PT-2025-2155 · WordPress · Gosign – Posts Slider Block

Name of the Vulnerable Software and Affected Versions: Gosign – Posts Slider Block plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping in the 'posts-slider-block' bloc...

PT-2025-2232 · WordPress · Order Export For Woocommerce

Name of the Vulnerable Software and Affected Versions: Order Export for WooCommerce plugin for WordPress versions up to, and including, 3.24 Description: The issue allows unauthenticated attackers to extract sensitive data stored insecurely in the /wp-content/uploads directory, which can contain...

PT-2025-4032 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: A control access issue has been identified, allowing an authenticated attacker to exploit the "/embedai/visits/show/" endpoint to obtain information about visits made by other users. The informati...

PT-2025-4065 · Wondershare · Wondershare Dr.Fone

Name of the Vulnerable Software and Affected Versions: Wondershare Dr.Fone version 13.5.21 Description: A privilege escalation vulnerability has been found in Wondershare Dr.Fone. This issue could allow an attacker to escalate privileges by replacing the binary...

PT-2025-4031 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and below Description: An Improper Access Control issue allows an authenticated attacker to obtain files stored by other users by modifying the FILE ID of the endpoint "/embedai/files/show/". Recommendations: For EmbedAI...

PT-2025-4080 · Maybecms · Maybecms

Name of the Vulnerable Software and Affected Versions: Maybecms version 1.2 Description: A problematic issue has been found in Maybecms, affecting an unknown part of the file /mb/admin/index.php?u=article-edit of the component Add Article. The manipulation of the data infocontent argument leads t...

Security Bulletin: IBM Virtualization Engine TS7700 is susceptible to remote code execution due to the use of OpenSSH (CVE-2024-6387)

Summary IBM Virtualization Engine TS7700 is susceptible to remote code execution due to the use of OpenSSH CVE-2024-6387. OpenSSH is used by TS7700 to allow access from the TSSC Console by IBM authorized service personnel. Vulnerability Details CVEID:CVE-2024-6387 DESCRIPTION: OpenSSH could allow...

PT-2025-4852 · Unknown · Tandoor Recipes

Name of the Vulnerable Software and Affected Versions: Tandoor Recipes versions prior to 1.5.28 Description: The issue concerns the file upload feature in Tandoor Recipes, which allows uploading arbitrary files, including html and svg. These files can contain malicious content, such as XSS...

WordPress Restrict Content plugin <= 3.2.13 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability

Unauthenticated Content Restriction Bypass to Sensitive Information Exposure vulnerability discovered by Francesco Carlucci in WordPress Plugin Restrict Content versions = 3.2.13...

PT-2025-1987

Name of the Vulnerable Software and Affected Versions Dyn Business Panel WordPress plugin version 1.0.0 Description The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This...

PT-2025-5500 · WordPress · Wp Multi Store Locator

Name of the Vulnerable Software and Affected Versions: WP Multi Store Locator versions 2.4.7 and earlier Description: The issue is related to improper neutralization of script-related HTML tags in a web page, which allows for Reflected XSS attacks. This means that an attacker can inject malicious...

PT-2025-5244 · Unknown · Marian Kanev Cab Fare Calculator

Name of the Vulnerable Software and Affected Versions: Marian Kanev Cab fare calculator versions n/a through 1.1 Description: The issue is related to a Missing Authorization vulnerability that allows Stored XSS in the Marian Kanev Cab fare calculator. Recommendations: For versions n/a through 1.1...

PT-2025-3356 · Baidu · Baidu Lite

Name of the Vulnerable Software and Affected Versions: Baidu Lite version 6.40.0 Description: The issue allows attackers to access user information by supplying a crafted link. Recommendations: For version 6.40.0, consider avoiding the use of links from untrusted sources until a patch is availabl...

PT-2025-3424 · Bioware · Dragon Age Origins

Name of the Vulnerable Software and Affected Versions: Dragon Age Origins version 1.05 Description: The DAUpdaterSVC service in Dragon Age Origins contains an unquoted service path issue, allowing users to modify the executable file path used by the service. This service runs with NT...

PT-2025-5388 · Unknown · The Events Calendar

Name of the Vulnerable Software and Affected Versions: The Events Calendar versions n/a through 6.7.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which allows an attacker to perform unauthorized actions on a user's account. This is a type of attack where ...

PT-2025-2797 · Edimax · Edimax Ac1200 Wi-Fi 5 Dual-Band Router Br-6476Ac

Name of the Vulnerable Software and Affected Versions: Edimax AC1200 Wi-Fi 5 Dual-Band Router BR-6476AC version 1.06 Description: The issue is related to a buffer overflow that can occur through the /goform/getWifiBasic API endpoint. This endpoint is vulnerable to a buffer overflow, which can be...

PT-2025-4025 · Postman · Postman

Name of the Vulnerable Software and Affected Versions: Postman versions up to 11.20 Description: A problematic issue has been found in Postman on Windows, affecting an unknown part of the library file profapi.dll. The manipulation leads to an untrusted search path. The attack must be approached...

PT-2025-4925 · Unknown · Rsvpmaker Volunteer Roles

Name of the Vulnerable Software and Affected Versions: RSVPMaker Volunteer Roles versions 1.5.1 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious...

PT-2025-3479 · Trendnet · Trendnet Tew-632Brp

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-632BRP version 1.010B31 Description: The issue is related to an OS command injection vulnerability in the CGl interface "ntp sync.cgi". This vulnerability allows remote attackers to execute arbitrary commands via the ntp server...

PT-2025-5567 · Apache · Apache Cocoon

Name of the Vulnerable Software and Affected Versions: Apache Cocoon versions all versions Description: The issue is related to the incorrect usage of seeds in the pseudo-random number generator PRNG in Apache Cocoon. When a continuation is created, it gets a random identifier. Because the random...