PT-2025-40594

Name of the Vulnerable Software and Affected Versions Redis versions 5.7.0 through 5.8.0 Redict versions 7.3.2+ds-1ubuntu0.1 Valkey versions prior to 8.1.1+dfsg1-3+deb13u1 Description Redis and Redict are vulnerable to a Lua scripting interface issue that could allow an authenticated attacker to...

PT-2025-5054 · Unknown · Fures Xtra Settings

Name of the Vulnerable Software and Affected Versions: fures XTRA Settings versions n/a through 2.1.8 Description: The issue is related to improper neutralization of input during web page generation, which allows for Reflected XSS. This means that an attacker can inject malicious scripts into the...

PT-2025-1511 · Kwhotel · Kwhotel

Name of the Vulnerable Software and Affected Versions: KWHotel version 0.47 Description: The issue concerns CSV Formula Injection in the invoice adding function. This allows for potential exploitation through malicious formula injection in CSV files. Recommendations: For KWHotel version 0.47,...

PT-2025-3100 · Unknown +1 · Openimageio +1

Name of the Vulnerable Software and Affected Versions: OpenImageIO version 3.1.0.0dev Description: An allocation-size-too-big bug in the component /imagebuf.cpp of OpenImageIO may cause a Denial of Service DoS when the program requests to allocate too much space. Recommendations: For OpenImageIO...

PT-2025-3549 · Lunasvg · Lunasvg

Name of the Vulnerable Software and Affected Versions: lunasvg version 3.0.0 Description: The issue is related to a segmentation violation in the plutovg path add path component. This component is part of the lunasvg software. Recommendations: For lunasvg version 3.0.0, consider restricting acces...

PT-2025-2244 · Sperse.Io · Automate Hub Free

Name of the Vulnerable Software and Affected Versions: Automate Hub Free by Sperse.IO plugin for WordPress versions up to and including 1.7.0 Description: The issue is due to missing or incorrect nonce validation on the 'automate hub' page, making it possible for unauthenticated attackers to upda...

PT-2025-5087 · Unknown · Wm Options Import Export

Name of the Vulnerable Software and Affected Versions: WM Options Import Export versions 1.0.1 and earlier Description: The issue allows for the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. This can potentially expose confidential information...

PT-2025-5360 · Jenkins · Jenkins Azure Service Fabric Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Service Fabric Plugin versions 1.6 and earlier Description: A Cross-Site Request Forgery CSRF issue allows attackers to connect to a Service Fabric URL using attacker-specified credentials IDs obtained through another method. Th...

PT-2025-5361 · Jenkins · Jenkins Azure Service Fabric Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Service Fabric Plugin versions 1.6 and earlier Description: A missing permission check in the Jenkins Azure Service Fabric Plugin allows attackers with Overall/Read permission to enumerate the IDs of Azure credentials stored in...

PT-2025-4989 · Unknown · Notfound Content Planner

Name of the Vulnerable Software and Affected Versions: NotFound Content Planner versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versions...

PT-2025-3466 · Linksys · Linksys E8450

Name of the Vulnerable Software and Affected Versions: Linksys E8450 version 1.2.00.360516 Description: A command injection issue was discovered, which can be exploited via the userEmail variable. This allows for potential unauthorized access and control. Recommendations: For Linksys E8450 versio...

PT-2025-5256 · Unknown · Ppo Call To Actions

Name of the Vulnerable Software and Affected Versions: PPO Call To Actions versions 0.1.3 and earlier Description: A Cross-Site Request Forgery CSRF issue affects PPO Call To Actions, allowing unauthorized requests. The estimated number of potentially affected devices worldwide is not specified...

PT-2025-4644 · Unknown · My Tickets

Name of the Vulnerable Software and Affected Versions: My Tickets versions 2.0.9 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by Access Control Lists ACLs. This means that certain functions or...

PT-2025-4643 · Unknown · Taskbuilder

Name of the Vulnerable Software and Affected Versions: Taskbuilder versions 3.0.6 and earlier Description: The issue is related to improper neutralization of special elements used in an SQL command, allowing SQL injection. This problem can pose a significant cybersecurity risk. Recommendations: F...

PT-2025-4646 · Unknown · Vikappointments Services Booking Calendar

Name of the Vulnerable Software and Affected Versions: VikAppointments Services Booking Calendar versions 1.2.16 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This means an attacker can...

PT-2025-4236

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description The issue allows a high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks can result in...

PT-2025-4853 · Unknown · Cosmos-Server

Name of the Vulnerable Software and Affected Versions: Cosmos-Server versions prior to 0.17.7 Description: The Cosmos-Server software has a user enumeration issue due to the error code returned during login, allowing an attacker to determine if a user exists in the database by monitoring the erro...

PT-2025-3956 · Unknown · Code-Projects Fantasy-Cricket

Name of the Vulnerable Software and Affected Versions: code-projects Fantasy-Cricket version 1.0 Description: A critical issue has been found, allowing for SQL injection through the manipulation of the uname argument in an unknown function of the file /dash/update.php. This can be exploited...

PT-2025-2170 · WordPress · Webcamconsult

Name of the Vulnerable Software and Affected Versions: Webcamconsult plugin for WordPress versions up to, and including, 1.5.0 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on a function. This allows unauthenticated attackers to updat...

PT-2025-4847 · Boltdb +2 · Boltdb +2

Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.2 Description: The issue arises from the way group data is stored for users in the boltdb database, specifically as an append-list. This leads to group revocations or removals being ignored in the API. When a user lo...