PT-2025-3355 · Hangzhou Bobo Technology Co · Uu Game Booster

Name of the Vulnerable Software and Affected Versions: Hangzhou Bobo Technology Co Ltd UU Game Booster version 10.6.13 Description: An issue in Hangzhou Bobo Technology Co Ltd UU Game Booster allows attackers to access sensitive user information via supplying a crafted link. Recommendations: For...

PT-2025-3159

Name of the Vulnerable Software and Affected Versions Xerox Workplace Suite affected versions not specified Description The issue concerns the storage of tokens in session storage, which may expose them to potential access if a user's session is compromised. A patch for this issue will be include...

PT-2025-2882 · Gpac +2 · Gpac +2

Name of the Vulnerable Software and Affected Versions: gpac version 2.4 Description: The issue is related to a SEGV at src/isomedia/drm sample.c:1562:96 in the isom cenc get sai by saiz saio function in MP4Box. This indicates a potential problem with memory access or handling in the specified...

PT-2025-5626 · Monicahq · Monicahq

Name of the Vulnerable Software and Affected Versions: MonicaHQ version 4.1.1 Description: The issue allows attackers to exploit authenticated client-side injection in journal entry edits, with a medium severity level. A patch is pending, and users should monitor updates closely. Recommendations:...

PT-2025-7558 · Tenda · Tenda Ac8

Name of the Vulnerable Software and Affected Versions: Tenda AC8 version 16.03.34.06 Description: The issue is related to a Buffer Overflow in the get parentControl list Info function. Recommendations: For Tenda AC8 version 16.03.34.06, consider disabling the get parentControl list Info function...

PT-2025-3410 · Totolink · Totolink X6000R

Name of the Vulnerable Software and Affected Versions: TOTOLINK A6000R version V1.0.1-B20201211.2000 Description: A command injection issue was discovered via the opmode parameter in the action reboot function. This allows for potential exploitation. Recommendations: For TOTOLINK A6000R version...

PT-2025-2031 · Unknown · Zhenfeng13 My-Blog

Name of the Vulnerable Software and Affected Versions: zhenfeng13 My-Blog version 1.0 Description: A critical vulnerability was found in the upload function of the file src/main/java/com/site/blog/my/core/controller/admin/uploadController.java. The manipulation of the file argument leads to...

PT-2025-3188 · Unknown · Html Forms

Name of the Vulnerable Software and Affected Versions: HTML Forms versions n/a through 1.4.1 Description: The issue is related to improper neutralization of input during web page generation, which allows Reflected XSS. This means that an attacker can inject malicious code into the HTML Forms,...

PT-2024-36289 · Unknown · Jozoor Arabic Webfonts

Name of the Vulnerable Software and Affected Versions: Jozoor Arabic Webfonts versions 1.4.6 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. This vulnerability can be exploited d...

Cleo File Transfer Vulnerability Under Exploitation – Patch Pending, Mitigation Urged

Users of Cleo-managed file transfer software are being urged to ensure that their instances are not exposed to the internet following reports of mass exploitation of a vulnerability affecting fully patched systems. Cybersecurity company Huntress said it discovered evidence of threat actors...

PT-2024-12048 · Unknown · We’Re Open!

Name of the Vulnerable Software and Affected Versions: We’re Open! versions 1.45 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows the exploitation of incorrectly configured access control security levels. Recommendations: For versions 1.45 and...

PT-2024-36092 · Revy · Revy

Name of the Vulnerable Software and Affected Versions: Revy versions 1.1 through 1.18 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential takeover o...

PT-2024-35770 · Jsfinder · Jsfinder

Name of the Vulnerable Software and Affected Versions: JSFinder version d70ab9bc5221e016c08cffaf0d9ac79646c90645 Description: The issue concerns a Directory Traversal vulnerability in the find by file function. This allows for potential unauthorized access to files outside the intended directory...

GHSA-4CX5-89VM-833X veraPDF CLI has potential XXE (XML External Entity Injection) vulnerability

Impact Executing policy checks using custom schematron files via the CLI invokes an XSL transformation that may theoretically lead to a remote code execution RCE vulnerability. Patches We are currently working on a patch that will be released when ready. Workarounds This doesn't affect the standa...

PT-2024-35438 · Dcme-320 +3 · Dcme-320 +3

Name of the Vulnerable Software and Affected Versions: DCME-320 versions 7.4.12.90 and earlier DCME-520 versions 9.25.5.11 and earlier DCME-320-L versions 9.3.5.26 and earlier DCME-720 versions 9.1.5.11 and earlier Description: The issue allows for Remote Code Execution via the...

PT-2024-34515 · Kia · Kia Seltos

Name of the Vulnerable Software and Affected Versions: KIA Seltos vehicle instrument cluster version 1.0 Description: An issue in the KIA Seltos vehicle instrument cluster allows attackers to control or disrupt CAN communication between the instrument cluster and CAN bus. The findings are dispute...

PT-2024-26495 · Vmir · Vmir

Name of the Vulnerable Software and Affected Versions: vmir version e8117 Description: A stack overflow issue was discovered in the init local vars function at /src/vmir wasm parser.c. This issue affects the vmir software, allowing for potential exploitation. Recommendations: For version e8117,...

PT-2024-34553 · Unknown · Phpgurukul Ifsc Code Finder Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul IFSC Code Finder Project version 1.0 Description: A Reflected Cross Site Scripting XSS issue was found in the "/ifscfinder/admin/profile.php" API endpoint, which allows remote attackers to execute arbitrary code via the...

PT-2024-16257 · Sourcecodester · Sourcecodester Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Hotel Reservation System version 1.0 Description: A critical issue has been found in the function upload of the file /guest/update.php, where the manipulation of the image argument leads to unrestricted upload. This issu...

PT-2024-33584 · WordPress · Endless Posts Navigation

Name of the Vulnerable Software and Affected Versions: Endless Posts Navigation versions n/a through 2.2.7 Description: A Cross-Site Request Forgery CSRF issue in Endless Posts Navigation allows Stored XSS. This means an attacker can perform actions on behalf of a user without their knowledge,...