CVE-2026-40309

CVE-2026-40309 : Masa CMS (fork of Mura CMS) contains a CSRF flaw in the trash management path. In versions up to 7.5.2, cTrash.empty does not validate anti-CSRF tokens, allowing an authenticated administrator to be tricked into submitting a forged request that permanently deletes all trashed con...

Directory Traversal

Overview openmage/magento-lts is a This repository is the home of an unofficial community-driven project. Affected versions of this package are vulnerable to Directory Traversal through the files request parameter in the dataflow import parsers. An attacker with administrative privileges can read...

PT-2025-52583

Name of the Vulnerable Software and Affected Versions Campcodes Complete Online Beauty Parlor Management System version 1.0 Description A cross site scripting issue exists in Campcodes Complete Online Beauty Parlor Management System version 1.0. Manipulation of the fromdate argument in the file...

Linux Distros Unpatched Vulnerability : CVE-2021-32477

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The last time a user accessed the mobile app is displayed on their profile page, but should be restricted to users with the relevant capability site...

PT-2025-28272 · Unknown · Campcodes Advanced Online Voting System

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue has been discovered, allowing for unrestricted file upload by manipulating the photo argument in an unknown function of the /admin/candidates add.php file. This...

PT-2025-26515 · Unknown · Phpgurukul Art Gallery Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Art Gallery Management System version 1.1 Description: A critical issue affects some unknown functionality of the file /admin/changeimage.php. The manipulation of the editid argument leads to SQL injection. The attack can be launch...

PT-2025-23887 · Unknown · Code-Projects/Anirbandutta9 Content Management System/News-Buzz

Name of the Vulnerable Software and Affected Versions: code-projects/anirbandutta9 Content Management System and News-Buzz version 1.0 Description: A critical issue was found in the code-projects/anirbandutta9 Content Management System and News-Buzz. The problem affects an unknown functionality o...

PT-2025-23398 · Unknown · Phpgurukul Online Birth Certificate System

Name of the Vulnerable Software and Affected Versions: PHPGurukul HPGurukul Online Birth Certificate System version 2.0 Description: A critical issue was found in the system, affecting an unknown function of the file /admin/registered-users.php. The manipulation of the del argument leads to SQL...

PT-2025-21550

Name of the Vulnerable Software and Affected Versions: EKC Tournament Manager versions prior to 2.2.2 Description: The issue allows a logged-in admin to download system files outside of the WordPress directory. This is a significant concern as it could potentially expose sensitive system...

PT-2025-18286 · Unknown · Phpgurukul Directory Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Directory Management System version 2.0 Description: A SQL Injection issue was identified in the admin/edit-directory.php file. Attackers can exploit this issue via the email parameter in a POST request to execute arbitrary SQL...

PT-2025-15115 · Unknown · Codeprojects Online Restaurant Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Online Restaurant Management System version 1.0 Description: A critical issue was found in the codeprojects Online Restaurant Management System. The vulnerability affects an unknown functionality of the file /admin/combo.php. The...

PT-2025-15087 · Unknown · Code-Projects Blood Bank Management System

Name of the Vulnerable Software and Affected Versions: code-projects Blood Bank Management System version 1.0 Description: A critical issue was found in the code-projects Blood Bank Management System. The problem affects some unknown functionality of the file /admin/campsdetails.php. The...

PT-2025-14082 · WordPress · Lana Downloads Manager

Name of the Vulnerable Software and Affected Versions: Lana Downloads Manager WordPress plugin versions prior to 1.10.0 Description: The issue concerns the Lana Downloads Manager WordPress plugin, which does not validate user input used in a path. This could allow users with an admin role to...

PT-2025-12696 · Unknown · Phpgurukul Old Age Home Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Old Age Home Management System version 1.0 Description: A critical vulnerability was found in PHPGurukul Old Age Home Management System. The issue affects an unknown function of the file /admin/aboutus.php. The manipulation of the...

PT-2024-20720 · Ibm · Ibm Jazz Reporting Service

Name of the Vulnerable Software and Affected Versions: IBM Jazz Reporting Service version 7.0.3 Description: The issue concerns the storage of user credentials in plain clear text, which can be accessed by an admin user. Recommendations: For IBM Jazz Reporting Service version 7.0.3, consider...

PT-2024-26571 · Formwork · Formwork

Name of the Vulnerable Software and Affected Versions: Formwork versions prior to 1.13.0 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content field. Users with access to the administration panel wit...

PT-2024-26167 · WordPress · Side Menu Lite

Name of the Vulnerable Software and Affected Versions: The Side Menu Lite WordPress plugin versions prior to 4.2.1 Description: The issue is related to the lack of CSRF checks in some bulk actions, which could allow attackers to make logged-in admins perform unwanted actions, such as deleting...

PT-2023-29699 · Wagtail · Wagtail

Name of the Vulnerable Software and Affected Versions: Wagtail versions prior to 4.1.8 Wagtail versions prior to 5.0.5 Wagtail versions prior to 5.1.3 Description: A user with a limited-permission editor account for the Wagtail admin can make a direct URL request to the admin view that handles bu...

PT-2023-26464 · Qualityunit · Post Affiliate Pro

Name of the Vulnerable Software and Affected Versions: QualityUnit Post Affiliate Pro plugin versions = 1.25.0 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into the...

PT-2023-24711 · Yandex · Alexander Semikashev Yandex Metrica Counter

Name of the Vulnerable Software and Affected Versions: Alexander Semikashev Yandex Metrica Counter plugin versions = 1.4.3 Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that affects the Alexander Semikashev Yandex Metrica Counter plugin. This vulnerability...