PT-2025-5990 · Tally · Tally Prime Edit Log

Name of the Vulnerable Software and Affected Versions: Tally Prime Edit Log version 2.1 Description: A DLL hijacking issue was discovered in the TextShaping.dll component, allowing attackers to execute arbitrary code through a manipulated DLL. This issue enables the execution of arbitrary code vi...

PT-2025-6007 · Beijing Guoju Information Technology Co. · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: Beijing Guoju Information Technology Co., Ltd JeecgBoot version 3.7.2 Description: A SQL injection issue allows a remote attacker to obtain sensitive information via the getTotalData component. There is no information provided about the...

PT-2025-4724 · Bplugins Llc · Button Block

Name of the Vulnerable Software and Affected Versions: bPlugins LLC Button Block versions 1.1.6 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows stored XSS. Recommendations: For bPlugin...

PT-2024-34716 · Unknown · Ml Responsive Audio Player With Playlist Shortcode

Name of the Vulnerable Software and Affected Versions: ML Responsive Audio player with playlist Shortcode versions 0.2 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS...

PT-2024-32997 · Pluxml · Pluxml

Name of the Vulnerable Software and Affected Versions: PluXml versions 5.8.16 and lower Description: A remote code execution issue in the /PluXml/core/admin/parametres edittpl.php component allows attackers to execute arbitrary code by injecting a crafted payload into a template. Recommendations:...

PT-2024-29363

Name of the Vulnerable Software and Affected Versions OpenFlights commit 5234b5b Description The issue is a Cross-Site Scripting XSS vulnerability found in the php/trip.php file. This allows for malicious scripts to be injected into the website, potentially leading to unauthorized access or...

PT-2024-21873 · Samsung · Exynos

Name of the Vulnerable Software and Affected Versions: Samsung Mobile Processor Exynos versions 1380 through 1480 Description: A vulnerability was discovered in the slsi handle nan rx event log ind function related to no input validation check on tag len for tx coming from userspace, which can le...

PT-2024-23630 · Silversky · Silversky E-Mail Service

Name of the Vulnerable Software and Affected Versions: SilverSky E-mail service version 5.0.3126 Description: A cross-site scripting XSS issue allows remote attackers to inject arbitrary web script or HTML via the version parameter. This could potentially lead to unauthorized actions on the...

PT-2024-25157 · Asustek Computer · Aisuite3

Name of the Vulnerable Software and Affected Versions: AISuite3 version 3.03.36 Description: An issue in the component AslO3 64.sys allows attackers to escalate privileges and execute arbitrary code via sending crafted IOCTL requests. Recommendations: For version 3.03.36, consider disabling the...

PT-2024-5068 · Roku · Roku Indoor Camera Se

Name of the Vulnerable Software and Affected Versions: Kalay SDK versions affected versions not specified Owlet Cam version affected versions not specified Owlet Cam v1 Owlet Cam v2 Wyze Cam v3 Roku Indoor Camera SE Description: The issue is related to insufficient authentication of received data...

PT-2024-25175 · Unknown · Jerryscript

Name of the Vulnerable Software and Affected Versions: Jerryscript version cefd391 Description: A segmentation violation was discovered in Jerryscript via the parser parse class component at jerry-core/parser/js/js-parser-expr.c. Recommendations: For Jerryscript version cefd391, consider...

PT-2024-13949 · Unknown · Xiweicheng Tms

Name of the Vulnerable Software and Affected Versions: xiweicheng TMS version 2.28.0 Description: A Cross Site Scripting XSS issue allows a remote attacker to execute arbitrary code via a crafted script to the click here function. This enables the attacker to perform unauthorized actions on the...

PT-2023-8322 · Tenda · Tenda W9

Name of the Vulnerable Software and Affected Versions: Tenda W9 version 1.0.0.74456 CN Description: A command injection issue exists due to the lack of neutralization of special elements in the formexeCommand function. This could allow a remote attacker to execute arbitrary code. Recommendations:...

PT-2023-30023 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK X6000R version 9.4.0cu.652 B20230116 Description: A remote command execution issue was discovered, allowing for potential exploitation via the sub 422BD4 function. Recommendations: For TOTOLINK X6000R version 9.4.0cu.652 B20230116,...

PT-2023-29968 · Unknown · Ndk Steppingpack

Name of the Vulnerable Software and Affected Versions: ndk steppingpack versions 1.5.6 and before Description: The issue allows a guest to perform SQL injection. The method NdkSpack::getPacks has sensitive SQL calls that can be executed with a trivial HTTP call and exploited to forge a SQL...

PT-2023-23218

Name of the Vulnerable Software and Affected Versions SoftEther VPN version 5.01.9674 Description An information disclosure issue exists in the ClientConnect functionality. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a...

PT-2023-20508 · Unknown · Keep-Module-Latest

Name of the Vulnerable Software and Affected Versions: keep-module-latest versions all Description: The issue arises due to missing input sanitization or other checks and sandboxes being employed to the installModule function, leading to Command Injection. To potentially exploit this, an attacker...

PT-2022-27148 · Totolink · Totolink Nr1800X

Name of the Vulnerable Software and Affected Versions: TOTOLINK NR1800X version 9.1.0u.6279 B20210910 Description: The issue is related to a command injection via the FileName parameter in the UploadFirmwareFile function. This allows for potential exploitation. No information is provided about th...

PT-2022-25395 · Unknown · Phpgurukul Blood Bank & Donor Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Blood Donor Management System version 1.0 Description: The issue allows Cross Site Scripting via the Add Blood Group Name Feature. Recommendations: For Phpgurukul Blood Donor Management System version 1.0, consider disabling the Ad...

PT-2022-22620 · Sourcecodester · Sanitization Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Sanitization Management System version 1.0 Description: A problematic vulnerability has been found in the User Creation Handler component. The manipulation of the First Name/Middle Name/Last Name argument leads to cross-site...