CVE-2025-68454

Craft is a platform for creating digital experiences. Versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16 are vulnerable to potential authenticated Remote Code Execution via Twig SSTI. For this to work, users must have administrator access to the Craft Control Panel, and...

PT-2025-35925

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied input. The vulnerability is present in the /apprain/developer/addons/update/cycle endpoint,...

PT-2025-34813 · Mahara · Mahara

Name of the Vulnerable Software and Affected Versions: Mahara versions 23.04.8 and 24.04.4 Description: An issue allows an attacker to download files without proper authorization by using a malicious export download URL. Recommendations: Update to a newer version that contains a fix for this issu...

PT-2025-6986 · Unknown · Kv Compose Email From Dashboard

Name of the Vulnerable Software and Affected Versions: Kv Compose Email From Dashboard versions n/a through 1.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential...

PT-2025-4608 · Unknown · Fm Notification Bar

Name of the Vulnerable Software and Affected Versions: FM Notification Bar versions 1.0.2 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that an attacker can inject maliciou...

PT-2025-4989 · Unknown · Notfound Content Planner

Name of the Vulnerable Software and Affected Versions: NotFound Content Planner versions n/a through 1.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versions...

PT-2025-4658 · Data443 · Data443 Posts Footer Manager

Name of the Vulnerable Software and Affected Versions: Data443 Posts Footer Manager versions n/a through 2.1.0 Description: The issue is related to improper neutralization of input during web page generation, which allows stored cross-site scripting XSS. This means that an attacker can inject...

PT-2024-11975 · Unknown · Survey Maker

Name of the Vulnerable Software and Affected Versions: Survey Maker versions through 3.2.0 Description: The issue is related to missing authorization in Survey Maker, allowing exploitation of incorrectly configured access control security levels. Recommendations: For versions through 3.2.0, updat...

PT-2024-35863 · Unknown · Cultbooking Hotel Booking Engine

Name of the Vulnerable Software and Affected Versions: CultBooking Hotel Booking Engine versions n/a through 2.1 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the CultBooking Hotel Booking Engine. This means an attacker can perform unauthorize...

PT-2024-27260 · Qnap · Quts Hero +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.1.2930 build 20241025 QNAP QuTS hero versions prior to h5.2.1.2929 build 20241025 Description: A NULL pointer dereference issue has been reported, which could allow remote attackers with administrator access to...

PT-2024-27834 · Unknown · Solwin User Activity Log Pro

Name of the Vulnerable Software and Affected Versions: solwin User Activity Log Pro versions through 2.3.4 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions throu...

PT-2024-33649 · Unknown · Robo Gallery

Name of the Vulnerable Software and Affected Versions: Robo Gallery versions 3.2.21 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versio...

PT-2024-24843 · Qnap · Qnap Qts +1

Name of the Vulnerable Software and Affected Versions: QNAP QTS versions prior to 5.2.0.2782 build 20240601 QNAP QuTS hero versions prior to h5.2.0.2782 build 20240601 Description: An improper restriction of excessive authentication attempts issue has been reported to affect several QNAP operatin...

PT-2024-27596 · WordPress · Wp Directory Kit

Name of the Vulnerable Software and Affected Versions: WP Directory Kit versions 1.3.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Reflected XSS. Recommendations: For WP...

PT-2024-28118 · Unknown · Arkhe Blocks

Name of the Vulnerable Software and Affected Versions: Arkhe Blocks versions 2.22.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks. Recommendations: For versio...

PT-2024-37734 · /N · Ipworks Ssh

Name of the Vulnerable Software and Affected Versions: /n software IPWorks SSH versions prior to 22.0.8945 /n software IPWorks SSH versions prior to 24.0.8945 Description: The /n software IPWorks SSH library SFTPServer component can be induced to make unintended filesystem or network path request...

PT-2024-37349

Name of the Vulnerable Software and Affected Versions: Devolutions Remote Desktop Manager versions 2024.1.32.0 and earlier Description: The issue concerns the improper removal of sensitive information in the data source export feature, allowing an attacker who obtains the exported settings to...

PT-2024-25343 · Vitepos · Vitepos

Name of the Vulnerable Software and Affected Versions: Vitepos versions 3.0.1 and earlier Description: A Missing Authorization issue affects the software, allowing potential unauthorized access. The estimated number of potentially affected devices worldwide is not specified. There is no informati...

PT-2024-23381 · Unknown · Pluginops Landing Page Builder

Name of the Vulnerable Software and Affected Versions: PluginOps Landing Page Builder versions 1.5.1.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...

PT-2024-5241 · Node.Js +1 · Node.Js +1

Name of the Vulnerable Software and Affected Versions: Node.js versions 18.x, 20.x, and 21.x Description: The issue is related to the improper handling of batch files in child process.spawn and child process.spawnSync on Windows platforms. This allows a malicious command line argument to inject...