PT-2025-6471 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A problem has been found in the code that affects the / parse/load user-profile.php file, leading to cross site scripting. The attack can be initiated remotely and multiple parameters mig...

PT-2025-7130 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function, allowing an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests. This is d...

PT-2025-6427 · WordPress · Aforms Eats

Name of the Vulnerable Software and Affected Versions: AForms Eats plugin for WordPress versions up to, and including, 1.3.1 Description: The issue is related to Full Path Disclosure, which occurs due to the /vendor/aura/payload-interface/phpunit.php file being publicly accessible and displaying...

PT-2025-6121 · Lumsoft · Lumsoft Erp

Name of the Vulnerable Software and Affected Versions: Lumsoft ERP version 8 Description: A critical issue was found in the function DoUpload/DoWebUpload of the file /Api/FileUploadApi.ashx. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack...

PT-2025-6174 · Wattsense · Wattsense Bridge

Name of the Vulnerable Software and Affected Versions: Wattsense Bridge versions prior to 6.4.1 Description: The firmware of all Wattsense Bridge devices contains the same hard-coded user and root credentials. The user password can be easily recovered via password cracking attempts. The recovered...

PT-2025-6133 · Sap · Sap Commerce

Name of the Vulnerable Software and Affected Versions: SAP Commerce affected versions not specified Description: The issue is related to SAP Commerce setting certain cookies with the SameSite attribute configured to None by default. This includes authentication cookies used in SAP Commerce...

PT-2025-6160

Name of the Vulnerable Software and Affected Versions: Stray Random Quotes WordPress plugin versions 1.9.9 and earlier Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in...

PT-2025-6153 · Unknown · 1000 Projects Bookstore Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Bookstore Management System version 1.0 Description: A critical issue has been found in the 1000 Projects Bookstore Management System. This issue affects an unknown part of the file process users del.php. The manipulation of the...

PT-2025-6209 · Tableau +1 · Tableau Server +1

Name of the Vulnerable Software and Affected Versions: Opcenter Intelligence versions prior to V2501 Description: A Server-Side Request Forgery SSRF vulnerability has been identified in Opcenter Intelligence, which also affects Tableau Server. This issue allows for server-side request forgery. Fo...

PT-2025-6072 · Unknown · Phpgurukul Small Crm

Name of the Vulnerable Software and Affected Versions: PHPGurukul Small CRM version 3.0 Description: The issue is related to Cross Site Scripting XSS via a crafted payload injected into the name in the profile.php. This allows for potential malicious script execution. Recommendations: For...

PT-2025-6050 · Gnu +3 · Gnu Binutils +3

Name of the Vulnerable Software and Affected Versions: GNU Binutils version 2.43 Description: A vulnerability was found in GNU Binutils, affecting the function bfd putl64 of the file libbfd.c of the component ld. The manipulation leads to memory corruption. The attack can be launched remotely, bu...

PT-2025-5978 · Audiocodes · Audiocodes One Voice Operations Center

Name of the Vulnerable Software and Affected Versions: AudioCodes One Voice Operations Center OVOC versions prior to 8.4.582 Description: A path traversal issue allows sensitive data to be read without any authentication. This means that an attacker could potentially access confidential informati...

PT-2025-6004 · Qingscan · Qingscan

Name of the Vulnerable Software and Affected Versions: QingScan versions =1.8.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in "/webscan/sqlmap/index.html" due to improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript...

PT-2025-6008 · Unknown · Taisan Tarzan-Cms

Name of the Vulnerable Software and Affected Versions: taisan tarzan-cms versions up to 1.0.0 Description: This issue affects the function upload of the file "/adminthemes" of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be initiated remotely...

PT-2025-5984 · Unknown · Dhtmlxfileexplorer

Name of the Vulnerable Software and Affected Versions: dhtmlxFileExplorer version 8.4.6 Description: The issue allows a remote attacker to obtain sensitive information through the File Listing function. This is due to a directory traversal vulnerability. Recommendations: For dhtmlxFileExplorer...

PT-2025-5959 · Stylemixthemes · Ulisting

Name of the Vulnerable Software and Affected Versions: StylemixThemes uListing versions 2.1.6 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows attackers to inject malicious SQL...

PT-2025-5841 · Apphousekitchen · Apphousekitchen Aldente Charge Limiter

Name of the Vulnerable Software and Affected Versions: AppHouseKitchen AlDente Charge Limiter versions up to 1.29 Description: A critical issue has been found in AppHouseKitchen AlDente Charge Limiter, affecting the shouldAcceptNewConnection function of the com.apphousekitchen.aldente-pro.helper...

PT-2025-5806 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Defense Platform Home Edition versions 3.9.51.x and earlier Description: A NULL pointer dereference issue exists, allowing an attacker to cause a denial-of-service DoS condition by providing specially crafted data to a specific process of the...

PT-2025-5803

Name of the Vulnerable Software and Affected Versions: Defense Platform Home Edition versions 3.9.51.x and earlier Description: The issue exists due to an unprotected Windows messaging channel, also known as 'Shatter'. If an attacker sends a specially crafted message to the specific process of th...

CVE-2020-26286

HedgeDoc is a collaborative platform for writing and sharing markdown. In HedgeDoc before version 1.7.1 an unauthenticated attacker can upload arbitrary files to the upload storage backend including HTML, JS and PHP files. The problem is patched in HedgeDoc 1.7.1. You should however verify that...