kkFileView 4.1.0 - Cross-Site Scripting

kkFileView 4.1.0 is susceptible to cross-site scripting via the url parameter at /controller/OnlinePreviewController.java. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

CVE-2022-38449

Adobe Acrobat Reader versions 22.002.20212 and earlier and 20.005.30381 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue...

EUVD-2018-17162

Malware in sbrugna...

EUVD-2021-34027

Malicious code in bioql PyPI...

EUVD-2022-5793

Malicious code in bioql PyPI...

EUVD-2024-42466

Malicious code in bioql PyPI...

Trend Micro Confirms Active Exploitation of Critical Apex One Flaws in On-Premise Systems

Trend Micro has released mitigations to address critical security flaws in on-premise versions of Apex One Management Console that it said have been exploited in the wild. The vulnerabilities CVE-2025-54948 and CVE-2025-54987, both rated 9.4 on the CVSS scoring system, have been described as...

PT-2025-28395 · Sinec Nms · Sinec Nms

Name of the Vulnerable Software and Affected Versions: SINEC NMS versions prior to V4.0 Description: A vulnerability has been identified in the affected application where it does not properly validate file paths when extracting uploaded ZIP files. This could allow an attacker to write arbitrary...

PT-2025-27625 · Ruijie · Ruijie Nbr Series

Name of the Vulnerable Software and Affected Versions: Ruijie NBR series routers versions NBR2000G, NBR1300G, and NBR1000 Description: An information disclosure issue exists via the "/WEB VMS/LEVEL15/" endpoint. By crafting a specific POST request with modified Cookie headers and specially...

PT-2025-26942 · Unknown · Iroha Board

Name of the Vulnerable Software and Affected Versions: iroha Board versions v0.10.12 and earlier Description: A cross-site request forgery issue exists. If a user accesses a specially crafted URL while logged in to the affected product, arbitrary learning histories may be registered...

CVE-2025-47106

InDesign Desktop versions ID20.2, ID19.5.3 and earlier are affected by a Use After Free vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issue requires user interaction in that a...

PT-2025-25085 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing a low-privileged attacker to inject malicious scripts into vulnerable form fields. When a victim browses ...

PT-2025-23631 · Jehc-Bpm · Jehc-Bpm

Name of the Vulnerable Software and Affected Versions: JEHC-BPM version 2.0.1 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file to the "/server/executeExec" API endpoint. This is due to an arbitrary file upload vulnerability in the component...

PT-2025-23481 · Multilaser · Multilaser Sirius Re016 Mlt1.0

Name of the Vulnerable Software and Affected Versions: Multilaser Sirius RE016 MLT1.0 Description: A critical issue has been found in the Password Change Handler component, specifically in the /cgi-bin/cstecgi.cgi file. The manipulation of an unknown function leads to improper authentication,...

CVE-2023-26445

Frontend themes are defined by user-controllable jslob settings and could point to a malicious resource which gets processed during login. Malicious script code can be executed within the victims context. This can lead to session hijacking or triggering unwanted actions via the web interface and...

PT-2025-21250

Name of the Vulnerable Software and Affected Versions: net-tools versions up to and including 2.10 Description: The issue is related to the Linux network utilities in the net-tools package, which do not properly validate the structure of /proc files when showing interfaces. This can lead to...

PT-2025-21225 · Unknown +1 · Pointcloudlibrary +1

Name of the Vulnerable Software and Affected Versions: PointCloudLibrary versions prior to 1.14.0 Description: The issue is an Out-of-bounds Write vulnerability in PointCloudLibrary, allowing Overflow Buffers due to a zlib issue. This vulnerability is relevant for versions older than 1.14.0 or if...

PT-2025-19962 · Mrdoc · Mrdoc

Name of the Vulnerable Software and Affected Versions: MrDoc versions 0.95 and before Description: The issue is related to Server-Side Request Forgery SSRF in the validate url function of the app doc/utils.py file. This allows for potential exploitation. Recommendations: For MrDoc versions 0.95 a...

PT-2025-19339 · Unknown · Phpgurukul Emergency Ambulance Hiring Portal

Name of the Vulnerable Software and Affected Versions: PHPGurukul Emergency Ambulance Hiring Portal version 1.0 Description: A critical issue has been discovered, affecting an unknown function of the file /admin/edit-ambulance.php. The manipulation of the dconnum argument leads to SQL injection...

PT-2025-18865 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.0-rc1-00004-g703695902cfa Description: A vulnerability in the Linux kernel has been identified, where the inconsistency between i size and i disksize can trigger a kernel warning when the boot loader inode i...