PT-2025-4509 · Unknown · Hitesh Patel Metadata Seo

Name of the Vulnerable Software and Affected Versions: Hitesh Patel Metadata SEO versions n/a through 2.3 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker ca...

PT-2025-1856 · WordPress · Yogo Booking

Name of the Vulnerable Software and Affected Versions: YOGO Booking plugin for WordPress versions up to, and including, 1.6.2 Description: The issue is related to stored cross-site scripting due to insufficient input sanitization and output escaping on user-supplied attributes in the yogo-calenda...

PT-2025-3126 · Z Blogphp · Z-Blogphp

Name of the Vulnerable Software and Affected Versions: Z-BlogPHP version 1.7.3 Description: The issue allows for arbitrary code execution through the zb usersthemeshelltemplate. This enables an attacker to execute malicious code on the affected system. Recommendations: For Z-BlogPHP version 1.7.3...

PT-2025-4301 · Aat · Aat

Name of the Vulnerable Software and Affected Versions: AAT Another Activity Tracker versions prior to 1.26 Description: AAT is a GPS-tracking application for tracking sportive activities, with an emphasis on cycling. The issue allows for data exfiltration from malicious apps installed on the same...

PT-2025-1295 · Y'S · Stealthone D220 +1

Name of the Vulnerable Software and Affected Versions: STEALTHONE D220/D340 versions up to 6.03.02 Description: The issue is related to an OS command injection vulnerability in the network storage servers STEALTHONE D220/D340 provided by Y'S corporation. This vulnerability may allow a remote...

PT-2025-3784 · Unknown · Campcodes Student Grading System

Name of the Vulnerable Software and Affected Versions: Campcodes Student Grading System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /view students.php. The manipulation of the id argument leads to SQL injection. It is possible to...

PT-2025-1785 · Weavertheme · Turnkey Bbpress

Name of the Vulnerable Software and Affected Versions: Turnkey bbPress by WeaverTheme plugin for WordPress versions up to, and including, 1.6.3 Description: The issue is related to Reflected Cross-Site Scripting via the wpnonce parameter due to insufficient input sanitization and output escaping...

PT-2025-3778 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical vulnerability has been found in the code-projects Online Shoe Store. It affects an unknown function of the file /details2.php. The manipulation of the id argument leads to SQ...

PT-2025-4485 · Optimizely · Episerver.Cms.Core

Name of the Vulnerable Software and Affected Versions: Optimizely EPiServer.CMS.Core versions prior to 12.32.0 Description: A medium-severity issue exists in the CMS, where the application does not properly validate uploaded files. This allows the upload of potentially malicious file types,...

PT-2025-1200 · Moxa · Edr-G9010 +9

Name of the Vulnerable Software and Affected Versions: Moxa EDR-810 versions prior to the fixed version Moxa EDR-8010 versions prior to the fixed version Moxa EDR-G902 versions prior to the fixed version Moxa EDR-G903 versions prior to the fixed version Moxa EDR-G9004 versions prior to the fixed...

PT-2025-2015 · Roxy-Wi · Roxy-Wi

Name of the Vulnerable Software and Affected Versions: Roxy-WI versions up to 8.1.3 Description: A critical issue has been found in Roxy-WI, affecting the action service function of the file app/modules/roxywi/roxy.py. The manipulation of the action/service argument leads to os command injection...

PT-2025-3772 · Unknown · Code-Projects Point Of Sales/Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Point of Sales and Inventory Management System version 1.0 Description: A critical issue was found in the system, affecting an unknown function of the file /user/minus cart.php. The manipulation of the id argument leads to SQL...

PT-2025-3770 · Code Projects · Code-Projects Point Of Sales/Inventory Management System

Name of the Vulnerable Software and Affected Versions: code-projects Point of Sales and Inventory Management System version 1.0 Description: A critical issue was found in the code-projects Point of Sales and Inventory Management System. This issue affects the /user/search.php file, where the...

PT-2025-3220 · Elementor · Move Addons For Elementor

Name of the Vulnerable Software and Affected Versions: Move Addons for Elementor versions 1.3.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows stored Cross-site Scripting XSS. This enables attackers to inject malicious...

PT-2025-1505 · Unknown · Freesoul Deactivate Plugins

Name of the Vulnerable Software and Affected Versions: Freesoul Deactivate Plugins – Plugin manager and cleanup versions 2.1.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Thi...

PT-2025-2466 · Fs Code · Fs Poster

Name of the Vulnerable Software and Affected Versions: FS Poster versions n/a through 6.5.8 Description: A Cross-Site Request Forgery CSRF issue is present in FS-code FS Poster, allowing Cross Site Request Forgery attacks. Recommendations: For versions n/a through 6.5.8, as a temporary workaround...

PT-2025-2831 · Acronis · Acronis True Image

Name of the Vulnerable Software and Affected Versions: Acronis True Image Windows before build 41736 Description: Sensitive information disclosure is possible due to insecure folder permissions. This issue affects Acronis True Image on Windows. Recommendations: For Acronis True Image Windows befo...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Liquidweb Restrict_Content

CVE-2023-47668 Description Exposure of Sensitive Informati...

PT-2025-26568 · Sparklemotion +1 · Nokogiri +1

Name of the Vulnerable Software and Affected Versions: sparklemotion nokogiri versions up to 1.18.7 Description: A problem was found in the function hashmap set with hash of the file gumbo-parser/src/hashmap.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached...

PT-2025-20326

Name of the Vulnerable Software and Affected Versions Slurm versions 22.05, 23.02, 23.11.11, 24.05.8, and 24.11.5 are affected. Description The issue is related to permission handling for Coordinators within the accounting system, allowing them to promote a user to Administrator. This is due to a...