description: An issue in the bind col exp component allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server version 11.47.11, consider disabling the bin...