PT-2026-1776

Name of the Vulnerable Software and Affected Versions Sangfor Operation and Maintenance Management System versions up to 3.0.8 Description A flaw exists in Sangfor Operation and Maintenance Management System that allows for remote operating system command injection. This issue stems from the...

PT-2025-15592

Name of the Vulnerable Software and Affected Versions Microsoft Office Word affected versions not specified Microsoft 365 Apps for Enterprise affected versions not specified Microsoft Office affected versions not specified Microsoft Office Long Term Servicing Channel affected versions not specifi...

PT-2025-4031 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain files stored by other users by modifying the FILE ID of the endpoint "/embedai/files/show/". Recommendations: For EmbedAI...

PT-2025-3956 · Unknown · Code-Projects Fantasy-Cricket

Name of the Vulnerable Software and Affected Versions: code-projects Fantasy-Cricket version 1.0 Description: A critical issue has been found, allowing for SQL injection through the manipulation of the uname argument in an unknown function of the file /dash/update.php. This can be exploited...

PT-2025-3899 · Shanghai Lingdang Information Technology · Lingdang Crm

Name of the Vulnerable Software and Affected Versions: Shanghai Lingdang Information Technology Lingdang CRM versions up to 8.6.0.0 Description: A critical issue was found in the software, affecting an unknown function of the file /crm/weixinmp/index.php. The manipulation of the name argument lea...

PT-2024-35847 · Unknown · Cool Plugins Cryptocurrency Widgets For Elementor

Name of the Vulnerable Software and Affected Versions: Cool Plugins Cryptocurrency Widgets For Elementor versions 1.6.4 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which...

PT-2024-9655 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 11.4.7 and earlier Adobe Connect version 12.6 Description: The issue is related to insufficient protection of the web page structure, allowing a remote attacker to execute arbitrary code. This is a reflected Cross-Site...

PT-2024-16666 · WordPress · Migration

Name of the Vulnerable Software and Affected Versions: Migration, Backup, Staging – WPvivid plugin for WordPress versions up to, and including, 0.9.107 Description: The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection via deserialization of untrusted...

PT-2024-16507 · Unknown · Phpgurukul Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Shopping Portal version 2.0 Description: A vulnerability was found in the PHPGurukul Online Shopping Portal, allowing for cross-site scripting XSS attacks. The issue is related to an unknown function in the file...

PT-2024-16323 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue has been found in the getOneFileDirectory function of the /com/esafenet/servlet/fileManagement/FileDirectoryService.java file. The manipulation of the directoryId argument leads to SQL...

PT-2024-7156 · Splunk · Splunk Cloud Platform +1

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise version 9.2.0 through 9.2.3 Splunk Cloud Platform versions prior to 9.2.2403.103 Splunk Cloud Platform versions 9.1.2312.200 through 9.1.2312.110 Splunk Cloud Platform version...

PT-2024-39704 · WordPress · Linkz.Ai

Name of the Vulnerable Software and Affected Versions: Linkz.ai plugin for WordPress versions up to, and including, 1.1.8 Description: The issue allows unauthorized modification of data due to a missing capability check on the ajax linkz function. This makes it possible for authenticated attacker...

PT-2024-32556 · WordPress · Wp-Downloadmanager

Name of the Vulnerable Software and Affected Versions: WP-DownloadManager versions 1.68.8 and earlier Description: The issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This problem allows Reflected XSS. Recommendations: Fo...

PT-2024-9823 · Fortinet · Forticlientmac +3

Name of the Vulnerable Software and Affected Versions: FortiClientWindows versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.2 FortiClientLinux versions 7.0.0 through 7.0.11, 7.2.0 FortiClientMac versions 7.0.0 through 7.0.11, 7.2.0 through 7.2.4 Description: The issue is related to an improper...

PT-2024-39132 · Unknown · Itsourcecode Tailoring Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Tailoring Management System version 1.0 Description: A critical issue was found in the itsourcecode Tailoring Management System, affecting an unknown functionality of the file ssms.php. The manipulation of the customer argument...

PT-2024-37731 · Elementor · The Plus Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Plus Addons for Elementor versions up to, and including, 5.6.2 Description: The issue is related to Stored Cross-Site Scripting via the res width value parameter within the plugin's tp page scroll widget due to insufficient input...

PT-2024-3723 · Oracle +1 · Oracle Graalvm Enterprise Edition +2

Name of the Vulnerable Software and Affected Versions: Oracle GraalVM for JDK versions 17.0.10, 21.0.2, 22 Oracle GraalVM Enterprise Edition versions 20.3.13, 21.3.9 Description: The issue is related to insufficient protection of internal data in the Compiler component of Oracle GraalVM for JDK a...

PT-2024-22086 · WordPress · Happy Addons For Elementor

Name of the Vulnerable Software and Affected Versions: The Happy Addons for Elementor plugin for WordPress versions up to, and including, 3.10.4 Description: The issue is related to Stored Cross-Site Scripting via several widgets due to insufficient input sanitization and output escaping on the...

PT-2024-18400 · WordPress · Easy Property Listings

Name of the Vulnerable Software and Affected Versions: Easy Property Listings plugin for WordPress versions up to, and including, 3.5.2 Description: The issue is related to time-based SQL Injection via the property status shortcode attribute. This is due to insufficient escaping on the...

PT-2024-18064

Name of the Vulnerable Software and Affected Versions MSI Afterburner version 4.6.5.16370 Description The issue is related to a Kernel Memory Leak vulnerability. It can be triggered by using the 0x80002040 IOCTL code of the RTCore64.sys driver. The handle to the driver can only be obtained from a...