PT-2026-36928

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote flaw exists in the udm state operational function within the /src/udm/udm-sm.c file of the 'smf-registrations' endpoint. Manipulation of this component can lead to a denial of service...

PT-2026-36551

Name of the Vulnerable Software and Affected Versions Dayoooun hwpx-mcp version 0.2.0 Description A path traversal issue exists in the MCP Interface component within the file mcp-server/src/index.ts. Manipulation of the output path argument in the functions save document, export to text, and expo...

GHSA-3CJC-VHFM-FFP2 Apache DolphinScheduler vulnerable to sensitive information disclosure

An Exposure of Sensitive Information to an Unauthorized Actor vulnerability exists in Apache DolphinScheduler. This vulnerability may allow unauthorized actors to access sensitive information, including database credentials. This issue affects Apache DolphinScheduler versions 3.1.. Users are...

CVE-2025-62188

CVE-2025-62188 concerns an exposure of sensitive information via the management actuator endpoints in Apache DolphinScheduler. The affected line is 3.1.x, with guidance to upgrade to version 3.2.0 or later. A temporary workaround is to constrain exposed endpoints using the environment variable MA...

CVE-2019-11993

A security vulnerability has been identified in HPE SimpliVity 380 Gen 9, HPE SimpliVity 380 Gen 10, HPE SimpliVity 380 Gen 10 G, HPE SimpliVity 2600 Gen 10, SimpliVity OmniCube, SimpliVity OmniStack for Cisco, SimpliVity OmniStack for Lenovo and SimpliVity OmniStack for Dell nodes. Two now...

EUVD-2025-204006

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This...

PT-2025-45509

Name of the Vulnerable Software and Affected Versions CrushFTP version 11.3.7 50 Description A stored cross-site scripting XSS issue exists in the CrushFTP Admin Panel, specifically within the Reports / 'Who Created Folder' section. Authenticated attackers who have folder creation permissions can...

EUVD-2019-3650

Malware in sbrugna...

EUVD-2023-0873

Malicious code in bioql PyPI...

PT-2025-42624

Name of the Vulnerable Software and Affected Versions Squid versions prior to 7.2 Squid versions 3.x through 3.5.28 Squid versions 4.x through 4.17 Squid versions 5.x through 5.9 Squid versions 6.x through 6.14 Squid versions 7.x through 7.1 Description Squid, a caching proxy for the Web, contain...

PT-2025-37116

Name of the Vulnerable Software and Affected Versions: JEPaaS version 7.2.8 Description: A security issue has been identified in JEPaaS 7.2.8 affecting the doFilterInternal function within the Filter Handler component. This can lead to improper access controls and allows for remote execution of...

PT-2025-35852

Name of the Vulnerable Software and Affected Versions: fuyang lipengjun platform version 1.0.0 Description: A vulnerability exists in the AdController function of the /ad/queryAll file, leading to improper authorization. The issue is remotely exploitable and the exploit is publicly available...

PT-2025-34907 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FoxCMS version 1.2.6 Description: FoxCMS is susceptible to a reflected Cross Site Scripting XSS issue in the /index.php/plus endpoint. Recommendations: As a temporary workaround, consider restricting access to the /index.php/plus endpoint unt...

PT-2025-34854 · Unknown · Preparecdexportjson.Pl

Name of the Vulnerable Software and Affected Versions: PrepareCDExportJSON.pl affected versions not specified Description: The getPerfServiceIds function within the PrepareCDExportJSON.pl service is susceptible to SQL injection. This allows for potential manipulation of database queries through...

PT-2025-33709

Name of the Vulnerable Software and Affected Versions: Real Spaces - WordPress Properties Directory Theme versions prior to 3.7 Description: The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the imic agent register function. This...

PT-2025-30718 · Unknown · Deerwms Deer-Wms-2

Name of the Vulnerable Software and Affected Versions: deerwms deer-wms-2 versions up to 3.3 Description: A vulnerability exists in deerwms deer-wms-2 that allows for SQL injection. The issue is related to the manipulation of the paramsdataScope argument within the file...

PT-2025-29972 · Unknown · Code-Projects Online Ordering System

Name of the Vulnerable Software and Affected Versions: code-projects Online Ordering System version 1.0 Description: A critical issue exists in the processing of the /admin/edit product.php file. Manipulation of the image argument allows for unrestricted file upload. This issue may be initiated...

PT-2025-29471 · Code Projects · Wedding Reservation

Name of the Vulnerable Software and Affected Versions: code-projects Wedding Reservation version 1.0 Description: A critical issue exists in code-projects Wedding Reservation 1.0, affecting an unknown part of the file /global.php. The manipulation of the argument lu leads to SQL injection, allowi...

PT-2025-29418 · Unknown · Bigotry Onebase

Name of the Vulnerable Software and Affected Versions: Bigotry OneBase versions through 1.3.6 Description: A flaw exists in Bigotry OneBase that allows for cross site scripting. The issue is located in the parse args function within the /tpl/think exception.tpl file. Manipulation of the args...

PT-2025-29516 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.5 Description: WeGIA is an open source web manager. An Open Redirect issue exists in the web application due to an uncontrolled redirection. The control.php API endpoint allows specification of an arbitrary URL via...