CVE-2026-33725

Metabase is an open source business intelligence and embedded analytics tool. In Metabase Enterprise prior to versions 1.54.22, 1.55.22, 1.56.22, 1.57.16, 1.58.10, and 1.59.4, authenticated admins on Metabase Enterprise Edition can achieve Remote Code Execution RCE and Arbitrary File Read via the...

PT-2025-51691

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to a race condition within the dwc3 remove requests function. This occurs due to unsynchronized execution of multiple call paths, potentially...

CVE-2019-6144

This vulnerability allows a normal non-admin user to disable the Forcepoint One Endpoint versions 19.04 through 19.08 and bypass DLP and Web protection...

PT-2025-12690 · H3C · H3C Magic Nx400 +1

Name of the Vulnerable Software and Affected Versions: H3C Magic NX30 Pro and Magic NX400 up to V100R014 Description: A critical vulnerability has been found in the unknown code of the file /api/wizard/getNetworkConf, which leads to command injection. The attack can be initiated remotely. The...

SUSE CVE-2022-49686

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The...

DEBIAN-CVE-2022-49686

In the Linux kernel, the following vulnerability has been resolved: usb: gadget: uvc: fix list double add in uvcgvideopump A panic can occur if the endpoint becomes disabled and the uvcgvideopump adds the request back to the reqfree list after it has already been queued to the endpoint. The...

PT-2025-6056 · Unknown · Pihome-Shc Pihome

Name of the Vulnerable Software and Affected Versions: pihome-shc PiHome version 2.0 Description: A critical issue has been found in pihome-shc PiHome, affecting an unknown part of the file "/ajax.php?Ajax=GetModal Sensor Graph". The manipulation leads to SQL injection, and it is possible to...

CVE-2024-57915

CVE-2024-57915 is rejected by the CVENA and is not an active vulnerability entry.

CVE-2024-57915

Removed by vendor...

PT-2024-16151 · Telestream · Telestream Sentry

Name of the Vulnerable Software and Affected Versions: Telestream Sentry version 6.0.9 Description: A vulnerability has been found in the Reports Page component of the affected software, specifically in the file "/?page=reports". The manipulation of the z argument leads to cross-site scripting. T...

PT-2024-7239 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 BETA Description: A critical issue is related to the function formWlanSetup of the file /goform/formWlanSetup, which is vulnerable to buffer overflow due to the lack of input size validation. This can be...

PT-2024-30079 · Frog Cms · Frog Cms

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was discovered in FrogCMS. The vulnerability can be exploited via the "/admin/?/page/edit/10" API endpoint. Recommendations: For FrogCMS version 0.9.5, consider...

PT-2024-25599 · Paypal · Paypal

Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: A SQL injection issue affects the payment system, allowing an attacker to send a specially crafted query to the server. This could enable the retrieval of all stored...

PT-2024-30528 · Unknown · Adive Framework

Name of the Vulnerable Software and Affected Versions: Adive Framework version 2.0.8 Description: The issue is related to insufficient encoding of user-controlled inputs, resulting in a persistent Cross-Site Scripting XSS vulnerability. This vulnerability can be exploited via the...

PT-2024-27844 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability that occurs through the /admin/AdvancedSystem endpoint, specifically in the description field, and affects all parameters. This could allow ...

PT-2024-27835 · Unknown · Wbsairback

Name of the Vulnerable Software and Affected Versions: WBSAirback version 21.02.04 Description: The issue is a stored Cross-Site Scripting XSS vulnerability. It occurs through the "/admin/CloudAccounts" API endpoint, specifically in the account name, user password, and server fields, affecting al...

PT-2024-5169 · Pgadmin +2 · Pgadmin +2

Name of the Vulnerable Software and Affected Versions: pgAdmin versions = 8.5 Description: The issue is related to a cross-site scripting XSS vulnerability in the /settings/store API response JSON payload. This vulnerability allows attackers to execute malicious scripts at the client end,...

PT-2024-2264 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda AC18 version 15.03.05.05 Description: A critical issue was found in the function formSetSpeedWan of the file /goform/SetSpeedWan. The manipulation of the argument speed dir leads to a stack-based buffer overflow. This issue can be...

PT-2024-20677 · Unknown · Travel Journal Using Php/Mysql With Source Code

Name of the Vulnerable Software and Affected Versions: Travel Journal Using PHP and MySQL with Source Code version 1.0 Description: A stored cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Share Your Moments paramete...

PT-2024-20261 · Unknown · Springboot-Manager

Name of the Vulnerable Software and Affected Versions: springboot-manager version 1.6 Description: The issue is related to Cross Site Scripting XSS via the "/sys/role" API endpoint. This means an attacker could potentially inject malicious scripts into the webpage, affecting users who access the...