PT-2025-23079 · Unknown · Campcodes Online Hospital Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Online Hospital Management System version 1.0 Description: A critical issue was found in the system. The problem is related to an unknown function of the file /admin/betweendates-detailsreports.php. The manipulation of the fromdate...

PT-2025-22934

Name of the Vulnerable Software and Affected Versions Open Asset Import Library Assimp version 5.4.3 Description A vulnerability has been found in Open Asset Import Library Assimp, affecting the function MDLImporter::ParseSkinLump 3DGS MDL7 of the file...

CVE-2024-3448

Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the back-end. Allowing an attacker to perform a port...

CVE-2024-31213

InstantCMS is a free and open source content management system. An open redirect was found in the ICMS2 application version 2.16.2 when being redirected after modifying one's own user profile. An attacker could trick a victim into visiting their web application, thinking they are still present on...

CVE-2024-37301

Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...

CVE-2024-29193

gotortc is a camera streaming application. Versions 1.8.5 and prior are vulnerable to DOM-based cross-site scripting. The index page index.html shows the available streams by fetching the API in the client side. Then, it uses Object.entries to iterate over the result whose first item name gets...

CVE-2024-12307

A function-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows teachers to modify student personal data without proper authorization. The vulnerability exists due to missing access control checks in the student editing functionality. At the...

CVE-2023-0750

Yellobrik PEC-1864 implements authentication checks via javascript in the frontend interface. When the device can be accessed over the network an attacker could bypass authentication. This would allow an attacker to : - Change the password, resulting in a DOS of the users - Change the streaming...

CVE-2023-33961

Leantime is a lean open source project management system. Starting in version 2.3.21, an authenticated user with commenting privileges can inject malicious Javascript into a comment. Once the malicious comment is loaded in the browser by a user, the malicious Javascript code executes. As of time ...

CVE-2023-30856

eDEX-UI is a science fiction terminal emulator. Versions 2.2.8 and prior are vulnerable to cross-site websocket hijacking. When running eDEX-UI and browsing the web, a malicious website can connect to eDEX's internal terminal control websocket, and send arbitrary commands to the shell. The projec...

CVE-2021-32822

The npm hbs package is an Express view engine wrapper for Handlebars. Depending on usage, users of hbs may be vulnerable to a file disclosure vulnerability. There is currently no patch for this vulnerability. hbs mixes pure template data with engine configuration options through the Express rende...

CVE-2025-48060 AddressSanitizer: stack-buffer-overflow in jq_fuzz_execute (jv_string_vfmt)

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

CVE-2025-48060

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

CVE-2025-48060

jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present in function jvstringvfmt in the jqfuzzexecute harness from oss-fuzz. This crash happens on file jv.c, line 1456 void p = mallocsz;. As of time of publication, no patched versions are...

📄 WordPress PSW Front-end Login Registration 1.12 Privilege Escalation

WordPress PSW Front-end Login Registration plugin versions 1.12 and below suffer from a privilege escalation vulnerability. 🔐 CVE-2025-47646 – PSW Front-end Login & Registration = 1.12 📌 Plugin Information - Plugin: PSW Front-end Login & Registration - Vulnerable Version: = 1.12 - CVE:...

PT-2025-21889 · Unknown · Phpgurukul Auto Taxi Stand Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Auto Taxi Stand Management System version 1.0 Description: A critical issue was found in the PHPGurukul Auto Taxi Stand Management System, affecting an unknown functionality of the file /admin/index.php. The manipulation of the...

PT-2025-21615 · D Link · D-Link Di-7003Gv2

Name of the Vulnerable Software and Affected Versions: D-Link DI-7003GV2 version 24.04.18D1 R68125 Description: A problematic issue was found, affecting an unknown function of the file /index.data. This leads to information disclosure and can be exploited remotely. The issue has been publicly...

PT-2025-21036 · Adobe · Substance3D - Stager

Name of the Vulnerable Software and Affected Versions: Substance3D - Stager versions 3.1.1 and earlier Description: The issue is a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. To exploit this problem, user interaction is required,...

PT-2025-20893 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure in the Apache HTTP Server. No specific details about the nature of the disclosure or how it can be exploited are provided. There is n...

PT-2025-21041 · Adobe · Connect

Name of the Vulnerable Software and Affected Versions: Adobe Connect versions 12.8 and earlier Description: A stored Cross-Site Scripting XSS vulnerability affects Adobe Connect, allowing an attacker to inject malicious scripts into vulnerable form fields. When a victim accesses the page containi...