PT-2025-21147 · Zohocorp · Zoho Manageengine Adselfservice Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADSelfService Plus versions 6513 and prior Description: The issue concerns an authenticated SQL injection in the MFA reports. Recommendations: For versions 6513 and prior, consider restricting access to the MFA reports...

PT-2025-21246 · Oa System · Oa System

Name of the Vulnerable Software and Affected Versions: OA System versions prior to 2025.01.01 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title parameter at the "/inform/InformManageController.java...

kernel: mm/kmemleak: fix sleeping function called from invalid context at print message

In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under...

PT-2025-20655 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions up to 3.8.0 Description: A vulnerability was found in JeecgBoot that affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the...

PT-2025-20437 · H3C · H3C Gr-1800Ax

Name of the Vulnerable Software and Affected Versions: H3C GR-1800AX versions up to 100R008 Description: A critical issue was found, affecting the function EnableIpv6 of the file "/goform/aspForm". The manipulation of the argument param leads to a buffer overflow. Access to the local network is...

PT-2025-22222

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for the uninit-value issue in do output route4 Description A vulnerability has been resolved in the Linux kernel related to an uninit-value issue for the saddr argument in the do...

PT-2025-20232 · Syslog-Ng +1 · Syslog-Ng +1

Name of the Vulnerable Software and Affected Versions: syslog-ng versions prior to 4.8.2 syslog-ng version 3.28.1-2+deb11u2 and earlier for Debian 11 bullseye Description: syslog-ng is an enhanced log daemon. Prior to version 4.8.2, tls wildcard match matches on certificates such as foo..bar...

Drupal Restrict route by IP module < 1.3.0 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Juraj Nemec poker10 in WordPress Module Restrict route by IP versions 1.3.0...

PT-2025-19925 · 74Cms · 74Cms

Name of the Vulnerable Software and Affected Versions: 74CMS versions up to 3.33.0 Description: A vulnerability was found in the function index of the file /index.php/index/download/index. The manipulation of the argument url leads to path traversal. The attack may be launched remotely. The explo...

PT-2025-19810 · Tenda · Tenda Ac1206

Name of the Vulnerable Software and Affected Versions: Tenda AC1206 versions up to 15.03.06.23 Description: A critical issue affects the setSchedWifi function of the file /goform/openSchedWifi. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been...

PT-2025-18381

Name of the Vulnerable Software and Affected Versions Brainstorm Force SureTriggers versions 1.0.0 through 1.0.82 Description The issue is related to an incorrect privilege assignment vulnerability in Brainstorm Force SureTriggers, allowing privilege escalation. This vulnerability can be exploite...

PT-2025-18179 · Unknown · Code-Projects Product Management System

Name of the Vulnerable Software and Affected Versions: code-projects Product Management System version 1.0 Description: A critical issue has been found in the function add item. The manipulation of the argument st.productname leads to a stack-based buffer overflow. This issue can be exploited...

PT-2025-18115 · Unknown · Code-Projects Atm Banking

Name of the Vulnerable Software and Affected Versions: code-projects ATM Banking version 1.0 Description: A critical vulnerability was found in the code-projects ATM Banking software. The issue affects the moneyDeposit/moneyWithdraw function, leading to business logic errors. Local access is...

PT-2025-27746

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.12.0-54.el10.aarch64 Description: A vulnerability in the Linux kernel has been resolved, specifically in the RDMA/mlx5 component. The issue occurs upon RQ destruction when the firmware command fails, causing...

PT-2025-18063 · Unknown · 20120630 Novel-Plus

Name of the Vulnerable Software and Affected Versions: Novel-Plus versions 20120630 up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160 Description: A critical vulnerability has been found in Novel-Plus, affecting the function addCrawlSource of the file...

CVE-2025-27289

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Antoine Guillien Restrict Taxonomies restrict-taxonomies allows Reflected XSS.This issue affects Restrict Taxonomies: from n/a through = 1.3.3...

PT-2025-18080 · Dell · Dell Powerprotect Data Manager Reporting

Name of the Vulnerable Software and Affected Versions: Dell PowerProtect Data Manager Reporting versions 19.17 through 19.18 Description: The issue is related to improper encoding or escaping of output, which could be exploited by an attacker with high privileges and local access to inject...

xmlrpc-c security update

1.51.0-11 - Restrict XML Entity Expansion Depth in libexpat CVE-2024-8176...

PT-2025-22289 · Unknown · Fw-Wgs-804Hpt

Name of the Vulnerable Software and Affected Versions: FW-WGS-804HPT version 1.305b241111 Description: A stack overflow issue was discovered via the remote ip parameter in the web snmpv3 remote engineId add post function. Recommendations: For FW-WGS-804HPT version 1.305b241111, consider restricti...

CVE-2025-32655

Cross-Site Request Forgery CSRF vulnerability in DevriX Restrict User Registration restrict-user-registration allows Stored XSS.This issue affects Restrict User Registration: from n/a through = 1.0.1...