CVE-2026-41075

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

HTTP Request Smuggling

Overview Affected versions of this package are vulnerable to HTTP Request Smuggling via the NewServer function in the HTTP server, specifically within the http.DefaultServeMux Fallback Handler. An attacker can access sensitive information by sending crafted HTTP requests that trigger the unintend...

PT-2025-32501 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders that allows for remote operating system command injection. The vulnerability is located in the...

PT-2025-11184 · Tenda · Tenda Rx3

Name of the Vulnerable Software and Affected Versions: Tenda RX3 US RX3V1.0br V16.03.13.11 multi TDE01 Description: The issue is related to a buffer overflow that can be triggered via the schedStartTime and schedEndTime parameters at the "/goform/saveParentControlInfo" API endpoint. This allows...

PT-2025-7804 · Benner · Benner Modernanet

Name of the Vulnerable Software and Affected Versions: Benner ModernaNet versions 1.1.0 and earlier Description: A critical issue has been found in Benner ModernaNet, affecting an unknown part of the file...

PT-2025-7566 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 V1.0 V15.03.06.23 Description: The issue is related to a buffer overflow in form fast setting wifi set via the ssid parameter. This can potentially be exploited, although specific details about the number of affected devices or...

PT-2025-7508 · Baiyi · Baiyi Cloud Asset Management System

Name of the Vulnerable Software and Affected Versions: Baiyi Cloud Asset Management System versions up to 20250204 Description: A critical issue has been found in the Baiyi Cloud Asset Management System, affecting some unknown processing of the file /wuser/admin.house.collect.php. The manipulatio...

PT-2025-4173 · Unknown · Libsthmbc.So

Name of the Vulnerable Software and Affected Versions: libsthmbc.so versions prior to SMR Jan-2025 Release 1 Description: The issue is related to an out-of-bounds read in the decoding of malformed bitstreams of video thumbnails in libsthmbc.so. This allows local attackers to read arbitrary memory...

PT-2025-4116 · Zenvia · Zenvia Movidesk

Name of the Vulnerable Software and Affected Versions: Zenvia Movidesk versions up to 25.01.22 Description: A vulnerability was found in Zenvia Movidesk, affecting an unknown functionality of the file /Account/Login. The manipulation of the ReturnUrl argument leads to open redirect. The attack ca...

PT-2025-5266 · Coolify · Coolify

Name of the Vulnerable Software and Affected Versions: Coolify versions prior to 4.0.0-beta.380 Description: Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. The issue arises when the tags page allows users to search for tags. If the search does...

PT-2025-3466 · Linksys · Linksys E8450

Name of the Vulnerable Software and Affected Versions: Linksys E8450 version 1.2.00.360516 Description: A command injection issue was discovered, which can be exploited via the userEmail variable. This allows for potential unauthorized access and control. Recommendations: For Linksys E8450 versio...

PT-2025-2803 · Unknown · Neat Board Nfc

Name of the Vulnerable Software and Affected Versions: Neat Board NFC version 1.20240620.0015 Description: A Buffer Overflow issue exists, allowing physically proximate attackers to escalate privileges via a crafted payload to the password field. This enables local privilege escalation...

PT-2025-3778 · Unknown · Code-Projects Online Shoe Store

Name of the Vulnerable Software and Affected Versions: code-projects Online Shoe Store version 1.0 Description: A critical vulnerability has been found in the code-projects Online Shoe Store. It affects an unknown function of the file /details2.php. The manipulation of the id argument leads to SQ...

PT-2025-2466 · Fs Code · Fs Poster

Name of the Vulnerable Software and Affected Versions: FS Poster versions n/a through 6.5.8 Description: A Cross-Site Request Forgery CSRF issue is present in FS-code FS Poster, allowing Cross Site Request Forgery attacks. Recommendations: For versions n/a through 6.5.8, as a temporary workaround...

PT-2024-10257 · Linksys · Linksys E8450

Name of the Vulnerable Software and Affected Versions: Linksys E8450 version 1.2.00.360516 Description: The issue is related to a buffer overflow vulnerability in the Linksys E8450 Wi-Fi router's firmware. This vulnerability is caused by the lack of size verification when copying input data,...

PT-2025-3464 · Linksys · Linksys E8450

Name of the Vulnerable Software and Affected Versions: Linksys E8450 version 1.2.00.360516 Description: A command injection issue was discovered via wizard status, allowing for potential exploitation. Recommendations: For Linksys E8450 version 1.2.00.360516, consider restricting access to the...

PT-2024-17765 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic issue has been found in Emlog Pro, affecting some unknown functionality of the file /admin/link.php. The manipulation of the siteurl/icon argument leads to cross site scripting. The...

PT-2024-36094

Name of the Vulnerable Software and Affected Versions: ARForms versions n/a through 6.4.1 Description: The issue is related to a Path Traversal vulnerability, specifically a '.../...//' vulnerability, which affects Repute InfoSystems ARForms. This allows for Path Traversal. Recommendations: For...

PT-2024-35784 · Unknown · Masterstack Imgcap

Name of the Vulnerable Software and Affected Versions: masterstack imgcap version 0.0.1 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the "/submit" endpoint. Recommendations: For masterstack imgcap version 0.0.1, as a temporary workaround, consider...

PT-2024-8878 · Unknown · Pandora Fms

Name of the Vulnerable Software and Affected Versions: Pandora FMS versions 700 through 777.4 Description: The issue is related to a command injection vulnerability in the LDAP authentication mechanism, allowing for the execution of arbitrary commands on the server. This can be exploited by a...