PT-2025-14613

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.2 Description The issue is a remote code execution security vulnerability in pgAdmin 4, affecting the Query Tool and Cloud Deployment modules. It is associated with two POST endpoints: "/sqleditor/query...

PT-2025-12775

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3 Description A vulnerability was found in the Open Asset Import Library Assimp, affecting the function fast atoreal move in the library include/assimp/fast atof.h of the component CSM File Handler...

PT-2025-12767 · WordPress · Teachpress

Name of the Vulnerable Software and Affected Versions: teachPress plugin for WordPress versions up to, and including, 9.0.9 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the "import.php" page. This allows unauthenticated attackers ...

PT-2025-12714 · Unknown +1 · Ingress-Nginx +1

Name of the Vulnerable Software and Affected Versions: ingress-nginx versions prior to v1.11.5 ingress-nginx versions from v1.12.0-beta.0 through v1.12.1 Description: A security issue was discovered in ingress-nginx where the mirror-target and mirror-host Ingress annotations can be used to inject...

GHSA-FMXW-76XQ-CMQQ Apache Oozie Cross-Site Scripting (XSS)

UNSUPPORTED WHEN ASSIGNED Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Apache Oozie. This issue affects Apache Oozie: all versions. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended t...

PT-2025-12503 · Unknown · Phpgurukul Art Gallery Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Art Gallery Management System version 1.1 Description: A critical vulnerability was found in the PHPGurukul Art Gallery Management System. The issue affects an unknown function of the file /art-enquiry.php. The manipulation of the...

PT-2025-12451 · Unknown · Lzcms-Laozhangbokexitong

Name of the Vulnerable Software and Affected Versions: LzCMS-LaoZhangBoKeXiTong versions up to 1.1.4 Description: A critical issue affects some unknown functionality of the file /admin/upload/upimage.html, specifically the HTTP POST Request Handler component. The manipulation of the File argument...

PT-2025-12302 · Pandas +1 · Pandas +1

Name of the Vulnerable Software and Affected Versions: Dify Tools versions prior to the fixed version Description: A vulnerability in the Dify Tools' Vanna module of the langgenius/dify repository allows for a Pandas Query Injection in the latest version. The vulnerability occurs in the function...

PT-2025-11184 · Tenda · Tenda Rx3

Name of the Vulnerable Software and Affected Versions: Tenda RX3 US RX3V1.0br V16.03.13.11 multi TDE01 Description: The issue is related to a buffer overflow that can be triggered via the schedStartTime and schedEndTime parameters at the "/goform/saveParentControlInfo" API endpoint. This allows...

PT-2025-11183 · Tenda · Tenda Rx3

Name of the Vulnerable Software and Affected Versions: Tenda RX3 US RX3V1.0br V16.03.13.11 multi TDE01 Description: The issue is related to a Buffer Overflow vulnerability via the list parameter at the "/goform/setPptpUserList" API endpoint. This allows attackers to cause a Denial of Service DoS ...

PT-2025-10716 · Libzvbi +5 · Libzvbi +5

Name of the Vulnerable Software and Affected Versions: libzvbi versions 0.2.43 and earlier Description: A critical issue has been found that affects the vbi search new function in the src/search.c file. The manipulation of the pat len argument leads to an integer overflow. This issue can be...

PT-2025-10590

Name of the Vulnerable Software and Affected Versions HDF5 version 1.14.6 Description A critical issue was found in the H5SM delete function of the h5 File Handler component, located in the H5SM.c file. This issue leads to a heap-based buffer overflow. The attack can be launched remotely, but it...

PT-2025-10589

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3 Description A critical issue has been found in the Open Asset Import Library Assimp, affecting the function Assimp::BaseImporter::ConvertToUTF8 of the file BaseImporter.cpp in the File Handler...

PT-2025-18394

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the pci endpoint test module. The issue occurs when devm request irq fails with an error in pci endpoint test request ir...

Linux Distros Unpatched Vulnerability : CVE-2022-24805

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net-snmp provides various tools relating to the Simple Network Management Protocol. Prior to version 5.9.2, a buffer overflow in the handling of the INDEX of...

PT-2025-9590

Name of the Vulnerable Software and Affected Versions Donations Widget plugin for WordPress versions up to, and including, 3.19.4 Description The issue arises from improper handling of user-supplied data within the donation form, particularly in the card address parameter. This flaw allows...

PT-2025-9242

Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue is related to an Insecure Direct Object References IDOR in the component "/getStudemtAllDetailsById?studentId=XX". This allows...

PT-2025-9158 · WordPress · The Page Builder By Siteorigin

Name of the Vulnerable Software and Affected Versions: The Page Builder by SiteOrigin plugin for WordPress versions up to, and including, 2.31.4 Description: The issue is related to Stored Cross-Site Scripting via the Embedded VideoPB widget due to insufficient input sanitization and output...

PT-2025-9093 · Cyberark · Cyberark Endpoint Privilege Manager

Name of the Vulnerable Software and Affected Versions: CyberArk Endpoint Privilege Manager version 24.7.1 Description: The issue allows for HTML code injection into the page content through the content field in the Application definition page. The estimated number of potentially affected devices...

PT-2025-8721

Name of the Vulnerable Software and Affected Versions: SeaCMS version 13.3 Description: A remote code execution issue was discovered in the admin ip.php component, allowing for potential code execution. Recommendations: For SeaCMS version 13.3, update to a newer version that contains a fix for th...