PT-2025-53843

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions prior to 3.2.1 Description A cross site scripting issue exists in SohuTV CacheCloud. The issue is located in the init function within the file src/main/java/com/sohu/cache/web/controller/LoginController.java. This...

Security Bulletin: IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459.

Summary IBM Maximo Application Suite - Monitor Component uses keras-2.14.0-py3-none-any.whl which is vulnerable to CVE-2024-55459. This bulletin contains information addressing the vulnerability. Vulnerability Details CVEID:CVE-2024-55459 DESCRIPTION: An issue in keras 3.7.0 allows attackers to...

PT-2025-53828

Name of the Vulnerable Software and Affected Versions Jakub Glos Off Page SEO versions through 3.0.3 Description The software contains a flaw related to improper handling of user-supplied data during web page creation, leading to a potential Reflected Cross-Site Scripting XSS condition. This allo...

PT-2025-53794

Name of the Vulnerable Software and Affected Versions Crocoblock JetPopup versions through 2.0.20.1 Description An authorization bypass exists in Crocoblock JetPopup due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key. Recommendatio...

PT-2025-53772

Name of the Vulnerable Software and Affected Versions Plugin Optimizer versions through 1.3.7 Description A missing authorization issue exists in Plugin Optimizer, allowing exploitation due to incorrectly configured access control security levels. Recommendations Update Plugin Optimizer to a...

PT-2025-53814

Name of the Vulnerable Software and Affected Versions weDevs WP Project Manager versions through 3.0.1 Description A flaw exists in weDevs WP Project Manager that allows for the retrieval of embedded sensitive data. The issue involves the insertion of sensitive information into sent data...

PT-2025-53813

Name of the Vulnerable Software and Affected Versions CubeWP versions through 1.1.27 Description A missing authorization issue exists in CubeWP, allowing access to functionality that is not properly restricted by Access Control Lists ACLs. This could allow unauthorized access to certain features ...

PT-2025-53777

Name of the Vulnerable Software and Affected Versions PixelYourSite versions up to and including 11.1.5 Description The PixelYourSite plugin for WordPress is susceptible to sensitive information disclosure through publicly exposed log files. An unauthenticated attacker may be able to view...

SUSE: Security Advisory (SUSE-SU-2025:4523-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-53667

Name of the Vulnerable Software and Affected Versions h-moses moga-mall versions prior to 392d631a5ef15962a9bddeeb9f1269b9085473fa Description A vulnerability exists in h-moses moga-mall. The issue affects the addProduct function within the file...

PT-2025-53668

Name of the Vulnerable Software and Affected Versions omec-project UPF versions up to 2.1.3-dev Description A flaw exists in omec-project UPF that may allow for remote exploitation. The issue resides in the handleSessionEstablishmentRequest function within the /pfcpiface/pfcpiface/messages...

PT-2025-53292

Name of the Vulnerable Software and Affected Versions PickPlugins Post Grid and Gutenberg Blocks versions through 2.3.18 Description The Post Grid and Gutenberg Blocks software contains a flaw due to improper input neutralization during web page generation, leading to a potential cross-site...

PT-2025-52970

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.2.0-rc8 Description The Linux kernel contained a locking issue within the interconnect component, specifically related to runpm runtime power management versus reclaim. The issue arose when icc bw set could be...

PT-2025-53268

Name of the Vulnerable Software and Affected Versions Advanced Classifieds & Directory Pro versions through 3.2.9 Description A Cross-Site Request Forgery CSRF issue exists in Advanced Classifieds & Directory Pro. This allows an attacker to potentially perform actions on behalf of an authenticate...

PT-2025-53290

Name of the Vulnerable Software and Affected Versions Scott Paterson Accept Donations with PayPal versions prior to 1.5.1 Description The software contains a URL redirection issue that could allow for phishing attacks. The issue involves redirection to untrusted sites. Recommendations Update Scot...

PT-2025-53279

Name of the Vulnerable Software and Affected Versions Mitchell Bennis Simple File List versions through 6.1.15 Description A missing authorization issue exists in Mitchell Bennis Simple File List, allowing exploitation of incorrectly configured access control security levels. Recommendations Upda...

PT-2025-53080

Name of the Vulnerable Software and Affected Versions Brave versions through 0.8.3 Description A missing authorization issue exists in Brave's brave-popup-builder component. This allows exploitation due to incorrectly configured access control security levels. Recommendations Update to a version...

Security Bulletin: Security vulnerabilities in Java SE shipped with IBM CICS TX Advanced (CVE-2025-53066 and CVE-2025-53057)

Summary There are multiple vulnerabilities in the Java SE version shipped with IBM CICS TX Advanced CVE-2025-53066 and CVE-2025-53057. An update to IBM CICS TX Advanced has been released to address these vulnerabilities. Vulnerability Details CVEID:CVE-2025-53066 DESCRIPTION: An unspecified...

PT-2025-52672

Name of the Vulnerable Software and Affected Versions GT Edge AI Platform versions prior to 2.0.10 Description An access control issue exists in the /api/v1/conversations//files API of GT Edge AI Platform. This allows unauthorized access to files uploaded by other users. The vulnerable parameter ...

PT-2025-52671

Name of the Vulnerable Software and Affected Versions GT Edge AI Platform versions prior to 2.0.10-dev Description The /api/v1/agents API in GT Edge AI Platform has insecure permissions, potentially allowing unauthorized access to sensitive information. The API endpoint ''/api/v1/agents'' is...