PT-2025-6822

Name of the Vulnerable Software and Affected Versions Komtera Technolgies KLog Server versions prior to 3.1.1 Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'. This allows for manipulating web input to make calls to...

PT-2025-7062 · Unknown · Luxcal Web Calendar

Name of the Vulnerable Software and Affected Versions: LuxCal Web Calendar versions prior to 5.3.3M MySQL version LuxCal Web Calendar versions prior to 5.3.3L SQLite version Description: The issue concerns an SQL injection vulnerability in the retrieve.php file. If exploited, this vulnerability m...

PT-2025-7221 · Unknown · Bplugins Timeline Block

Name of the Vulnerable Software and Affected Versions: bPlugins Timeline Block versions n/a through 1.1.1 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can...

PT-2025-7064 · Unknown · Luxcal Web Calendar

Name of the Vulnerable Software and Affected Versions: LuxCal Web Calendar versions prior to 5.3.3M MySQL version LuxCal Web Calendar versions prior to 5.3.3L SQLite version Description: The issue concerns a missing authentication vulnerability in the dloader.php file. This vulnerability can be...

PT-2025-7211 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.13 Description: A SQL Injection vulnerability was discovered in the WeGIA application, adicionar almoxarife.php endpoint. This vulnerability could allow an attacker to execute arbitrary SQL queries, allowing...

PT-2025-7018 · Unknown · Notfound Botnet Attack Blocker

Name of the Vulnerable Software and Affected Versions: NotFound Botnet Attack Blocker versions prior to 2.0.0 Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means that an attacker can inject...

PT-2025-6946 · Unknown · Ltl Freight Quotes – Unishippers Edition

Name of the Vulnerable Software and Affected Versions: LTL Freight Quotes – Unishippers Edition versions 2.5.8 and earlier Description: The issue is related to a Missing Authorization vulnerability in LTL Freight Quotes – Unishippers Edition, which allows exploiting incorrectly configured access...

PT-2025-6889 · Unknown · Needyamin Library Card System

Name of the Vulnerable Software and Affected Versions: needyamin Library Card System version 1.0 Description: A critical issue affects some unknown functionality of the file card.php. The manipulation of the id argument leads to SQL injection. The attack may be launched remotely. The exploit has...

CVE-2025-1094

A flaw was found in PostgreSQL. Due to improper neutralization of quoting syntax, affected versions potentially allow a database input provider to achieve SQL injection in certain usage patterns. Specifically, SQL injection requires the application to use the affected function's result to constru...

PT-2025-7249 · Unknown · Orml Rewards

Name of the Vulnerable Software and Affected Versions: ORML Rewards pallet versions prior to the fixed version Description: A vulnerability in the add share function can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range. This issue affects any Substrate-bas...

PT-2025-7541

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the version that includes the fix for this issue Description A memory corruption issue exists due to incorrect handling of control transfer buffer sizes in the usb: cdc-acm module. When the first fragment is...

PT-2025-7193

Name of the Vulnerable Software and Affected Versions: Post Thumbs versions n/a through 1.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2025-6618 · WordPress · Listivo

Name of the Vulnerable Software and Affected Versions: Listivo - Classified Ads WordPress Theme versions up to, and including, 2.3.67 Description: The issue is related to Reflected Cross-Site Scripting via the s parameter due to insufficient input sanitization and output escaping. This allows...

PT-2025-7190 · Unknown · Shambhu Patnaik Rss Filter

Name of the Vulnerable Software and Affected Versions: Shambhu Patnaik RSS Filter versions n/a through 1.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-7194

Name of the Vulnerable Software and Affected Versions: Glance That versions n/a through 4.9 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-7179 · Prezi · Prezi Embedder

Name of the Vulnerable Software and Affected Versions: Prezi Embedder versions prior to 2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious scripts...

CVE-2025-0108

An authentication bypass in the Palo Alto Networks PAN-OS software enables an unauthenticated attacker with network access to the management web interface to bypass the authentication otherwise required by the PAN-OS management web interface and invoke certain PHP scripts. While invoking these PH...

PT-2025-6865 · Unknown · Olajowon Loggrove

Name of the Vulnerable Software and Affected Versions: olajowon Loggrove up to e428fac38cc480f011afcb1d8ce6c2bad378ddd6 Description: A critical vulnerability was found in olajowon Loggrove, affecting an unknown functionality of the file /read/?page=1&logfile=eee&match=. The manipulation of the...

PT-2025-6852 · Unknown · Code-Projects Wazifa System

Name of the Vulnerable Software and Affected Versions: code-projects Wazifa System version 1.0 Description: A critical issue has been found in the code-projects Wazifa System, affecting an unknown functionality of the file /controllers/control.php. The manipulation of an argument leads to a SQL...

PT-2025-6470 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical vulnerability was found in the 1000 Projects Attendance Tracking Management System. This issue affects an unknown part of the file /admin/chart1.php. The...