PT-2025-4990 · Unknown · Notfound Youtube Video Grid

Name of the Vulnerable Software and Affected Versions: NotFound Youtube Video Grid versions 1.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for reflected cross-site scripting XSS. This means an attacker can inject...

PT-2025-4554 · Unknown · Faaiq Pretty Url

Name of the Vulnerable Software and Affected Versions: Faaiq Pretty Url versions 1.5.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. Recommendations: For versions 1.5.4 and earlier, update to a version that fixes this...

PT-2025-2506

Name of the Vulnerable Software and Affected Versions: Rara Business versions 1.2.5 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed on behalf of a user. This can lead to security breaches where an attacker tricks...

PT-2024-36125 · Unknown · Think201 Faqs

Name of the Vulnerable Software and Affected Versions: Think201 FAQs versions n/a through 1.0.2 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS in Think201 FAQs. Recommendations: For...

PT-2024-33414 · Martin Gibson · Ideapush

Name of the Vulnerable Software and Affected Versions: IdeaPush versions n/a through 8.69 Description: A Cross-Site Request Forgery CSRF issue is found in Martin Gibson's IdeaPush, allowing hackers to perform actions on behalf of a user without their knowledge. This can lead to unauthorized chang...

PT-2024-18994 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev77 Description: Any unauthenticated user can browse to a specific URL to expose the Flask config, including the SECRET KEY variable. This issue allows attackers to access sensitive information, which could...

PT-2023-30207 · Unknown · Thefreewindows Auto Limit Posts Reloaded

Name of the Vulnerable Software and Affected Versions: TheFreeWindows Auto Limit Posts Reloaded plugin versions = 2.5 Description: A Cross-Site Request Forgery CSRF issue affects the plugin, allowing unauthorized actions to be performed on behalf of a user without their knowledge. Recommendations...

PT-2023-17641 · WordPress · Buy Me A Coffee – Button/Widget Plugin

Name of the Vulnerable Software and Affected Versions: Buy Me a Coffee – Button and Widget Plugin versions up to, and including, 3.6 Description: The issue arises from insufficient sanitization and escaping on the text value set via the bmc post reception action, allowing authenticated attackers...

PT-2021-4480 · Oracle +2 · Mysql Server +1

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.25 and prior Description: The issue exists due to insufficient input validation in the MySQL Server component. It allows a remote attacker to cause a denial of service. Successful exploitation can result in the abili...