PT-2025-7527 · Iteachyou · Iteachyou Dreamer Cms

Name of the Vulnerable Software and Affected Versions: iteachyou Dreamer CMS version 4.1.3 Description: A vulnerability was found in iteachyou Dreamer CMS, affecting unknown code of the file /admin/archives/edit. The manipulation of the editorValue/answer/content argument leads to cross-site...

PT-2025-10120 · Esri · Arcgis Server

Name of the Vulnerable Software and Affected Versions: ArcGIS Server affected versions not specified Description: The issue is related to the lack of protection for the web page structure in ArcGIS Server. This could allow a remote attacker to conduct cross-site scripting attacks. Recommendations...

PT-2025-6916 · D Link · D-Link Dir-816

Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version 1.01TO Description: A vulnerability has been found in the D-Link DIR-816, affecting an unknown functionality of the file /cgi-bin/webproc?getpage=html/index.html&var:menu=24gwlan&var:page=24G basic. The manipulation of...

PT-2025-6897 · Microworld · Microword Escan Antivirus

Name of the Vulnerable Software and Affected Versions: MicroWord eScan Antivirus version 7.0.32 Description: A critical issue has been discovered affecting the sprintf function of the USB Password Handler component. This issue leads to a buffer overflow. The attack must be approached locally,...

Crayfish Allows Remote Code Execution via hypercube X-Islandora-Args Header

Impact What kind of vulnerability is it? Who is impacted? Remote code execution is possible in web-accessible installations of hypercube. Patches Has the problem been patched? What versions should users upgrade to? Not yet, though no patch is neccessary if your installation of the microservices i...

PT-2025-6706 · Unknown · Yeqifu Carrental

Name of the Vulnerable Software and Affected Versions: yeqifu carRental version 1.0 Description: The issue allows a remote attacker to obtain sensitive information via the "file/downloadFile.action?path=" component. This is a Directory Traversal vulnerability, which can be exploited to access...

PT-2025-6470 · Unknown · 1000 Projects Attendance Tracking Management System

Name of the Vulnerable Software and Affected Versions: 1000 Projects Attendance Tracking Management System version 1.0 Description: A critical vulnerability was found in the 1000 Projects Attendance Tracking Management System. This issue affects an unknown part of the file /admin/chart1.php. The...

PT-2025-6852 · Unknown · Code-Projects Wazifa System

Name of the Vulnerable Software and Affected Versions: code-projects Wazifa System version 1.0 Description: A critical issue has been found in the code-projects Wazifa System, affecting an unknown functionality of the file /controllers/control.php. The manipulation of an argument leads to a SQL...

PT-2025-6753 · Mayswind · Mayswind Ezbookkeeping

Name of the Vulnerable Software and Affected Versions: MaysWind ezBookkeeping version 0.7.0 Description: An issue in MaysWind ezBookkeeping allows a remote attacker to escalate privileges via the token component. Recommendations: For MaysWind ezBookkeeping version 0.7.0, consider disabling the...

CVE-2025-24031

CVE-2025-24031 affects the PAM-PKCS#11 Linux-PAM module (version 0.6.12 and earlier). The issue is a dereference of an uninitialized pointer when a user enters no PIN, and a segfault when a user presses Ctrl-C/Ctrl-D during PIN entry, producing an availability impact (daemon crash). The vulnerabi...

PT-2025-6023 · Ibm · Ibm Urbancode Deploy +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Deploy versions 8.0 through 8.0.1.4 IBM DevOps Deploy versions 8.1 through 8.1.0.0 IBM UrbanCode Deploy versions 7.0 through 7.0.5.25 IBM UrbanCode Deploy versions 7.1 through 7.1.2.21 IBM UrbanCode Deploy versions 7.2 through...

PT-2025-6004 · Qingscan · Qingscan

Name of the Vulnerable Software and Affected Versions: QingScan versions =1.8.0 Description: A reflected Cross-Site Scripting XSS vulnerability exists in "/webscan/sqlmap/index.html" due to improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript...

PT-2025-5869 · Ibm · Ibm Entirex

Name of the Vulnerable Software and Affected Versions: IBM EntireX version 11.1 Description: The issue is related to an XML external entity injection XXE attack when processing XML data. An authenticated attacker could exploit this to expose sensitive information or consume memory resources...

CVE-2022-23463

Nepxion Discovery is a solution for Spring Cloud. Discover is vulnerable to SpEL Injection in discovery-commons. DiscoveryExpressionResolver’s eval method is evaluating expression with a StandardEvaluationContext, allowing the expression to reach and interact with Java classes such as...

PT-2025-3882 · Parallels · Parallels Desktop

Name of the Vulnerable Software and Affected Versions: Parallels Desktop affected versions not specified Description: This issue allows local attackers to escalate privileges on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target host...

PT-2025-3080 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.12 and earlier Description: The issue is related to Cross Site Request Forgery CSRF, which occurs due to the lack of CSRF protection. Recommendations: For Teedy versions 1.12 and earlier, as a temporary workaround, consider...

PT-2025-3372 · Midea · Midea Home

Name of the Vulnerable Software and Affected Versions: Midea Home version 9.3.12 Description: The issue allows attackers to access sensitive user information via supplying a crafted link. Recommendations: For version 9.3.12, consider avoiding the use of crafted links until a patch is available. A...

PT-2025-3424 · Bioware · Dragon Age Origins

Name of the Vulnerable Software and Affected Versions: Dragon Age Origins version 1.05 Description: The DAUpdaterSVC service in Dragon Age Origins contains an unquoted service path issue, allowing users to modify the executable file path used by the service. This service runs with NT...

PT-2025-3361 · Mashang Consumer Finance Co. · Anyihua

Name of the Vulnerable Software and Affected Versions: Mashang Consumer Finance Co., Ltd Anyihua iOS version 3.6.2 Description: The issue allows attackers to access sensitive user information by supplying a crafted link. Recommendations: For Mashang Consumer Finance Co., Ltd Anyihua iOS version...

PT-2025-3365 · Unknown · Guazi Used Car

Name of the Vulnerable Software and Affected Versions: Guazi Used Car iOS version 10.15.1 Description: The issue allows attackers to access sensitive user information by supplying a crafted link. This enables unauthorized access to confidential user data. Recommendations: For Guazi Used Car iOS...