PT-2026-4775

Name of the Vulnerable Software and Affected Versions Microsoft Office versions 2016 through 2019 Microsoft Office LTSC versions 2021 through 2024 Microsoft 365 Apps affected versions not specified Description This issue is caused by the reliance on untrusted inputs when making security decisions...

Microsoft Office Security Feature Bypass Vulnerability

Microsoft Office contains a security feature bypass vulnerability in which reliance on untrusted inputs in a security decision in Microsoft Office could allow an unauthorized attacker to bypass a security feature locally. Some of the impacted products could be end-of-life EoL and/or end-of-servic...

CVE-2025-14750

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

CVE-2026-0603

CVE-2026-0603 : A second-order SQL injection vulnerability in Hibernate Core via the InlineIdsOrClauseBuilder allows a remote attacker with low privileges to craft non-alphanumeric IDs to read sensitive data (e.g., system files) and manipulate or delete data, causing an application‑level denial o...

EUVD-2025-206328

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

WordPress Plugin BuddyPress Code Injection Vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be installed t...

CVE-2025-14750

The web application does not sufficiently verify inputs that are assumed to be immutable but are actually externally controllable. A low-privileged user can modify the parameters and potentially manipulate account-level privileges...

Linux Distros Unpatched Vulnerability : CVE-2025-12781

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the base64 module the characters +/ will always be accepted, regardless...

EUVD-2026-3598

When passing data to the b64decode, standardb64decode, and urlsafeb64decode functions in the "base64" module the characters "+/" will always be accepted, regardless of the value of "altchars" parameter, typically used to establish an "alternative base64 alphabet" such as the URL safe alphabet. Th...

Incomplete List of Disallowed Inputs

Overview Affected versions of this package are vulnerable to Incomplete List of Disallowed Inputs in the b64decode, standardb64decode, and urlsafeb64decode functions when the altchars parameter is used. An attacker can cause logical errors or compromise data integrity by submitting input containi...

CVE-2025-14027

Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...

CVE-2025-14027

Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...

CVE-2025-14027

CVE-2025-14027 affects Rockwell Automation 1756-RM2 and 1756-RM2XT firmware in ControlLogix Redundancy Enhanced Modules. The issue is described as multiple denial-of-service vulnerabilities triggered by crafted inputs (including malformed Class 3 messages, memory leak conditions, and other resour...

CVE-2025-14027

Multiple denial-of-service vulnerabilities exist in the affected product. These issues can be triggered through various crafted inputs, including malformed Class 3 messages, memory leak conditions, and other resource exhaustion scenarios. Exploitation may cause the device to become unresponsive...

CVE-2025-41025 Stored Cross-Site Scripting in Poultry Farm Management System

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'category' y 'product' parameters in '/farm/sellproduct.php'...

CVE-2025-41025

Stored Cross-Site Scripting XSS in Poultry Farm Management System v1.0 due to the lack of proper validation of user input by sending a POST request. The relationship between parameters and assigned identifiers is as follows: 'category' y 'product' parameters in '/farm/sellproduct.php'...

PT-2026-3560

Name of the Vulnerable Software and Affected Versions versions prior to 2.3 Description Multiple denial-of-service issues exist that can be triggered through crafted inputs, including malformed Class 3 messages, memory leak conditions, and resource exhaustion scenarios. Exploitation may cause the...

Rockwell Automation ControlLogix Redundancy Enhanced Module security vulnerabilities

Rockwell Automation ControlLogix Redundancy Enhanced Module is a core hardware component of Rockwell Automation. There is a security vulnerability present in the Rockwell Automation ControlLogix Redundancy Enhanced Module, which stems from processing specially crafted inputs. This vulnerability m...

poppler: Out-of-Bounds Read in Poppler

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...

poppler: Out-of-Bounds Read in Poppler

A flaw was found in Poppler. This vulnerability allows out-of-bounds reads via crafted input files that trigger the JBIG2Bitmap::combine function due to a misplaced isOk check...