PT-2026-11: Process termination caused by a VnetIP message in Yokogawa Centum VP

The vulnerability was identified in Centum VP, versions R1.07.00 or earlier. The discovered vulnerability allows an attacker to to cause the ywnvpcore process to terminate by sending a crafted VnetIP message. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 13.02.2026...

EUVD-2025-18345

Malicious code in bioql PyPI...

PT-2025-93: Local Privilege Escalation in RemotePC

The vulnerability was identified in RemotePC, version 7.7.38. The discovered vulnerability allows an attacker to escalate privileges from a normal user to root. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 30.07.2025 Recommendations: Update to version 7.7.38 or...

CVE-2025-6091

A vulnerability was found in H3C GR-3000AX V100R007L50. It has been classified as critical. Affected is the function UpdateWanParamsMulti/UpdateIpv6Params of the file /routing/goform/aspForm. The manipulation of the argument param leads to buffer overflow. It is possible to launch the attack...

CVE-2025-6091

CVE-2025-6091 affects H3C GR-3000AX v100R007L50. The vulnerability exists in the functions UpdateWanParamsMulti/UpdateIpv6Params in /routing/goform/aspForm, where improper handling of the parameter param causes a buffer overflow. It can be exploited remotely and exploitation details have been pub...

PT-2025-15: Kiosk restriction bypass in RED OS

The vulnerability was identified in RedOS, versions 7.3.5-20241106.3. The discovered vulnerability in the RedOS kiosk utility due to incorrect restrictions. Exploitation of the vulnerability may allow an attacker to execute arbitrary commands on the system outside the imposed restrictions...

Linux Distros Unpatched Vulnerability : CVE-2023-42467

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - QEMU through 8.0.0 could trigger a division by zero in scsidiskreset in hw/scsi/scsi-disk.c because scsidiskemulatemodeselect does not prevent s-qdev.blocksize...

PT-2024-67: XSS Bypass sanitizer using the javascript protocol and special characters in PhpSpreadsheet

The vulnerability was identified in PhpSpreadsheet , versions = 3.0.0, = 2.0.0, = 2.2.0, = 3.0.0, = 2.0.0, = 2.2.0, = 2.3.4 to 2.3.5 or higher Additional information: Security advisory Researcher: Aleksey Solovev Positive Technologies...

PT-2024-53: Reading arbitrary files via API in PT Application Inspector (PT AI)

The vulnerability was identified in PT Application Inspector PT AI, versions 4.4.0 - 4.9.0 inlusevely. The discovered vulnerability allows an attacker with network access to PT AI to read source code files of other users' projects. The vulnerability can be used for privilege escalation...

PT-2024-55: Cross-site Scripting (XSS) in SimpleXLSX

The vulnerability was identified in SimpleXLSX, versions 1.0.12-1.1.11. The discovered vulnerability allows an attacker to inject an arbitrary JavaScript code. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 11.12.2024 Recommendations: Update to version 1.1.12 or high...

vTiger CRM 7.4.0 Cross Site Scripting

CVE-ID:CVE-2024-44778 ------------------------------------------ Suggested description:A reflected cross-site scripting XSS vulnerability in the parent parameter in the index page of vTiger CRM 7.4.0 allows attackers to execute arbitrary code in the context of a user's browser via injecting a...

PT-2024-95: Cross-Site Request Forgery (CSRF) and Reflected Cross-Site Scripting (XSS) in Netcat CMS (module netshop)

The vulnerability was identified in Netcat CMS module netshop, version 6.4 Extra. The vulnerability is related to cross-site request forgery. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked...

PT-2024-83: Reflected Cross-Site Scripting (XSS) in Netcat CMS (netshop module)

The vulnerability was identified in Netcat netshop module, version 6.4 Extra. The discovered vulnerability allows an authorized attacker with the administrator role to execute arbitrary JavaScript code in the browser of the attacked user. Vulnerability status: Confirmed by vendor Date of...

CVE-2024-7832

The CVE-2024-7832 issue concerns D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05, and DNS-1550-04. The vulnerability is in the function cgi_get_fullscr...

CVE-2024-7828 D-Link DNS-1550-04 photocenter_mgr.cgi cgi_set_cover buffer overflow

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical was found in D-Link DNS-120, DNR-202L, DNS-315L, DNS-320, DNS-320L, DNS-320LW, DNS-321, DNR-322L, DNS-323, DNS-325, DNS-326, DNS-327L, DNR-326, DNS-340L, DNS-343, DNS-345, DNS-726-4, DNS-1100-4, DNS-1200-05 and DNS-1550-04 up to...

CVE-2024-7300

Bolt CMS 3.7.1 is affected by a Cross‑Site Scripting (XSS) vulnerability in the Showcase Creation Handler. The issue resides in an unknown function of the file /bolt/editcontent/showcases, where manipulation of the title/textarea argument enables remote execution of scripts. The vulnerability can...

CVE-2024-4963 D-Link DAR-7000-40 url.php unrestricted upload

UNSUPPORTED WHEN ASSIGNED A vulnerability, which was classified as critical, was found in D-Link DAR-7000-40 V31R02B1413C. This affects an unknown part of the file /url/url.php. The manipulation of the argument fileupload leads to unrestricted upload. It is possible to initiate the attack remotel...

CVE-2024-0937

A vulnerability, which was classified as critical, has been found in vanderSchaar LAB synthcity 0.2.9. Affected by this issue is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack may be launched remotely. The exploit has been...

CVE-2024-0936

A vulnerability classified as critical was found in vanderSchaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the...

PYSEC-2024-21

A vulnerability classified as critical was found in vanderSchaar LAB TemporAI 0.0.3. Affected by this vulnerability is the function loadfromfile of the component PKL File Handler. The manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed to the...