GHSA-R4W4-WV68-QV85 Spring Cloud AWS missing SNS message signature verification allows spoofing of HTTP/HTTPS endpoint notifications

Impact Applications using Spring Cloud AWS SNS HTTP/HTTPS endpoint support @NotificationMessageMapping, @NotificationSubscriptionMapping, @NotificationUnsubscribeConfirmationMapping did not verify the signature of incoming SNS messages. An unauthenticated attacker who knows the endpoint URL could...

SHARP routers missing authentication for some web APIs

Overview SHARP routers do not perform authentication for some web APIs. Those web APIs provide device information, and the initial administrative password is based on a part of the device information. Missing authentication for critical function CWE-306 - CVE-2026-32326 Shota Zaizen reported this...

PT-2025-26673 · Tarantool +1 · Tarantool +1

Name of the Vulnerable Software and Affected Versions: Tarantool versions up to 3.3.1 Description: A vulnerability has been found in the tm to datetime function in the library src/lib/core/datetime.c. The manipulation leads to a reachable assertion. Attacking locally is a requirement...

PT-2025-23982 · Unknown · Brilliance Golden Link Secondary System

Name of the Vulnerable Software and Affected Versions: Brilliance Golden Link Secondary System up to 20250424 Description: A critical issue has been found in the Brilliance Golden Link Secondary System. This issue affects some unknown processing of the file...

PT-2025-23883 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version 1.10CNB05 Description: A critical issue has been discovered, affecting the /goform/form2lansetup.cgi file. The manipulation of the ip argument leads to a stack-based buffer overflow. This issue can be initiated remotely...

CVE-2021-39192

Ghost is a Node.js content management system. An error in the implementation of the limits service between versions 4.0.0 and 4.9.4 allows all authenticated users including contributors to view admin-level API keys via the integrations API endpoint, leading to a privilege escalation vulnerability...

PT-2025-19933 · D Link · D-Link Dir-600

Name of the Vulnerable Software and Affected Versions: D-Link DIR-600L versions 2.07B01 and earlier Description: A critical issue has been identified that affects the formEasySetupWizard function. The manipulation of the host argument leads to a buffer overflow. This issue can be exploited...

CVE-2025-32783

XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Rights. The vulnerability is that any message sent i...

PT-2025-18305 · NetGear · Netgear Wag302V2

Name of the Vulnerable Software and Affected Versions: Netgear WG302v2 versions up to 5.2.9 Description: A critical issue was found, affecting the function ui get input value. The manipulation of the host argument leads to command injection. This issue can be exploited remotely. The vendor was...

PT-2025-16177 · Unknown · Youdiancms

Name of the Vulnerable Software and Affected Versions: YouDianCMS version 9.5.21 Description: A vulnerability was found in YouDianCMS, affecting unknown code of the file /App/Tpl/Member/Default/Order/index.html. The manipulation of the OrderNumber argument leads to cross-site scripting. The attac...

CVE-2025-31362

Use of hard-coded cryptographic key issue exists in BizRobo! all versions. Credentials inside robot files may be obtained if the encryption key is available. The vendor provides the workaround information and recommends to apply it to the deployment environment...

CVE-2025-31932

Deserialization of untrusted data issue exists in BizRobo! all versions. If this vulnerability is exploited, an arbitrary code is executed on the Management Console. The vendor provides the workaround information and recommends to apply it to the deployment environment...

PT-2025-15315 · Unknown · Lenve Vblog

Name of the Vulnerable Software and Affected Versions: Lenve VBlog versions up to 1.0.0 Description: A critical issue was found, affecting the configure function of the WebSecurityConfig.java file. This leads to improper access controls, allowing remote attacks. The issue has been publicly...

PT-2025-14442 · Cryptolib · Cryptolib

Name of the Vulnerable Software and Affected Versions: CryptoLib versions 1.3.3 and earlier Description: The issue concerns a heap buffer overflow vulnerability in the Crypto TC ApplySecurity function due to an incomplete validation check on the fl frame length field. This allows an attacker to...

PT-2025-12459

Name of the Vulnerable Software and Affected Versions: Corosync versions 3.1.9 and earlier Description: The issue is a stack-based buffer overflow in the orf token endian convert function in exec/totemsrp.c via a large UDP packet, which can be exploited if encryption is disabled or the attacker...

PT-2025-5248 · Sablab · Sablab Internal Link Builder

Name of the Vulnerable Software and Affected Versions: Alessandro Piconi - SabLab Internal Link Builder versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability, which allows Cross Site Request Forgery. This means an attacker can trick a user...

PT-2025-1553 · Ibm · Ibm Common Licensing

Name of the Vulnerable Software and Affected Versions: IBM Common Licensing version 9.0 Description: The issue is related to the storage of user credentials in plain clear text, which can be read by a local user. This allows an attacker to gain unauthorized access to protected information. The...

PT-2025-1261 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.13.07.13 Description: A critical issue has been found in the function formSetDevNetName of the file /goform/SetDevNetName, which affects the Tenda AC15 router. The manipulation of the argument mac leads to a stack-based...

PT-2025-25547 · Assimp +1 · Assimp +1

Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp versions up to 5.4.3 Description: A critical vulnerability has been found in the Open Asset Import Library Assimp. The issue affects the function Assimp::BVHLoader::ReadNodeChannels in the library...

PT-2024-17892 · Unknown · Code-Projects Chat System

Name of the Vulnerable Software and Affected Versions: code-projects Chat System version 1.0 Description: A critical issue has been found in the code-projects Chat System, affecting the /admin/update user.php file. The manipulation of the id argument leads to SQL injection. This issue can be...