PT-2026-42415

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.2.5 through 4.4.2 Description A race condition exists in the privilege toggle mechanism due to a non-reentrant privilege toggle. This allows a local attacker to obtain limited information, modify limited data, or cause a...

PT-2026-42419

Name of the Vulnerable Software and Affected Versions Netatalk versions 2.1.0 through 4.4.2 Description An LDAP injection allows a remote authenticated attacker to manipulate LDAP queries. By providing crafted filter input, an attacker can obtain limited information or modify LDAP entries. LDAP...

PT-2025-2392 · Etic Telecom · Etic Telecom Remote Access Server

Name of the Vulnerable Software and Affected Versions: ETIC Telecom Remote Access Server RAS versions prior to 4.5.0 Description: The issue concerns reflected cross-site scripting XSS attacks. Specifically, the ETIC RAS web server is vulnerable to XSS attacks in the method parameter. This occurs...

Information Exposure

Overview moodle/moodle is a learning platform. Affected versions of this package are vulnerable to Information Exposure via the sendinstantmessages function. An attacker can gain access to user names they should not have access to by exploiting this error message handling. Remediation Upgrade...

Code Injection

Overview snyk-gradle-plugin is a plugin for the Snyk CLI tool, providing dependency metadata for Gradle projects. Affected versions of this package are vulnerable to Code Injection when scanning an untrusted Gradle project. The vulnerability can be triggered if Snyk test is run inside the untrust...

PT-2024-14008 · Gl.Inet · Gl.Inet

Name of the Vulnerable Software and Affected Versions: GL.iNet devices versions prior to 4.5.0 Description: An issue was discovered where GL.iNet devices assign the same session ID after each user reboot, allowing attackers to share session identifiers between different sessions and bypass...

PT-2023-30460 · Gl.Inet · Gl-Inet Ax1800

Name of the Vulnerable Software and Affected Versions: GL.iNet AX1800 versions 4.0.0 through 4.4.x Description: The issue allows a remote attacker to execute arbitrary code via a crafted script to the gl nas sys authentication function. This enables the attacker to potentially gain unauthorized...

PT-2022-5790 · Pgjdbc +8 · Pgjdbc +8

Name of the Vulnerable Software and Affected Versions: pgjdbc versions prior to 4.5.0 Description: The issue is related to the implementation of the PreparedStatement.setText or PreparedStatement.setBytea methods in the PgJDBC driver, which can lead to the creation of temporary files that are...

PT-2020-16565 · Emby · Emby Server

Name of the Vulnerable Software and Affected Versions: Emby Server versions prior to 4.5.0 Description: The issue allows for Server-Side Request Forgery SSRF via the ImageURL parameter in the Items/RemoteSearch/Image endpoint. This means an attacker could potentially force the server to make...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation wolfSSL before 4.5.0 mishandles TLS 1.3 server data in the WAITCERTCR state, within SanityCheckTls13MsgReceived in tls13.c. This is an incorrect implementation of the TLS 1.3 client state machine. This...