PT-2025-23597

Name of the Vulnerable Software and Affected Versions Parallels Desktop for Mac version 20.1.1 build 55740 Description A privilege escalation issue exists in the Snapshot functionality of Parallels Desktop for Mac. When a snapshot of a virtual machine is deleted, a root service verifies and...

PT-2025-23598

Name of the Vulnerable Software and Affected Versions Parallels Desktop for Mac version 20.1.1 build 55740 Description A privilege escalation issue exists in the Snapshot functionality of Parallels Desktop for Mac. When a snapshot of a virtual machine is taken, a root service writes to a file own...

CVE-2025-48941

CVE-2025-48941 (MyBB) : Affected software: MyBB versions prior to 1.8.39. Issue: the internal search does not properly validate thread visibility, allowing a user with search access to infer the existence of hidden threads (draft, unapproved, or soft-deleted) by title. The visible flag (mybb_thre...

CVE-2025-5401

A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /post.php of the component GET Parameter Handler. The manipulation of the argument pid leads...

CVE-2025-48047

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...

CVE-2025-5370

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has...

CVE-2025-5370 PHPGurukul News Portal forgot-password.php sql injection

A vulnerability classified as critical was found in PHPGurukul News Portal 4.1. Affected by this vulnerability is an unknown functionality of the file /admin/forgot-password.php. The manipulation of the argument Username leads to sql injection. The attack can be launched remotely. The exploit has...

📄 Unifiedtransform 2.x Course Editor Missing Authorization

Unifiedtransform version 2.x allows any user to access and modify course records via the /course/edit/id endpoints. Description Unifiedtransform v2.X is vulnerable to Incorrect Access Control. Any user students and teachers can access and modify course details via the /course/edit/id endpoints...

CVE-2025-48047

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...

CVE-2025-48047 MICI Network Co. Ltd. NetFax Server Command Injection

An authenticated user can perform command injection via unsanitized input to the NetFax Server’s ping functionality via the /test.php endpoint...

CVE-2025-48047

CVE-2025-48047: AFFECTED product is NetFax Server. An authenticated user can trigger a command injection through unsanitized input to the ping functionality exposed at /test.php. Root cause: improper sanitization of input in the ping endpoint allows execution of arbitrary commands on the server. ...

MINI-MWVG-5FX6-7FR9

Bulletin has no description...

MINI-6MWF-FJ63-VM4Q

Bulletin has no description...

PT-2025-23147 · Teltonika Networks · Teltonika Networks Rms

Name of the Vulnerable Software and Affected Versions: Teltonika Networks Remote Management System RMS versions prior to 5.7 Description: The issue allows for account pre-hijacking by misusing the invite functionality. If a victim has a pending invite and registers to the platform directly, they...

PT-2025-27982

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, related to the mm module, specifically with the uprobe functionality. The issue occurs when expanding a vma virtual memory...

Mautic allows user name enumeration due to response time difference on password reset form

Summary This advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...

GHSA-CQX4-9VQF-Q3M8 Mautic's Predictable Page Indexing Might Lead to Sensitive Data Exposure

Summary This advisory addresses a security vulnerability in Mautic where unpublished page previews could be accessed by unauthenticated users and potentially indexed by search engines. This could lead to the unintended disclosure of draft content or sensitive information. Unauthorized Access to...

PT-2025-23091 · Tenda · Tenda W18E

Name of the Vulnerable Software and Affected Versions: Tenda W18E version 2.0 v.16.01.0.11 Description: An issue in Tenda W18E allows an attacker to execute arbitrary code via the editing functionality of the account module in the "goform/setmodules" route. Recommendations: For Tenda W18E version...

CVE-2025-5214 Kashipara Responsive Online Learing Platform course_detail_user_new.php sql injection

A vulnerability was found in Kashipara Responsive Online Learing Platform 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /courses/coursedetailusernew.php. The manipulation of the argument ID leads to sql injection. The attack may be launched...

PT-2025-22874 · H3C · H3C Seccenter Smp-E1114P02

Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A critical vulnerability has been found in H3C SecCenter SMP-E1114P02, affecting some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument...