PT-2025-3936 · Unknown · Code-Projects Job Recruitment

Name of the Vulnerable Software and Affected Versions: code-projects Job Recruitment version 1.0 Description: A vulnerability has been found in the code and classified as problematic. This issue affects unknown code of the file / parse/ feedback system.php. The manipulation of the type argument...

PT-2025-2134 · WordPress · Sandbox

Name of the Vulnerable Software and Affected Versions: Sandbox plugin for WordPress versions up to and including 0.4 Description: The issue is related to insufficient input sanitization and output escaping, allowing unauthenticated attackers to inject arbitrary web scripts in pages through the...

PT-2025-3940 · Unknown · 1000 Projects Campaign Management System Platform For Women

Name of the Vulnerable Software and Affected Versions: 1000 Projects Campaign Management System Platform for Women version 1.0 Description: A critical issue affects the 1000 Projects Campaign Management System Platform for Women, where the manipulation of the Username argument in the file...

SUSE CVE-2024-57885

In the Linux kernel, the following vulnerability has been resolved: mm/kmemleak: fix sleeping function called from invalid context at print message Address a bug in the kernel that triggers a "sleeping function called from invalid context" warning when /sys/kernel/debug/kmemleak is printed under...

PT-2025-5180 · Ivo Brett · Applymetrics Apply With Linkedin Buttons

Name of the Vulnerable Software and Affected Versions: Ivo Brett – ApplyMetrics Apply with LinkedIn buttons versions n/a through 2.3 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting'. This allows for DOM-Based XS...

PT-2025-5187 · Pastebin · Pastebin

Name of the Vulnerable Software and Affected Versions: Pastebin versions n/a through 1.5 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker can inject maliciou...

PT-2025-5107 · Unknown · Spiderpowa Embed Pdf

Name of the Vulnerable Software and Affected Versions: Spiderpowa Embed PDF versions 1.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious...

PT-2025-4927 · WordPress · Wp Lyrics

Name of the Vulnerable Software and Affected Versions: WP Lyrics versions 0.4.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application, and also...

PT-2025-4922 · Dd Roles · Dd Roles

Name of the Vulnerable Software and Affected Versions: DD Roles versions n/a through 4.1 Description: The issue is related to an incorrect privilege assignment, allowing privilege escalation. This problem affects the mentioned versions of DD Roles. Recommendations: For versions n/a through 4.1,...

PT-2025-5095 · Gold Plugins · Gold Plugins Easy Faqs

Name of the Vulnerable Software and Affected Versions: Gold Plugins Easy FAQs versions prior to 3.2.1 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject maliciou...

PT-2025-5084 · Unknown · Pravin Durugkar User Sync Activecampaign

Name of the Vulnerable Software and Affected Versions: Pravin Durugkar User Sync ActiveCampaign versions 1.3.2 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: Fo...

PT-2025-3545 · Tenda · Tenda Ac8V4

Name of the Vulnerable Software and Affected Versions: Tenda AC8v4 version V16.03.34.06 Description: The issue is a stack overflow vulnerability affecting the setSchedWifi function in the /goform/openSchedWifi file. This vulnerability is caused by the manipulation of the schedEndTime argument,...

PT-2025-4977 · Unknown · Andrea Brandi Twitter Shortcode

Name of the Vulnerable Software and Affected Versions: Andrea Brandi Twitter Shortcode versions 0.9 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions o...

PT-2025-4924 · Unknown · Custom Post Type Lockdown

Name of the Vulnerable Software and Affected Versions: Custom Post Type Lockdown versions prior to 1.11 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows privilege escalation. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-4940 · Unknown · Web Testimonials

Name of the Vulnerable Software and Affected Versions: Web Testimonials versions prior to 1.2 Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2025-5002 · Mercadolibre · Mercadolibre Integration

Name of the Vulnerable Software and Affected Versions: MercadoLibre Integration versions 1.1 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF problem that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-5060 · Unknown · Martijn Scheybeler Social Analytics

Name of the Vulnerable Software and Affected Versions: Martijn Scheybeler Social Analytics versions n/a through 0.2 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-2583 · Themesebrand · Themesebrand Chatvia

Name of the Vulnerable Software and Affected Versions: themesebrand Chatvia version 5.3.2 Description: An issue in themesebrand Chatvia allows a remote attacker to execute arbitrary code via the User profile Upload image function. Recommendations: For themesebrand Chatvia version 5.3.2, consider...

PT-2025-4881 · Unknown · Shockingly Big Ie6 Warning

Name of the Vulnerable Software and Affected Versions: Shockingly Big IE6 Warning versions n/a through 1.6.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...

PT-2025-4883 · Easy Tynt · Easy Tynt

Name of the Vulnerable Software and Affected Versions: Easy Tynt versions 0.2.5.1 and earlier Description: A Cross-Site Request Forgery CSRF issue allows unauthorized actions to be performed on behalf of a user. This issue can be exploited to perform Cross Site Request Forgery. Recommendations: F...