PT-2025-33883

Name of the Vulnerable Software and Affected Versions: SolidInvoice versions prior to 2.4.1 Description: A security flaw has been discovered in SolidInvoice. The impacted element is an unknown function within the /clients file of the Clients Module. Manipulation of the Name argument results in...

PT-2025-33709

Name of the Vulnerable Software and Affected Versions: Real Spaces - WordPress Properties Directory Theme versions prior to 3.7 Description: The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the imic agent register function. This...

PT-2025-33839 · Unknown · Thrivex-Blog

Name of the Vulnerable Software and Affected Versions: LiuYuYang01 ThriveX-Blog versions through 3.1.7 Description: A security flaw exists in the updateJsonValueByName function within the /web config/json/name/web file. This flaw results in improper authorization and allows for remote attacks. Th...

CVE-2025-53192

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Expression/Command Delimiters vulnerability in Apache Commons OGNL. This issue affects Apache Commons OGNL: all versions. When using the API Ognl.getValue​, the OGNL engine parses and evaluates the provided expression with powerful capabilities...

PT-2025-33693 · Apache +1 · Apache Commons Ognl +1

Name of the Vulnerable Software and Affected Versions: Apache Commons OGNL affected versions not specified Description: An improper neutralization of expression/command delimiters issue exists in Apache Commons OGNL. The OGNL engine, when used with the Ognl.getValue API, parses and evaluates...

Design and Implementation of a Controlled Ransomware Framework for Educational Purposes Using Flutter Cryptographic APIs on Desktop PCs and Android Devices

This study focuses on the creation and implementation of ransomware for educational purposes that leverages Python's native cryptographic APIs in a controlled environment. Additionally, an Android version of the framework is implemented using Flutter and Dart. For both versions, open-source...

PT-2025-33422

Name of the Vulnerable Software and Affected Versions: Online Medicine Guide version 1.0 Description: A SQL injection issue exists in Online Medicine Guide 1.0. The manipulation of the Search parameter in the /browsemdcn.php file allows for remote exploitation. The exploit for this issue has been...

CVE-2025-9039 Information Disclosure in Amazon ECS Container Agent

We identified an issue in the Amazon ECS agent where, under certain conditions, an introspection server could be accessed off-host by another instance if the instances are in the same security group or if their security groups allow incoming connections that include the port where the server is...

PT-2025-33351 · Itsourcecode · Itsourcecode Online Tour/Travel Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Online Tour and Travel Management System version 1.0. The vulnerability is located in the /admin/operations/booking.ph...

PT-2025-33416 · Sourcecodester · Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A SQL injection issue exists in an unknown functionality of the file /profile.php. Manipulation of the mobilenumber argument can lead to SQL injection, allowing for...

PT-2025-33132 · Projectworlds · Visitor Management System

Name of the Vulnerable Software and Affected Versions: projectworlds Visitor Management System version 1.0 Description: A vulnerability was determined in projectworlds Visitor Management System 1.0. The manipulation of the argument rid in the file /front.php leads to SQL injection. The attack can...

PT-2025-33016 · Totolink · Totolink A7000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A7000R firmware version 9.1.0u.6115 B20201022 Description: An attacker can bypass login by sending a specific request through the formLoginAuth.htm endpoint. Recommendations: Apply a configuration change to restrict access to the...

PT-2025-33073 · Sourcecodester · Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester COVID 19 Testing Management System version 1.0 Description: A SQL injection issue exists in the SourceCodester COVID 19 Testing Management System. The Username parameter in the /login.php API endpoint is susceptible to...

PT-2025-32465 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions prior to 3.19.0 Description: A critical issue exists in LitmusChaos related to improper authorization. The vulnerability stems from the manipulation of the role argument during the processing of the /auth/list projects AP...

Linux Distros Unpatched Vulnerability : CVE-2025-32023

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a speciall...

CVE-2025-54882

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...

PT-2025-32440 · Unknown · Macrozheng Mall

Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A vulnerability exists in macrozheng mall versions up to 1.0.3 due to an authorization bypass. The issue is related to the manipulation of the orderId argument within the detail function of th...

PT-2025-32457 · Unknown · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.9 Description: A problematic issue exists in Portabilis i-Educar up to version 2.9, specifically within the Cadastrar Vínculo Page. The issue involves the manipulation of the nome argument in the...

PT-2025-32378 · Unknown · Easy Hosting Control Panel

Name of the Vulnerable Software and Affected Versions: Easy Hosting Control Panel EHCP version 20.04.1.b Description: The Easy Hosting Control Panel EHCP contains a SQL injection issue via the id parameter in the Change Settings function. Recommendations: As a temporary workaround, consider...

PT-2025-32354 · Mobile Industrial Robots · Mobile Industrial Robots

Name of the Vulnerable Software and Affected Versions: Mobile Industrial Robots MiR versions prior to 3.0.0 Description: A path traversal vulnerability exists in an API endpoint within Mobile Industrial Robots MiR software. Authenticated users can extract files from the robot file system by...