PT-2026-36930

Name of the Vulnerable Software and Affected Versions Open5GS versions prior to 2.7.8 Description A remote denial of service can be triggered via the udm nudm uecm handle amf registration update function within the /src/udm/nudm-handler.c file of the amf-3gpp-access endpoint. Recommendations As a...

CVE-2026-28352 Indico missing access check in event series management API

Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. In versions prior to 3.3.11, the API endpoint used to manage event series is missing an access check, allowing unauthenticated/unauthorized access to this endpoint. The impact of this ...

PT-2025-53787

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions up to 3.2.0 Description A flaw exists in SohuTV CacheCloud that allows for cross site scripting. This issue is related to the taskQueueList function within the file...

PT-2025-53781

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions up to 3.2.0 Description A cross site scripting issue exists in SohuTV CacheCloud. The issue is related to the redirectNoPower function within the file...

PT-2025-47145

Name of the Vulnerable Software and Affected Versions CodeAstro Simple Inventory System version 1.0 Description A flaw exists in CodeAstro Simple Inventory System 1.0 that allows for potential SQL injection. This issue is located within the Login component, specifically in the /index.php file...

PT-2025-34942 · Dahua · Dahua Eims

Name of the Vulnerable Software and Affected Versions: Dahua EIMS versions prior to 2240008 Description: A command injection flaw in Dahua EIMS allows unauthenticated remote attackers to execute arbitrary system commands. This is due to improper input validation in the captureCommand parameter of...

PT-2025-27959

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A null pointer dereference issue has been identified in the Linux kernel when acquiring the remote IP of an Ethernet bearer. The issue can be reproduced by creating a tun interface...

PT-2025-14511 · Jenkins +1 · Jenkins +1

Name of the Vulnerable Software and Affected Versions: Jenkins versions 2.503 and earlier Jenkins LTS versions 2.492.2 and earlier Description: A missing permission check in Jenkins allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gainin...

PT-2025-9233 · Unknown · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5.6.3.154.205 Description: A critical issue affects some unknown functionality of the file /CDGServer3/workflowE/useractivate/updateorg.jsp. The manipulation of the flowId argument leads to SQL injection. The attack may b...

PT-2025-6049

Name of the Vulnerable Software and Affected Versions GNU Binutils version 2.43 Description A memory leak vulnerability has been found in the ld component of GNU Binutils, specifically affecting the xstrdup function in the libiberty/xmalloc.c file. This issue can be exploited remotely, with a...

PT-2025-6109 · Unknown · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5.6.3.154.205 20250114 Description: A critical issue has been found, affecting an unknown function of the file addPolicyToSafetyGroup.jsp. The manipulation of the safetyGroupId argument leads to SQL injection. It is...

PT-2025-4958 · Unknown · Blu Logistics

Name of the Vulnerable Software and Affected Versions: blu Logistics versions n/a through 1.0.0 Description: The issue is related to improper neutralization of input during web page generation, also known as Cross-site Scripting. This allows for Reflected XSS. Recommendations: For versions n/a...

PT-2025-5542 · Unknown · Yannick Lefebvre Bug Library

Name of the Vulnerable Software and Affected Versions: Yannick Lefebvre Bug Library versions n/a through 2.1.4 Description: The issue is related to an SQL Injection vulnerability, specifically Improper Neutralization of Special Elements used in an SQL Command, which allows Blind SQL Injection...

PT-2025-5131 · Unknown · Notfound Links/Problem Reporter

Name of the Vulnerable Software and Affected Versions: NotFound Links/Problem Reporter versions prior to 2.6.0 Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Reflected XSS. This enables attackers...

PT-2025-5041 · Unknown · Kiro G. Formatted Post

Name of the Vulnerable Software and Affected Versions: Kiro G. Formatted post versions n/a through 1.01 Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected Cross-site Scripting XSS. This means that an attacker can inject...

PT-2025-3394 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.0 Description: The issue is related to Cross Site Scripting XSS via the dados addInfo parameter of the "documentos funcionario.php" endpoint. This allows for potential malicious script injection. Recommendations: F...

PT-2025-3558 · Msfm +1 · Msfm +1

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: A fastjson deserialization issue was found in the component system/table/add. This issue affects MSFM and can be exploited via the system/table/add component. Recommendations: For versions prior ...

PT-2025-3417 · Linksys · Linksys E7350

Name of the Vulnerable Software and Affected Versions: Linksys E7350 version 1.1.00.032 Description: A command injection issue was discovered via the iface parameter in the vif enable function. This allows for potential exploitation. Recommendations: For Linksys E7350 version 1.1.00.032, as a...

PT-2025-2876 · Indico · Indico

Name of the Vulnerable Software and Affected Versions: Indico versions 3.2.9 through 3.3.5 Description: A Broken Object Level Authorization BOLA issue allows attackers to read or access sensitive information by sending a crafted POST request to the "/api/principals" component. The supplier disput...

PT-2025-3842 · Code Projects · Code-Projects Admission Management System

Name of the Vulnerable Software and Affected Versions: code-projects Admission Management System version 1.0 Description: A critical issue has been found in the Login component of the system, specifically in the file index.php. The manipulation of the u id argument leads to SQL injection. This...