CVE-2025-43485

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update...

CVE-2025-43483

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...

CVE-2025-43484

A potential reflected cross-site scripting vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The website does not validate or sanitize the user input before rendering it in the response. HP has addressed the issue in the latest software update...

PT-2025-30520 · Synology · Synology Router Manager

Name of the Vulnerable Software and Affected Versions: Synology Router Manager SRM versions prior to 1.3.1-9346-11 Description: A cross-site scripting XSS issue exists in the VPN Setting functionality. This allows remote authenticated users with administrator privileges to inject arbitrary web...

PT-2025-30581 · Xdebug · Xdebug

Name of the Vulnerable Software and Affected Versions: Xdebug versions 2.5.5 and earlier Description: An unauthenticated OS command injection vulnerability exists in Xdebug, a PHP debugging extension. When remote debugging is enabled, Xdebug listens on port 9000 and accepts debugger protocol...

PT-2025-30528 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A flaw exists in Samsung Electronics MagicINFO 9 Server that allows code injection through the unrestricted upload of files with dangerous types. Recommendations: Update MagicINFO 9...

PT-2025-30573

Name of the Vulnerable Software and Affected Versions Dataprom Informatics PACS-ACSS versions prior to 16.05.2025 Description The software contains an Improper Neutralization of Input During Web Page Generation, leading to a Cross-Site Scripting XSS issue. This allows for the injection of malicio...

PT-2025-30533 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: The software contains an Improper Restriction of XML External Entity Reference vulnerability that allows Server Side Request Forgery. Recommendations: Update MagicINFO 9 Server to...

PT-2025-30600 · Ni · Ni Labview

Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions 2025 Q1 and prior Description: An out-of-bounds read issue exists due to improper bounds checking in lvre!UDecStrToNum. This can lead to information disclosure or arbitrary code execution. Exploitation requires a user to...

PT-2025-30605 · Cncf · Cncf Harbor

Name of the Vulnerable Software and Affected Versions: CNCF Harbor versions 2.12.0 through 2.12.3 CNCF Harbor versions 2.13.0 through 2.13.0 Description: An ORM leak exists in the /api/v2.0/users endpoint, allowing administrators to potentially disclose users' password hash and salt values. The q...

PT-2025-30532 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A flaw exists in Samsung Electronics MagicINFO 9 Server that allows code injection through the unrestricted upload of files with dangerous types. Recommendations: Update MagicINFO 9...

PT-2025-30638

Name of the Vulnerable Software and Affected Versions ABB AC500 V2 versions through 2.5.2 Description A buffer over-read issue exists in ABB AC500 V2. This can potentially lead to unexpected system behavior. Recommendations Update ABB AC500 V2 to a version later than 2.5.2...

PT-2025-30553 · Mailman 3 · Mailman 3

Name of the Vulnerable Software and Affected Versions: mailman3 versions prior to 3.3.10-2.1 Description: A reliance on untrusted inputs in a security decision within the logrotate configuration allows for potential escalation from mailman to root. Recommendations: Update mailman3 to version...

PT-2025-30527 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: An unrestricted file upload issue with dangerous file types exists in Samsung Electronics MagicINFO 9 Server, potentially leading to code injection. Recommendations: Update MagicINFO...

PT-2025-30542 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A use of hard-coded credentials issue exists in Samsung Electronics MagicINFO 9 Server, allowing authentication bypass. Recommendations: Update MagicINFO 9 Server to version 21.1080....

PT-2025-30541 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A path traversal vulnerability exists in Samsung Electronics MagicINFO 9 Server, potentially leading to code injection. This issue is due to improper limitation of a pathname to a...

JVN#21177718: Real-time Bus Tracking System vulnerable to improper validation of specified quantity in input

Real-time Bus Tracking System provided by SYNCK GRAPHICA contains the following vulnerability. Improper validation of specified quantity in input CWE-1284 CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N Base Score 5.3 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L Base Score 4.3...

PT-2025-30561 · Manageengine · Zoho Manageengine Applications Manager

Name of the Vulnerable Software and Affected Versions: ManageEngine Applications Manager versions 176600 and prior Description: ManageEngine Applications Manager is susceptible to a stored cross-site scripting issue within the File/Directory monitor. This allows for malicious script injection,...

PT-2025-30539 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: An improper control of generation of code 'Code Injection' vulnerability exists in MagicINFO 9 Server. This issue allows code injection. Recommendations: Update MagicINFO 9 Server to...

PT-2025-30531 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A path traversal vulnerability exists in Samsung Electronics MagicINFO 9 Server. This issue allows for the upload of a web shell to a web server. Recommendations: Update MagicINFO 9...