SUSE CVE-2026-31973

SAMtools is a program for reading, manipulating and writing bioinformatics file formats. Starting in version 1.17, in the cram-size command, used to write information about how well CRAM files are compressed, a check to see if the cramdecodecompressionheader was missing. If the function returned ...

PT-2026-7476

Name of the Vulnerable Software and Affected Versions JUNG Smart Panel KNX firmware versions prior to L1.12.22 Description The JUNG Smart Panel KNX firmware does not properly validate file path input in its embedded web interface. This allows remote, unauthenticated attackers to access arbitrary...

PT-2026-1579

Name of the Vulnerable Software and Affected Versions Premmerce WooCommerce Customers Manager plugin for WordPress versions through 1.1.14 Description The Premmerce WooCommerce Customers Manager plugin for WordPress is susceptible to Reflected Cross-Site Scripting. This is due to inadequate input...

CVE-2026-21674

iccDEV provides a set of libraries and tools for working with ICC color management profiles. Versions 2.3.1 and below contain a memory leak vulnerability in its XML MPE Parsing Path iccFromXml. This issue is fixed in version 2.3.1.1...

PT-2025-53888

Name of the Vulnerable Software and Affected Versions Atte Moisio AM Events versions through 1.13.1 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can ...

PT-2025-53898

Name of the Vulnerable Software and Affected Versions Magnigenie RestroPress versions through 3.2.4.2 Description The software contains a flaw related to improper input handling during web page generation, specifically a Stored Cross-Site Scripting XSS issue. This allows for the injection of...

PT-2025-53795

Name of the Vulnerable Software and Affected Versions Crocoblock JetBlog versions through 2.4.7 Description An authorization issue exists in Crocoblock JetBlog, allowing exploitation of incorrectly configured access control security levels. This can lead to unauthorized access. Recommendations...

PT-2025-53284

Name of the Vulnerable Software and Affected Versions Bit Assist versions through 1.5.11 Description An authorization issue exists in Bit Apps Bit Assist. The problem involves incorrectly configured access control security levels, potentially allowing unauthorized access. Recommendations Update B...

PT-2025-53085

Name of the Vulnerable Software and Affected Versions Essekia Tablesome versions through 1.1.35.1 Description An issue exists in Essekia Tablesome that allows the retrieval of embedded sensitive data due to insertion of sensitive information into sent data. Recommendations Update Essekia Tablesom...

PT-2025-46816

Name of the Vulnerable Software and Affected Versions Qode Qi Blocks versions through 1.4.3 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be store...

PT-2025-44618

Name of the Vulnerable Software and Affected Versions Groundhogg versions through 4.2.6 Description The software contains a flaw due to improper neutralization of input during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be stored on...

PT-2025-43267

Name of the Vulnerable Software and Affected Versions Simple User Registration versions prior to and including 6.4 Description A privilege assignment issue exists in N-Media Simple User Registration. This allows for privilege escalation. Recommendations Update Simple User Registration to a versio...

CVE-2025-29887 QuRouter 2.5

A command injection vulnerability has been reported to affect QuRouter 2.5.1. If a remote attacker gains an administrator account, they can then exploit the vulnerability to execute arbitrary commands. We have already fixed the vulnerability in the following version: QuRouter 2.5.1.060 and later...

PT-2025-34922 · Unknown · Alexvtn Chatbox Manager

Name of the Vulnerable Software and Affected Versions: alexvtn Chatbox Manager versions through 1.2.6 Description: The software contains a Stored Cross-Site Scripting XSS issue due to improper neutralization of input during web page generation. This allows for the injection of malicious scripts...

PT-2025-34820 · WordPress · Siteseo – Seo Simplified

Name of the Vulnerable Software and Affected Versions: SiteSEO – SEO Simplified plugin for WordPress versions up to and including 1.2.7 Description: The SiteSEO – SEO Simplified plugin for WordPress is susceptible to Stored Cross-Site Scripting due to a broken preg replace expression and...

PT-2025-34269

Name of the Vulnerable Software and Affected Versions: PandoraNext-TokensTool versions 0.6.8 and earlier Description: An authentication bypass allows an attacker to access the API without a token. Recommendations: Update to a version later than 0.6.8...

PT-2025-33160 · Unknown · Idonatepro

Name of the Vulnerable Software and Affected Versions: IDonatePro versions through 2.1.9 Description: IDonatePro is susceptible to a PHP Local File Inclusion due to improper control of filename for include/require statements. This allows for the inclusion of local files. Recommendations: Update...

PT-2025-33228 · WordPress · Yith Woocommerce Popup

Name of the Vulnerable Software and Affected Versions: YITH WooCommerce Popup versions through 1.48.0 Description: A Cross-Site Request Forgery CSRF issue exists in YITH WooCommerce Popup, potentially allowing attackers to perform actions on behalf of authenticated users. Recommendations: Update...

PT-2025-32906 · Adobe · Substance3D - Painter

Name of the Vulnerable Software and Affected Versions: Substance3D - Painter versions 11.0.2 and earlier Description: Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read issue that may lead to the disclosure of sensitive memory. Exploitation of this issue...

PT-2025-32761 · Adobe · Illustrator

Name of the Vulnerable Software and Affected Versions: Illustrator versions 28.7.8 and earlier Illustrator version 29.6.1 and earlier Description: Illustrator is susceptible to an out-of-bounds write issue, potentially leading to arbitrary code execution with the privileges of the current user...