CVE-2026-43441

In the Linux kernel, the following vulnerability has been resolved: net: bonding: Fix ndtbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the ndtbl is never initialized because inet6init exits before ndiscinit is called which initializes it. If bonding...

PT-2025-3088 · Monicahq · Monicahq

Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.1.2 Description: The issue is related to an authenticated Client-Side Injection vulnerability in MonicaHQ. This vulnerability can be exploited via the Reason parameter at the "/people/h:id/debts/create" API endpoint...

PT-2024-17575 · WordPress · Woocommerce Additional Fees On Checkout

Name of the Vulnerable Software and Affected Versions: WooCommerce Additional Fees On Checkout Free plugin for WordPress versions up to, and including, 1.4.7 Description: The issue is related to Reflected Cross-Site Scripting via the number parameter due to insufficient input sanitization and...

PT-2024-35797 · Unknown · Phpgurukul Covid19 Testing Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul COVID 19 Testing Management System version 1.0 Description: A Reflected Cross Site Scripting XSS issue was found in the /covid-tms/patient-search-report.php endpoint, which allows remote attackers to execute arbitrary code via the...

PT-2024-33041 · Funadmin · Funadmin

Name of the Vulnerable Software and Affected Versions: funadmin version 5.0.2 Description: The issue is related to SQL Injection via the parentField parameter in the index method of backendcontrollerauthAuth.php. There is no information provided about the estimated number of potentially affected...

PT-2024-32054 · Draytek · Draytek Vigor 3910

Name of the Vulnerable Software and Affected Versions: Draytek Vigor 3910 version 4.3.2.6 Description: A buffer overflow issue was discovered in the extRadSrv2 parameter at the "cgiapp.cgi" endpoint. This issue allows attackers to cause a Denial of Service DoS via a crafted input. Recommendations...

PT-2024-39032 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: JobPortal affected versions not specified Description: The issue is related to a SQL injection vulnerability. An attacker could send a specially designed query through the user id parameter in the "/jobportal/admin/user/controller.php" endpoi...

PT-2024-31264 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: The issue allows a remote attacker to obtain sensitive information. This is achieved via the id parameter in the "adv2.php" component. Recommendations: For ZZCMS versions 2023 and earlier, consider...

PT-2024-38070 · WordPress · Lh Add Media From Url

Name of the Vulnerable Software and Affected Versions: LH Add Media From Url plugin for WordPress versions up to, and including, 1.23 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows unauthenticated attacke...

PT-2024-20828

Name of the Vulnerable Software and Affected Versions Task Manager App version 1.0 Description A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Project Name parameter in the "/TaskManager/Projects.php" API endpoint...

PT-2024-20831 · Unknown · Task Manager App

Name of the Vulnerable Software and Affected Versions: Task Manager App version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the taskID parameter at the "/TaskManager/EditTask.php" API endpoint. Recommendations: For Task Manager A...

PT-2024-20066 · Gambio · Gambio

Name of the Vulnerable Software and Affected Versions: Gambio versions 4.9.2.0 and earlier Description: The issue allows attackers to run arbitrary SQL commands via a crafted GET request using the modifiersattribute parameter. This enables attackers to potentially extract or modify sensitive data...

PT-2023-30678 · Cybrosys Techno Solutions · Cybrosys Techno Solutions Website Blog Search

Name of the Vulnerable Software and Affected Versions: Cybrosys Techno Solutions Website Blog Search aka website search blog versions 13.0 through 13.0.1.0.1 Description: A SQL injection issue allows a remote attacker to execute arbitrary code and gain privileges via the name parameter in the...

PT-2023-8891 · Ray · Ray

Name of the Vulnerable Software and Affected Versions: Ray versions affected versions not specified Description: The issue exists due to the lack of neutralization of special elements used in operating system commands. This allows a remote attacker to execute arbitrary commands using specially...

PT-2023-27784 · Misp · Misp

Name of the Vulnerable Software and Affected Versions: MISP version 2.4.174 Description: An issue exists in the DashboardsController.php file, specifically a reflected XSS issue via the id parameter when editing a dashboard. Recommendations: For MISP version 2.4.174, consider disabling the id...

PT-2023-27061

Name of the Vulnerable Software and Affected Versions llama index versions 0.7.13 and earlier Description An issue in llama index allows a remote attacker to execute arbitrary code via the exec parameter in the PandasQueryEngine function. This enables the attacker to perform unauthorized actions ...

PT-2023-16983 · Sourcecodester · Sourcecodester Medicine Tracker System

Name of the Vulnerable Software and Affected Versions: SourceCodester Medicine Tracker System version 1.0 Description: A critical issue has been found in the processing of the file medicines/view details.php of the component GET Parameter Handler. The manipulation of the GET argument leads to sql...

PT-2023-3040 · Tenda · Tenda G103

Name of the Vulnerable Software and Affected Versions: Tenda G103 version 1.0.0.5 Description: A command injection issue allows an attacker to execute arbitrary code via the language parameter. This can compromise the integrity, availability, and confidentiality of protected information. The...

PT-2023-19450 · Dromara · Dromara Hutool

Name of the Vulnerable Software and Affected Versions: Dromara Hutool version 5.8.11 Description: A deserialization issue allows an attacker to execute arbitrary code via the XmlUtil.readObjectFromXml parameter. This enables the attacker to potentially gain control over the system. Recommendation...

PT-2023-14951 · Unknown · Online Student Enrollment System

Name of the Vulnerable Software and Affected Versions: Online Student Enrollment System version 1.0 Description: A cross-site scripting XSS issue in the /admin/register.php component allows attackers to execute arbitrary web scripts via a crafted payload injected into the name parameter...