18 matches found
PT-2025-28393 · Sinec Nms · Sinec Nms
Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified that makes the affected devices vulnerable to SQL injection. This could allow an unauthenticated remote attacker to execute arbitrary SQL queries on the server...
PT-2025-19771 · Misskey · Misskey
Name of the Vulnerable Software and Affected Versions: Misskey versions 12.31.0 through 2025.4.0 Description: The issue is related to missing validation in Mk:api, which allows malicious AiScript code to access additional endpoints that it isn't designed to have access to. This is achieved by...
PT-2025-17346 · Z80Pack · Z80Pack
Name of the Vulnerable Software and Affected Versions: z80pack versions 1.38 and prior Description: The issue concerns the exposure of sensitive information, specifically the GITHUB TOKEN, in the workflow run artifact. This occurs because the makefile-ubuntu.yml workflow file uses...
PT-2025-16362 · Openrazer +1 · Openrazer +1
Name of the Vulnerable Software and Affected Versions: OpenRazer versions prior to 3.10.2 Description: The issue allows an attacker to cause the custom kernel driver to read more bytes than provided by user space by writing specially crafted data to the matrix custom frame file. This data will be...
PT-2025-1881 · WordPress · The Dominion – Domain Checker
Name of the Vulnerable Software and Affected Versions: The Dominion – Domain Checker for WPBakery plugin for WordPress versions up to, and including, 2.2.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping on user-supplied...
PT-2024-36633 · Unknown · Webriderz Wr Age Verification
Name of the Vulnerable Software and Affected Versions: Webriderz Wr Age Verification versions n/a through 2.0.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially...
PT-2024-35210 · Unknown · Devexhub Gallery
Name of the Vulnerable Software and Affected Versions: Devexhub Gallery versions n/a through 2.0.1 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to potential exploitation and...
PT-2024-9995 · Drupal +1 · Drupal Core +1
Name of the Vulnerable Software and Affected Versions: Drupal Core versions 10.0.0 through 10.2.9 Description: A vulnerability in Drupal Core allows file manipulation. This issue is related to weaknesses in handling error situations, which could allow a remote attacker to impact the integrity of...
PT-2024-27951 · Unknown · Codeprojects Health Care Hospital Management System
Name of the Vulnerable Software and Affected Versions: CodeProjects Health Care hospital Management System version 1.0 Description: The issue is related to a SQL injection vulnerability in the Staff Info module. This vulnerability can be exploited via the searvalu parameter. Recommendations: For...
PT-2023-11471 · Beyondtrust · Beyondtrust Privilege Management For Windows
Name of the Vulnerable Software and Affected Versions: BeyondTrust Privilege Management for Windows versions through 5.6 Description: An issue was discovered in BeyondTrust Privilege Management for Windows. When adding the Add Admin token to a process and specifying that it runs at medium integri...
PT-2023-26112 · Unknown · Wayos Fbm-291W
Name of the Vulnerable Software and Affected Versions: WAYOS FBM-291W version 19.09.11V Description: A command injection issue was found in the /upgrade filter.asp component. This allows for potential command injection attacks. Recommendations: For WAYOS FBM-291W version 19.09.11V, consider...
PT-2023-12478
Name of the Vulnerable Software and Affected Versions: The Flo Forms – Easy Drag & Drop Form Builder plugin for WordPress versions up to, and including, 1.0.35 Description: The issue is related to Stored Cross-Site Scripting via Options Change, which occurs when using the flo import forms options...
PT-2022-6097 · Dahua · Dhi-Dss4004-S2 +4
Name of the Vulnerable Software and Affected Versions: Dahua software products affected versions not specified DSS Professional affected versions not specified DSS Express affected versions not specified DHI-DSS4004-S2 affected versions not specified DHI-DSS7016D-S2 affected versions not specifie...
PT-2021-18745 · Podofo +4 · Podofo +4
Name of the Vulnerable Software and Affected Versions: PoDoFo version 0.9.7 Description: A flaw was found in the PdfNamesTree::AddToDictionary function in src/podofo/doc/PdfNamesTree.cpp, which can lead to a stack overflow due to an uncontrolled recursive call. Recommendations: For PoDoFo version...
PT-2019-13483 · Unknown · En100 Ethernet Module Iec 61850 Variant +4
Name of the Vulnerable Software and Affected Versions: EN100 Ethernet module DNP3 variant All versions EN100 Ethernet module IEC 61850 variant All versions V4.37 EN100 Ethernet module IEC104 variant All versions EN100 Ethernet module Modbus TCP variant All versions EN100 Ethernet module PROFINET ...
PT-2019-6001 · Proclima · Proclima
Name of the Vulnerable Software and Affected Versions: ProClima versions prior to 8.0.0 Description: A vulnerability exists in the software that could allow a malicious DLL file, with the same name as any resident DLLs inside the software installation, to execute arbitrary code. This issue is...
PT-2005-5315 · Open Source Matters · Joomla!
Name of the Vulnerable Software and Affected Versions: Joomla! version 1.03 Description: The issue allows remote attackers to cause a denial of service due to resource consumption by utilizing a large number of Search Mambots, as the software does not restrict their number. Recommendations: For...
PT-2004-3612 · Tenable · Nessus
Name of the Vulnerable Software and Affected Versions: Nessus version 2.0.10a Description: The issue concerns the storage of account passwords in plaintext within .nessusrc files. This allows local users to obtain these passwords. It is noted that the vendor has disputed this issue...