CVE-2023-49734

An authenticated Gamma user has the ability to create a dashboard and add charts to it, this user would automatically become one of the owners of the charts allowing him to incorrectly have write permissions to these charts.This issue affects Apache Superset: before 2.1.2, from 3.0.0 before 3.0.2...

PT-2026-1295

Name of the Vulnerable Software and Affected Versions Tumult Hype Animations versions through 1.9.11 Description A flaw exists in Tumult Hype Animations that allows for DOM-Based Cross-site Scripting XSS. This issue is due to improper neutralization of input during web page generation. The...

EUVD-2021-9691

Malicious code in bioql PyPI...

PT-2025-32113 · Samsung · Galaxy Wearable

Name of the Vulnerable Software and Affected Versions: Galaxy Wearable versions prior to 2.2.63.25042861 Description: Improper access control in Galaxy Wearable allows local attackers to access sensitive information. Recommendations: Update Galaxy Wearable to version 2.2.63.25042861 or later...

PT-2025-31048

Name of the Vulnerable Software and Affected Versions ssrfcheck versions prior to 1.2.0 Description The package is vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. The package fails to classify the reserved IP address space 224.0.0.0/4 Multicast a...

PT-2025-30909 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 version 4.6.0 Description: A stored cross-site scripting XSS vulnerability exists in CodeIgniter4. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the debugbar time parameter...

PT-2025-30527 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: An unrestricted file upload issue with dangerous file types exists in Samsung Electronics MagicINFO 9 Server, potentially leading to code injection. Recommendations: Update MagicINFO...

PT-2025-30528 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A flaw exists in Samsung Electronics MagicINFO 9 Server that allows code injection through the unrestricted upload of files with dangerous types. Recommendations: Update MagicINFO 9...

PT-2025-30328 · Luxcal · Luxcal

Name of the Vulnerable Software and Affected Versions: Luxcal version 4.5.2 Description: A reflected cross-site scripting XSS vulnerability exists in index.php that allows an unauthenticated attacker to steal other users' data. Recommendations: Update to a newer version that contains a fix for th...

PT-2025-30325 · Ibm · Ibm Cognos Analytics Mobile

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics Mobile iOS versions 1.1.0 through 1.1.22 Description: IBM Cognos Analytics Mobile iOS is susceptible to a security issue that may allow malicious actors to obtain sensitive information. This is due to the cleartext...

PT-2025-30362 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev90 Description: pyLoad contains an authenticated path traversal vulnerability in the /json/upload endpoint. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended...

PT-2025-29999 · WordPress · Woocommerce Refund/Exchange With Rma - Warranty Management

Name of the Vulnerable Software and Affected Versions: WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet versions up to and including 3.2.6 Description: The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User...

PT-2025-30057 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.6 Description: WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability exists in the personalizacao.php endpoint...

PT-2025-29805 · Unknown · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder versions through 3.10.2 Description: FunnelKit Funnel Builder is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. This issue allows for potential SQL injectio...

PT-2025-29753 · WordPress · Wpadverts

Name of the Vulnerable Software and Affected Versions: WPAdverts versions through 2.2.5 Description: The software contains a DOM-Based Cross-site Scripting issue due to improper neutralization of input during web page generation. Recommendations: Update WPAdverts to a version later than 2.2.5...

PT-2025-29816 · Unknown · Uxper Sala

Name of the Vulnerable Software and Affected Versions: uxper Sala versions n/a through 1.1.3 Description: A missing authorization issue exists in uxper Sala, allowing access to functionality not properly constrained by Access Control Lists ACLs. Recommendations: Update uxper Sala to a version...

PT-2025-29573 · Dassault Systèmes · Solidworks Edrawings +1

Name of the Vulnerable Software and Affected Versions: SOLIDWORKS eDrawings versions prior to SOLIDWORKS Desktop 2025 Description: A use of uninitialized variable issue exists in the JT file reading procedure. This could allow an attacker to execute arbitrary code when opening a specially crafted...

PT-2025-29399 · Unknown · Sapido Rb-1802

Name of the Vulnerable Software and Affected Versions: Sapido RB-1802 version 1.0.32 Description: A cross-site scripting issue exists in the URL Filtering Page component, specifically within the urlfilter.asp file. The manipulation of the URL address argument can lead to exploitation. The exploit...

PT-2025-29310 · WordPress · Beeteam368 Extensions

Name of the Vulnerable Software and Affected Versions: BeeTeam368 Extensions plugin for WordPress versions up to and including 2.3.5 Description: The BeeTeam368 Extensions plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the handle...

PT-2025-28397 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge SE2025 versions prior to V225.0 Update 5 Description: A vulnerability has been identified in the affected applications, which contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR...