CVE-2019-25723

CVE-2019-25723 describes an improper input handling vulnerability in Dräger Perseus A500 software 2.00–2.02 . An external attacker can cause a DoS by sending specially crafted, non-Medibus‑compliant data through the Medibus interface , flooding the internal processor and triggering a warm restart...

CVE-2022-37922

Vulnerabilities in the Aruba EdgeConnect Enterprise command line interface allow remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as root on the underlying operating system leading to complete...

CVE-2025-56231

Tonec Internet Download Manager (IDM) 6.42.41.1 and earlier is affected by a Missing SSL Certificate Validation vulnerability in the update mechanism, allowing a remote attacker to bypass update protections. Affected component is the update/SSL validation routine; root cause details are consisten...

PT-2025-31332 · Apple · Macos Sequoia 15.6 +2

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.6 macOS versions prior to Sonoma 14.7.7 Description: An application may be able to hijack entitlements granted to other privileged applications due to improved data protection. Recommendations: Update to mac...

PT-2025-27493 · Unknown · Tiny-Secp256K1

Name of the Vulnerable Software and Affected Versions: tiny-secp256k1 versions prior to 1.1.7 Description: A malicious JSON-stringifyable message can be made to bypass the Buffer.isBuffer check, resulting in strange objects being accepted as a message. This can trick the verify function into...

PT-2025-27193 · Unknown · Plationline Payments

Name of the Vulnerable Software and Affected Versions: PlatiOnline Payments versions through 6.3.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For versions through 6.3.2...

CVE-2021-23054

On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system...

CVE-2021-23037

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting XSS vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note:...

PT-2025-17754 · Unknown · Popup Anything

Name of the Vulnerable Software and Affected Versions: Anything Popup versions n/a through 7.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS, where an attacker can inject maliciou...

WordPress WP Chrono plugin <= 1.5.4 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by SOPROBRO in WordPress Plugin WP Chrono versions = 1.5.4...

PT-2023-6558 · Django +6 · Django +6

Name of the Vulnerable Software and Affected Versions: Django versions 3.2 before 3.2.22 Django versions 4.1 before 4.1.12 Django versions 4.2 before 4.2.6 Description: The issue is related to the django.utils.text.Truncator chars and words methods when used with html=True, which can be subject t...

PT-2023-5518 · Kostac · Kostac Plc Programming

Name of the Vulnerable Software and Affected Versions: Kostac PLC Programming Software versions 1.6.9.0 and earlier Kostac PLC Programming Software version 1.6.11.0 Description: The issue is related to a use after free vulnerability, which can be exploited by opening a specially crafted project...

PT-2022-27765 · Unknown +3 · Cap'N Proto'S Rust Implementation +4

Name of the Vulnerable Software and Affected Versions: Cap'n Proto versions prior to 0.7.1, 0.8.1, 0.9.2, and 0.10.3 Cap'n Proto's Rust implementation versions prior to 0.13.7, 0.14.11, and 0.15.2 Description: Cap'n Proto is a data interchange format and remote procedure call RPC system. The issu...

CVE-2022-44037

An access control issue in APsystems ENERGY COMMUNICATION UNIT ECU-C Power Control Software V4.1NA, V3.11.4, W2.1NA, V4.1SAA, C1.2.2 allows attackers to access sensitive data and execute specific commands and functions with full admin rights without authenticating allows him to perform multiple...

PT-2022-21204 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 11.6 WWBN AVideo dev master commit 3f7c0364 Description: An issue exists in the login functionality due to an improper password check. This allows an attacker with a user's password hash to directly log into the account,...

PT-2022-15586 · Apple +8 · Ipados +13

Name of the Vulnerable Software and Affected Versions: macOS Monterey versions prior to 12.3 Safari versions prior to 15.4 watchOS versions prior to 8.5 iOS versions prior to 15.4 iPadOS versions prior to 15.4 tvOS versions prior to 15.4 Description: A logic issue was addressed with improved stat...

CVE-2018-5156

A vulnerability can occur when capturing a media stream when the media source type is changed as the capture is occurring. This can result in stream data being cast to the wrong type causing a potentially exploitable crash. This vulnerability affects Thunderbird 60, Firefox ESR 60.1, Firefox ESR...

PT-2014-2081 · Gnu +1 · Cpio +1

Name of the Vulnerable Software and Affected Versions: cpio versions 2007.05.10 through 2010.07.28 Description: The issue allows remote attackers to overwrite arbitrary files via a symlink within an RPM package archive. Recommendations: For versions 2007.05.10 through 2010.07.28, consider...

flash-plugin: crash caused by SWF files with different SWF versions obtained from the same URL

Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64, and Adobe AIR before 2.0.2.12610, allows remote web servers to cause a denial of service NULL pointer dereference and browser crash by returning a different response when an HTTP request is sent a second time, as demonstrated by two...