PT-2025-41: The Twinkly Light Tree 3D firmware uses a vulnerable Blufi library

The vulnerability was identified in the Twinkly Light Tree 3D firmware, 2.8.18. An attacker within Bluetooth range, with physical access to a device running firmware prior to 2.9.0 and provisioning mode manually re-enabled could, in an attack scenario, interfere with the provisioning exchange and...

CVE-2021-4467

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...

CVE-2021-4467 Positive Technologies MaxPatrol 8 & XSpider Remote DoS

Positive Technologies MaxPatrol 8 and XSpider contain a remote denial-of-service vulnerability in the client communication service on TCP port 2002. The service generates a new session identifier for each incoming connection without adequately limiting concurrent requests. An unauthenticated remo...

CVE-2021-4467

CVE-2021-4467 affects Positive Technologies MaxPatrol 8 and XSpider, where the client communication service listening on TCP port 2002 accepts new session IDs per connection without adequately throttling concurrent requests. An unauthenticated attacker could issue repeated HTTPS requests to cause...

Statistics on 2024 trending vulnerabilities were featured in the OIC-CERT annual report

Statistics on2024 trending vulnerabilitieswere featured in the OIC-CERT annual report. The Organisation of Islamic Cooperation OIC is the largest and most influential official intergovernmental Muslim international organization. It currently unites 57 countries with a population of about 2 billio...

PT-2025-113: Stored XSS in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to embed malicious HTML and JavaScript into content generated by FreeScout, causing script execution in the user’s browser. Vulnerability status: Confirmed by vendor Date of...

PT-2025-102: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize unsafe data, gain control over application objects and impair its operation. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025...

PT-2025-96: Deserialization of untrusted data leads to Remote code execution (RCE) in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize arbitrary objects and fully control their properties, leading to total compromise of the web‑application logic and remote code execution RCE. Vulnerability status:...

PT-2025-105: Deserialization of untrusted data leads to Remote code execution (RCE) in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize tampered data, create objects of arbitrary classes and manipulate their properties, resulting in remote code execution. Vulnerability status: Confirmed by vendor Date of...

PT-2025-99: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize untrusted data, manipulate objects and impair system functionality. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025 Recommendation...

PT-2025-103: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize data, instantiate arbitrary objects and alter their properties, causing severe disruption of the system. Vulnerability status: Confirmed by vendor Date of vulnerability...

GHSA-J226-63J7-QRQH Laravel Translation Manager Vulnerable to Stored Cross-site Scripting

Impact The application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive...

Laravel Translation Manager Vulnerable to Stored Cross-site Scripting

Impact The application is vulnerable to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including JavaScript scripts, into the page processed by the user's browser, allowing them to steal sensitive...

PT-2025-74: Local Privilege Escalation (LPE) in Mozilla VPN

The vulnerability was identified in Mozilla VPN, versions 2.27.0 on MacOS. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 04.06.2025 Recommendations: Update to version...

PT-2025-52: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed b...

PT-2025-49: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to access information or functionality that exceeds the privileges granted to the user because the application checks access rights incorrectly. Vulnerability status:...

PT-2025-53: Business Logic Errors in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to gain access to a functional capability without completing the required sequence of actions, bypassing the intended business workflow. Vulnerability status: Confirmed b...

PT-2025-59: Stored Cross-site scripting in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store malicious HTML/JavaScript scripts that is later executed in other users’ browsers due to insufficient input validation and sanitization. Vulnerability status:...

PT-2025-43: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to execute arbitrary code on the server because the application performs insufficient validation of user‑supplied data during deserialization. Vulnerability status:...

ROS-20250513-02

The RED OS kiosk mode vulnerability is due to improper constraints. Exploitation of the vulnerability could allow an attacker to execute arbitrary commands on the system outside of the imposed restrictions Information about the vulnerability was received from Alexander Starikov - researcher at...