PT-2025-32359 · Unknown · Statamic Core

Name of the Vulnerable Software and Affected Versions: Statamic Core versions prior to 2.11.8 Description: The /users endpoint is susceptible to cross-site scripting XSS, potentially allowing an attacker to add an administrator user. Exploitation can occur through Cross-Site Request Forgery CSRF...

PT-2025-32376 · Unknown · Openmetadata

Name of the Vulnerable Software and Affected Versions: OpenMetadata versions prior to 1.4.5 Description: OpenMetadata is susceptible to a SQL injection issue. An attacker can extract information from the database through the listCount function within the TestDefinitionDAO interface. The...

PT-2025-32518 · Linksys · Linksys Re7000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000. The issue is due to os command injection in the sub 3517C...

PT-2025-32517 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is located in the um red function within t...

PT-2025-32495 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote OS command injection. The issue is related to the setDFSSetting function...

PT-2025-32501 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote operating system command injection. The vulnerability is located in the...

PT-2025-30339 · Dippy · Dippy

Name of the Vulnerable Software and Affected Versions: Dippy version 2 Description: An Insecure Direct Object Reference IDOR vulnerability exists in Dippy that allows attackers to gain sensitive information. The vulnerability is present in the conversation history API endpoint and is exploitable...

PT-2025-29982 · Code Projects · Online Appointment Booking System

Name of the Vulnerable Software and Affected Versions: code-projects Online Appointment Booking System version 1.0 Description: A critical vulnerability exists in code-projects Online Appointment Booking System 1.0. The issue is a SQL injection vulnerability stemming from the manipulation of the...

WordPress Restrict File Access plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Restrict File Access versions = 1.1.2...

CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

WordPress plugin Restrict File Access 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

Indico vulnerability allows attackers to bulk dump user details

Impact An endpoint used to display details of users listed in certain fields such as ACLs could be misused to dump basic user details such as name, affiliation and email in bulk. !TIP If your instance allows everyone to create a user account, and you wish to truly restrict access to these user...

PT-2025-29447 · Phpgurukul · Phpgurukul Dairy Farm Shop Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Dairy Farm Shop Management System version 1.3 Description: A critical issue exists in PHPGurukul Dairy Farm Shop Management System 1.3. This issue is due to a SQL injection vulnerability within the invoices.php and receipts.php...

PT-2025-29493 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SemCms version 5.0 Description: SemCms version 5.0 contains a SQL injection vulnerability through the pid parameter at the SEMCMS ct.php endpoint. Recommendations: As a temporary workaround, consider restricting access to the SEMCMS ct.php...

PT-2025-28098 · Curl +1 · Curl +1

Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.4.20 Description: A critical issue affects some unknown processing of the file /application/pay/controller/Index.php of the component curl, leading to server-side request forgery. The attack may be initiated remotely...

PT-2025-28186 · Natours · Natours

Name of the Vulnerable Software and Affected Versions: Natours affected versions not specified Description: The issue allows an attacker to take over any victim account by injecting an attacker-controlled server domain in the Host header when requesting the "/forgetpassword" endpoint...

PT-2025-28002

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.14.0-rc5 Description: A slab-use-after-free read vulnerability has been identified in the Linux kernel, specifically in the vidtv module. This issue occurs when the PSI initialization fails, and the si member ...

PT-2025-27565 · Unknown · Conprosys Hmi System

Name of the Vulnerable Software and Affected Versions: CONPROSYS HMI System CHS versions prior to 3.7.7 Description: The issue is related to Cross-Site Scripting XSS in the getqsetting.php functionality, which could allow reflected execution of scripts in the browser on interaction...

PT-2025-27358

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A stack-based buffer overflow issue has been found, affecting the function H5G node cmp3 in the file src/H5Gnode.c. This issue can be exploited locally. Recommendations: For HDF5 version 1.14.6, consider...

PT-2025-26915 · WordPress · Event Rsvp/Simple Event Management Plugin

Name of the Vulnerable Software and Affected Versions: The Event RSVP and Simple Event Management Plugin versions up to, and including, 4.1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied attributes in...