CVE-2026-9490 Acer Care Center creates a Named Pipe with a weak Security Descriptor

A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...

TencentOS Server 4: moby (TSSA-2024:1079)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:1079 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

EUVD-2019-16658

Malware in sbrugna...

EUVD-2018-0234

Malware in sbrugna...

EUVD-2022-38828

Malicious code in bioql PyPI...

Advisory ROSA-SA-2025-2940

Software: exfatprogs 1.2.9 OS: ROSA-CHROME unaffected versions = exfatprogs-1.2.9-1 affected versions exfatprogs-1.2.9-1 CVE-ID: CVE-2023-45897 BDU-ID: 2024-03156 CVE-Crit: MEDIUM CVE-DESC.: A vulnerability in the readfiledentryset function of the exfatprogs user-space utility is related to readi...

PT-2025-29240 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS versions prior to 21.2R3-S9 Juniper Networks Junos OS versions 21.4 before 21.4R3-S11 Juniper Networks Junos OS versions 22.2 before 22.2R3-S7 Juniper Networks Junos OS versions 22.4 before 22.4R3-S7 Juniper Networks...

PT-2025-27188 · WordPress · Category Slider For Woocommerce

Name of the Vulnerable Software and Affected Versions: WPB Category Slider for WooCommerce versions 1.71 and earlier Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local...

PT-2025-27140 · Unknown · Directiq Email Marketing

Name of the Vulnerable Software and Affected Versions: DirectIQ Email Marketing versions n/a through 2.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

PT-2025-27133 · Ancorathemes · Ancorathemes Citygov

Name of the Vulnerable Software and Affected Versions: AncoraThemes CityGov versions 1.9 and earlier Description: The issue is related to improper control of filename for include/require statement in PHP programs, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion...

PT-2025-27192 · Unknown · Quick Favicon

Name of the Vulnerable Software and Affected Versions: Quick Favicon versions through 0.22.8 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This enables an attacker to inject malicious...

TencentOS Server 3: thunderbird (TSSA-2024:0490)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0490 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

CVE-2025-29871

An out-of-bounds read vulnerability has been reported to affect File Station 5. If a local attacker gains an administrator account, they can then exploit the vulnerability to obtain secret data. We have already fixed the vulnerability in the following version: File Station 5 5.5.6.4847 and later...

PT-2025-24124

Name of the Vulnerable Software and Affected Versions CubePoints versions n/a through 3.2.1 Description The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. Recommendations For versions n/a through 3.2.1, update to a version that includes a fix fo...

PT-2025-22787 · Unknown · Majestic Support

Name of the Vulnerable Software and Affected Versions: Majestic Support versions n/a through 1.1.0 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks against Majestic...

PT-2025-22067 · WordPress · Quantumcloud Wpbot Pro

Name of the Vulnerable Software and Affected Versions: QuantumCloud WPBot Pro Wordpress Chatbot versions n/a through 12.7.0 Description: The issue is related to the deserialization of untrusted data, allowing object injection in the QuantumCloud WPBot Pro Wordpress Chatbot. This can be exploited...

PT-2025-21055 · Intel · Intel Data Center Gpu Flex Series

Name of the Vulnerable Software and Affected Versions: IntelR Data Center GPU Flex Series for Windows versions prior to 31.0.101.4255 Description: The issue is related to improper access control in the IntelR Data Center GPU Flex Series for Windows driver software. This may allow an authenticated...

PT-2025-20218 · Unknown · Cbx Map For Google Map & Openstreetmap

Name of the Vulnerable Software and Affected Versions: CBX Map for Google Map & OpenStreetMap versions 1.1.12 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This means th...

PT-2025-18732 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.5 Description: The issue is related to server-side request forgery SSRF, which may allow an authenticated attacker to send unauthorized requests from the system. This could potentially lead to...

PT-2025-17102 · Woocommerce · Wallet System For Woocommerce

Name of the Vulnerable Software and Affected Versions: Wallet System for WooCommerce versions n/a through 2.6.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...