PT-2025-52301

Name of the Vulnerable Software and Affected Versions Kentico Xperience affected versions not specified Description A cryptography issue exists in Kentico Xperience that may allow attackers to manipulate URL hash values by exploiting existing hashing mechanisms. A hotfix introduces an additional...

PT-2025-27241 · Cypress · Cypress Psoc4

Name of the Vulnerable Software and Affected Versions: Cypress PSoC4 version 3.66 Description: A state machine transition flaw in the Bluetooth Low Energy BLE stack allows attackers to bypass the pairing process and authentication via a crafted pairing failed packet. This flaw enables attackers t...

PT-2025-24502 · Woocommerce · Stock Locations For Woocommerce

Name of the Vulnerable Software and Affected Versions: Stock Locations for WooCommerce versions 2.8.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For...

PT-2025-24251 · Unknown · Hot Links Pro

Name of the Vulnerable Software and Affected Versions: ShortLinks Pro versions 1.0.0 through 1.0.7 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks. Recommendations:...

PT-2025-18621 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A null pointer dereference issue has been identified in the Linux kernel, specifically in the neigh table clear function. This issue occurs when the IPv6 module is initialized but...

CVE-2025-22087

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix array bounds error with maygoto maygoto uses an additional 8 bytes on the stack, which causes the interpreters array to go out of bounds when calculating index by stacksize. 1. If a BPF program is rewritten, re-evaluate...

PT-2025-18667 · Totolink · Totolink Ca300-Poe

Name of the Vulnerable Software and Affected Versions: TOTOLINK CA300-POE version 6.2c.884 B20180522 Description: A command injection issue was discovered in the msg process function via the Url parameter. This issue allows attackers to execute arbitrary commands through a manipulated request...

PT-2025-12705 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.06 Description: The issue concerns a buffer overflow vulnerability in the fromSetRouteStatic function, which can be exploited via the parameter list. Recommendations: For Tenda AC8 version 16.03.34.06, consider...

PT-2024-9321

Name of the Vulnerable Software and Affected Versions Windows Common Log File System Driver affected versions not specified Description The vulnerability is an elevation-of-privilege issue in the Windows Common Log File System Driver. It allows attackers to gain SYSTEM privileges on Windows...

GHSA-64F8-PJGR-9WMR Untrusted Query Object Evaluation in RPC API

During the sign in and sign up operations through the SurrealDB RPC API, an arbitrary object would be accepted in order to support a wide array of types and structures that could contain user credentials. This arbitrary object could potentially contain any SurrealDB value, including an object...

BIT-HYPERLEDGER-FABRIC-TOOLS-2022-45196

Hyperledger Fabric 2.3 allows attackers to cause a denial of service orderer crash by repeatedly sending a crafted channel tx with the same Channel name. NOTE: the official Fabric with Raft prevents exploitation via a locking mechanism and a check for names that already exist...

CVE-2024-31995 zcap has incomplete expiration checks in capability chains.

@digitalbazaar/zcap provides JavaScript reference implementation for Authorization Capabilities. Prior to version 9.0.1, when invoking a capability with a chain depth of 2, i.e., it is delegated directly from the root capability, the expires property is not properly checked against the current da...

CVE-2023-4236

A flaw was found in the Bind package. The networking code handling DNS-over-TLS queries may cause named to terminate unexpectedly due to an assertion failure. This happens when internal data structures are incorrectly reused under significant DNS-over-TLS query load. A named instance vulnerable t...

PT-2023-17797 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions prior to the fixed version Description: The issue is related to a missing bounds check in the p2p iface.cpp file, which could lead to a possible out of bounds read. This might result in local information disclosure, with Syst...

VMware Releases Patches for Critical vRealize Log Insight Software Vulnerabilities

VMware on Tuesday released software to remediate four security vulnerabilities affecting vRealize Log Insight aka Aria Operations for Logs that could expose users to remote code execution attacks. Two of the flaws are critical, carrying a severity rating of 9.8 out of a maximum of 10, the...

PT-2022-27336 · Tenda · Tenda Ac18

Name of the Vulnerable Software and Affected Versions: Tenda A18 version 15.13.07.09 Description: A stack overflow issue was discovered, which can be triggered via the security 5g parameter at the "/goform/WifiBasicSet" API endpoint. Recommendations: For Tenda A18 version 15.13.07.09, avoid using...

PT-2022-25176 · Flatpress · Flatpress

Name of the Vulnerable Software and Affected Versions: Flatpress version 1.2.1 Description: A remote code execution issue was found in the Upload File function, allowing for potential code execution. Recommendations: For version 1.2.1, consider disabling the Upload File function until a patch is...

Researchers Find Backdoor in School Management Plugin for WordPress

Multiple versions of a WordPress plugin by the name of "School Management Pro" harbored a backdoor that could grant an adversary complete control over vulnerable websites. The issue, spotted in premium versions before 9.9.7, has been assigned the CVE identifier CVE-2022-1609 and is rated 10 out o...

Post-Auth Arbitrary File Read vulnerability Impacting End-Of-Life SRA Appliances and End-Of-Support SMA100 firmware versions

NOTE: SonicWall PSIRT has continued to observe threat actors targeting EOL SRA devices i.e., CVE-2021-20028, active exploitation of this vulnerability is likely in chained attacks leveraging CVE-2021-20028.Through SonicWall PSIRT Threat Intelligence gathering, SonicWall has become aware of a ‘Pos...

CVE-2022-21720 SQL injection using custom CSS administration form in GLPI

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation...