PT-2025-5774 · Asterisk +1 · Asterisk +1

Name of the Vulnerable Software and Affected Versions: Asterisk version 22 Description: The issue allows a remote attacker to execute arbitrary code via the action createconfig function. This is due to an insecure permissions vulnerability. Recommendations: For Asterisk version 22, as a temporary...

PT-2025-5797 · Ibm · Ibm Security Verify Directory

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Directory versions 10.0.0 through 10.0.3 Description: The issue allows a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request. Recommendations: For IBM Security...

PT-2025-5784 · Ibm · Ibm Applinx

Name of the Vulnerable Software and Affected Versions: IBM ApplinX version 11.1 Description: This issue allows an authenticated user to embed arbitrary JavaScript code in the Web UI, potentially altering the intended functionality and leading to credentials disclosure within a trusted session...

PT-2025-4633 · Unknown · Notfound Traveler Code

Name of the Vulnerable Software and Affected Versions: NotFound Traveler Code versions n/a through 3.1.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows malicious SQL commands to be executed...

PT-2025-4173 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is related to an out-of-bounds read in the decoding of malformed bitstreams of video thumbnails in libsthmbc.so. This allows local attackers to read arbitrary memory...

PT-2025-3006 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.21 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form...

PT-2025-7108 · D Link · D-Link Dsl-3782

Name of the Vulnerable Software and Affected Versions: D-Link DSL-3782 version 1.01 Description: An OS command injection issue was discovered, allowing attackers to execute arbitrary operating system commands via crafted packets. This is achieved through the samba wg and samba nbn parameters...

PT-2025-5612 · Dumpdrop · Dumpdrop

Name of the Vulnerable Software and Affected Versions: DumpDrop affected versions not specified Description: The issue is related to an OS Command Injection vulnerability in the DumpDrop application, specifically in the "/upload/init" endpoint. This vulnerability could allow an attacker to execut...

PT-2025-7113 · Tp Link · Tp-Link Tl-Wr841Nd

Name of the Vulnerable Software and Affected Versions: TP-Link TL-WR841ND version V11 Description: A buffer overflow issue was discovered via the gw parameter at "/userRpm/WanDynamicIpV6CfgRpm.htm". This allows attackers to cause a Denial of Service DoS via a crafted packet. Recommendations: For...

PT-2025-5598 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.12 Description: A SQL Injection vulnerability was discovered in the WeGIA application, salvar cargo.php endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing...

PT-2025-2774 · Wazuh +1 · Wazuh +1

Name of the Vulnerable Software and Affected Versions: Wazuh versions prior to 4.9.1 Description: This issue occurs when the system has weak privilege access, allowing an attacker to perform privilege escalation. As a result, an attacker can view the agent list on the Wazuh dashboard without...

PT-2025-1556 · Digiever · Digiever Ds-2105 Pro

Name of the Vulnerable Software and Affected Versions: Digiever DS-2105 Pro version 3.1.0.71-11 Description: The issue allows for arbitrary file read through the access device.cgi file on affected devices. This problem only affects products that are no longer supported by the manufacturer...

PT-2025-4627 · WordPress · Wp Travel

Name of the Vulnerable Software and Affected Versions: WP Travel versions prior to 10.1.0 Description: The issue is related to improper neutralization of special elements used in an SQL command, which allows SQL injection. This means that an attacker could potentially inject malicious SQL code to...

PT-2025-3449 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions =1.5.0 Description: The issue allows attackers to delete any file and folder due to an arbitrary file deletion vulnerability in the contentcore.controller.FileController. This vulnerability enables attackers to exploit th...

PT-2025-5602 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.12 Description: A SQL Injection vulnerability was discovered in the WeGIA application, "salvar tag.php" endpoint. This vulnerability could allow an authorized attacker to execute arbitrary SQL queries, allowing...

PT-2025-4620 · Unknown · Hesabfa Accounting

Name of the Vulnerable Software and Affected Versions: Hesabfa Accounting versions prior to 2.1.2 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This means an attacker can inject malicious scripts...

PT-2025-4116 · Zenvia · Zenvia Movidesk

Name of the Vulnerable Software and Affected Versions: Zenvia Movidesk versions up to 25.01.22 Description: A vulnerability was found in Zenvia Movidesk, affecting an unknown functionality of the file /Account/Login. The manipulation of the ReturnUrl argument leads to open redirect. The attack ca...

PT-2025-4101 · Unknown · Teamcal Neo

Name of the Vulnerable Software and Affected Versions: TeamCal Neo version 3.8.2 Description: The issue is a Reflected Cross-Site Scripting XSS that allows an attacker to execute malicious JavaScript code. This is achieved by injecting code via the abs parameter in the "/teamcal/src/index.php" AP...

PT-2025-5463 · Paytm · Paytm Payment Donation

Name of the Vulnerable Software and Affected Versions: Paytm Payment Donation versions n/a through 2.3.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. Recommendations: For versions n/a...

PT-2025-2220 · WordPress · Wpdatatables

Name of the Vulnerable Software and Affected Versions: WP DataTable plugin for WordPress versions up to, and including, 0.2.6 Description: The issue is related to Stored Cross-Site Scripting via the id parameter due to insufficient input sanitization and output escaping. This allows authenticated...