PT-2025-23530 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.16 Description: The issue is a stack overflow that occurs via the time parameter in the setSmartPowerManagement function. This allows for potential exploitation. No information is provided about the estimated number...

PT-2025-11186 · Fs · Fs Inc S3150 8T2F Switch

Name of the Vulnerable Software and Affected Versions: FS Inc S3150 8T2F Switch versions s3150-8t2f-switch-fsos-220d 118101 and web firmware v2.2.2 Description: A stored cross-site scripting vulnerability exists in the web management interface of the FS model S3150-8T2F switches. This allows an...

PT-2025-11189 · Modx · Modx

Name of the Vulnerable Software and Affected Versions: MODX versions prior to 3.1.0 Description: A cross-site scripting XSS issue has been identified. The issue allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

PT-2025-10576

Name of the Vulnerable Software and Affected Versions PyTorch version 2.6.0+cu124 Description A critical vulnerability was found in the function torch.ops.profiler. call end callbacks on jit fut of the component Tuple Handler. The manipulation of the argument None leads to memory corruption. The...

Linux Distros Unpatched Vulnerability : CVE-2024-49942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xemigratecopy xemigratecopy designed to copy content ...

Linux Distros Unpatched Vulnerability : CVE-2024-36478

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - nullblk: fix null-ptr-dereference while configuring 'power' and 'submitqueues' Writing 'power' and 'submitqueues' concurrently will trigger kernel panic: Test...

Linux Distros Unpatched Vulnerability : CVE-2023-24815

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vert.x-Web is a set of building blocks for building web applications in the java programming language. When running vertx web applications that serve files usin...

Linux Distros Unpatched Vulnerability : CVE-2021-36064

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - XMP Toolkit version 2020.1 and earlier is affected by a Buffer Underflow vulnerability which could result in arbitrary code execution in the context of the...

PT-2025-14822 · Assimp +2 · Assimp +2

Name of the Vulnerable Software and Affected Versions: Open Asset Import Library Assimp version 5.4.3 Description: A critical vulnerability was found in Open Asset Import Library Assimp. The function Assimp::MD2Importer::InternReadFile in the library code/AssetLib/MD2/MD2Loader.cpp of the compone...

CVE-2025-25198 mailcow: dockerized vulnerable to password reset poisoning

mailcow: dockerized is an open source groupware/email suite based on docker. Prior to version 2025-01a, a vulnerability in mailcow's password reset functionality allows an attacker to manipulate the Host HTTP header to generate a password reset link pointing to an attacker-controlled domain. This...

CVE-2025-1150 GNU Binutils ld libbfd.c bfd_malloc memory leak

A vulnerability was found in GNU Binutils 2.43. It has been declared as problematic. This vulnerability affects the function bfdmalloc of the file libbfd.c of the component ld. The manipulation leads to memory leak. The attack can be initiated remotely. The complexity of an attack is rather high...

Azure Linux 3.0 Security Update: hdf5 (CVE-2024-32605)

The version of hdf5 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-32605 advisory. - HDF5 Library through 1.14.3 has a heap-based buffer over-read in H5VMmemcpyvv in H5VM.c called from...

CVE-2024-42357

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

PT-2025-4047 · Unknown · Esafenet Cdg V5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG V5 Description: A vulnerability was found in an unknown functionality of the file /appDetail.jsp. The manipulation of the curpage argument leads to cross site scripting. The attack can be launched remotely. The vendor was contact...

SonicWall SMA Appliances Exploited in Zero-Day Attacks

Critical security flaw in SonicWall SMA 1000 appliances CVE-2025-23006 exploited as a zero-day. Rated CVSS 9.8, patch immediately…...

PT-2025-5553 · Unknown · Kb Support

Name of the Vulnerable Software and Affected Versions: KB Support versions 1.6.7 and earlier Description: The issue is related to a URL redirection to an untrusted site, also known as an "Open Redirect" problem. This allows an attacker to redirect users to a malicious website. Recommendations: Fo...

PT-2025-30955

Name of the Vulnerable Software and Affected Versions LibTIFF versions up to 4.7.0 Description A critical issue exists in LibTIFF, specifically within the get histogram function located in the tools/tiffmedian.c file. This issue leads to a use-after-free condition, potentially allowing for local...

CVE-2024-12894 TreasureHuntGame TreasureHunt acesso.php sql injection

A vulnerability, which was classified as critical, was found in TreasureHuntGame TreasureHunt up to 963e0e0. Affected is an unknown function of the file TreasureHunt/acesso.php. The manipulation of the argument usuario leads to sql injection. It is possible to launch the attack remotely. This...

PT-2024-36274 · Unknown · Phuc Pham Multiple Admin Emails

Name of the Vulnerable Software and Affected Versions: Phuc Pham Multiple Admin Emails versions n/a through 1.0 Description: The issue is related to a Cross-Site Request Forgery CSRF problem, which allows for Cross Site Request Forgery. This affects the multiple admin emails functionality...

CVE-2024-12300

CVE-2024-12300 (AR for WordPress) is an unauthorized double extension file upload vulnerability in the AR for WordPress WordPress plugin, caused by a missing capability check in set_ar_featured_image(). The issue affects all versions up to and including 7.3, enabling unauthenticated attackers to ...