PT-2025-7557 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.16 multi Description: The issue is related to a remote code execution RCE problem. In the formexeCommand function, the parameter cmdinput can cause remote command execution. Recommendations: For Tenda AC6 version...

PT-2025-1177 · Adobe · Substance3D - Designer

Name of the Vulnerable Software and Affected Versions: Substance3D - Designer versions 14.0 and earlier Description: The issue is related to a heap-based buffer overflow in the dynamic memory of Substance 3D Designer, which could allow an attacker to execute arbitrary code in the context of the...

PT-2025-3486 · Monetdb · Monetdb Server

Name of the Vulnerable Software and Affected Versions: MonetDB Server version 11.47.11 Description: The issue in the atom get int component of MonetDB Server allows attackers to cause a Denial of Service DoS via crafted SQL statements. Recommendations: For MonetDB Server version 11.47.11, as a...

PT-2025-3557 · Msfm +1 · Msfm +1

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: The issue is related to a fastjson deserialization vulnerability in the component system/table/addField. This vulnerability was discovered in MSFM. Recommendations: For versions prior to...

PT-2025-1290 · Adobe · Photoshop

Name of the Vulnerable Software and Affected Versions: Adobe Photoshop versions 25.12, 26.1 and earlier Description: The issue is related to an Uncontrolled Search Path Element vulnerability that could lead to arbitrary code execution. An attacker could manipulate the search path environment...

PT-2025-2780 · Unknown · Graphics Ddk

Name of the Vulnerable Software and Affected Versions: Graphics DDK version = 24.2 RTM2 Description: The kernel software installed and running inside a guest virtual machine VM can send improper commands to the GPU firmware, allowing it to read data outside the guest's virtualized GPU memory. Thi...

PT-2025-4751 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.11 and earlier Description: The issue allows for CSRF, enabling account takeover via POST "/api/user/admin". This can be exploited to gain unauthorized access to user accounts. Recommendations: For versions 1.11 and earlier, ...

PT-2025-1460 · Pat Infinite Solutions · Helpdeskadvanced

Name of the Vulnerable Software and Affected Versions: Pat Infinite Solutions HelpdeskAdvanced versions 11.0.33 and earlier Description: The issue is related to Cross Site Request Forgery CSRF via the WSCView function. This allows for unauthorized actions to be performed on behalf of a user witho...

PT-2025-4774 · Unknown · Next-Forge

Name of the Vulnerable Software and Affected Versions: next-forge affected versions not specified Description: The issue concerns a Next.js project boilerplate for modern web applications. A BASEHUB TOKEN is committed in the apps/web/.env.example file. Users are advised to avoid using this token...

PT-2025-1133 · Ivanti · Ivanti Epm

Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions prior to 2024 January-2025 Security Update Ivanti EPM versions prior to 2022 SU6 January-2025 Security Update Description: The issue is related to an out-of-bounds write in memory, which can be exploited by a remote...

PT-2025-1461 · Selesta · Selesta Visual Access Manager

Name of the Vulnerable Software and Affected Versions: Selesta Visual Access Manager VAM versions prior to 4.42.2 Description: An issue was discovered in Selesta Visual Access Manager VAM where an authenticated attacker can perform SQL Injection in multiple parameters of the "/monitor/s...

PT-2025-4809 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: Mediawiki - ArticleFeedbackv5 versions 1.42.X through 1.42.2 Description: The issue is related to improper neutralization of input during web page generation, allowing Cross-Site Scripting XSS. This enables attackers to inject malicious scrip...

PT-2025-4586 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.8 Description: A Stored Cross-Site Scripting XSS vulnerability was identified in the "cadastrarSocio.php" endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts into the...

PT-2025-3409 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: A command injection issue was discovered via the modifyOne parameter in the enable wsh function. This allows for potential exploitation. Recommendations: For TOTOLINK A6000R version...

PT-2025-3088 · Monicahq · Monicahq

Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.1.2 Description: The issue is related to an authenticated Client-Side Injection vulnerability in MonicaHQ. This vulnerability can be exploited via the Reason parameter at the "/people/h:id/debts/create" API endpoint...

PT-2025-3589

Name of the Vulnerable Software and Affected Versions Raptor RDF Syntax Library versions 2.0.0 through 2.0.16 Description The issue is related to an integer underflow when normalizing a URI with the turtle parser in the raptor uri normalize path function. This problem occurs in the Raptor RDF...

PT-2025-3273 · Redcap · Redcap

Name of the Vulnerable Software and Affected Versions: REDCap version 14.9.6 Description: A stored cross-site scripting XSS vulnerability in the built-in messenger of REDCap allows authenticated users to inject malicious scripts into the message field. When a user clicks on the received message,...

PT-2025-2059 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A critical vulnerability has been found in the Admin Attachment Handler component, specifically affecting the upload function of the AttachtController.java file. The manipulation of the file...

PT-2025-2637 · Nagios Xi · Nagios Xi

Name of the Vulnerable Software and Affected Versions: Nagios XI version 2024R1.1.4 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Account Settings page. This enables attackers t...

PT-2025-1716 · WordPress · Responsive Flipbook Plugin

Name of the Vulnerable Software and Affected Versions: Responsive FlipBook Plugin for WordPress versions up to, and including, 2.5.0 Description: The issue is a Stored Cross-Site Scripting vulnerability due to insufficient input sanitization and output escaping in the rfbwp save settings function...