PT-2025-14795

Name of the Vulnerable Software and Affected Versions Gladinet CentreStack versions prior to 16.4.10315.56368 Gladinet Triofox versions prior to 16.4.10317.56372 Description Gladinet CentreStack and Triofox are affected by a deserialization vulnerability due to the use of a hardcoded machineKey i...

PT-2025-12141 · Hugging Face · Huggingface/Transformers

Name of the Vulnerable Software and Affected Versions: huggingface/transformers version v4.46.3 Description: A Regular Expression Denial of Service ReDoS issue was identified in the huggingface/transformers library, specifically in the file tokenization nougat fast.py. The issue occurs in the pos...

PT-2025-10806

Name of the Vulnerable Software and Affected Versions Microsoft Windows versions affected versions not specified Description This issue is a Windows New Technology LAN Manager NTLM hash disclosure spoofing vulnerability CVE-2025-24054. The vulnerability allows attackers to perform spoofing over a...

PT-2025-9096 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions 2.8.0 through 2.8.12 Rancher versions 2.9.0 through 2.9.6 Rancher versions 2.10.0 through 2.10.2 Description: A local user can impersonate other identities through SAML Authentication on first login due to an improper access...

Security Bulletin: Potential Improper Privilege Management vulnerability in Logstash affects IBM Operations Analytics - Log Analysis (CVE-2024-31141)

Summary Apache Kafka Client bundle in Logstash is vulnerable to improper privilege management. Vulnerability Details CVEID:CVE-2024-31141 DESCRIPTION: Files or Directories Accessible to External Parties, Improper Privilege Management vulnerability in Apache Kafka Clients. Apache Kafka Clients...

PT-2025-7538 · Dell · Dell Recoverpoint For Virtual Machines

Name of the Vulnerable Software and Affected Versions: Dell RecoverPoint for Virtual Machines version 6.0.X Description: A command execution vulnerability exists, allowing a low-privileged malicious user with local access to potentially exploit it by running a specific binary. This could result i...

PT-2025-6477

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...

CGA-9G23-PGWC-P32G

Bulletin has no description...

PT-2025-3560 · Msfm +1 · Msfm +1

Name of the Vulnerable Software and Affected Versions: MSFM versions prior to 2025.01.01 Description: The issue is related to a fastjson deserialization vulnerability in the component system/table/editField. This vulnerability was discovered in MSFM. Recommendations: For versions prior to...

New episode “In The Trend of VM” (#10): 8 trending vulnerabilities of November, zero budget VM and who should look for patches

New episode "In The Trend of VM" 10: 8 trending vulnerabilities of November, zero budget VM and who should look for patches. The competition for the best question on the topic of VM continues. Video on YouTube, LinkedIn Post on Habr rus Digest on the PT website Content: 00:29 Spoofing - Windows...

PT-2024-26507 · Linkstack · Linkstack

Name of the Vulnerable Software and Affected Versions: LinkStack versions 2.7.9 through 4.7.7 Description: The issue is a Server-Side Request Forgery SSRF vulnerability. It affects the resourcesviewscomponentsfavicon.blade.php file, allowing it to be linked with SSRF. This vulnerability poses a...

PT-2024-30129 · Ellevo · Ellevo

Name of the Vulnerable Software and Affected Versions: Ellevo version 6.2.0.38160 Description: An issue in Ellevo allows a remote attacker to escalate privileges via the "/api/usuario/cadastrodesuplente" endpoint. This could lead to unauthorized access. Recommendations: For Ellevo version...

PT-2024-6666

Name of the Vulnerable Software and Affected Versions: Qualcomm Multiple Chipsets affected versions not specified Description: The issue is related to a use-after-free vulnerability in the Digital Signal Processor DSP service of Qualcomm chipsets, which can lead to memory corruption while...

PT-2024-4772

The vulnerable software is Microsoft Windows, specifically the Windows Remote Desktop Licensing Service. This pre-authentication remote code execution issue affects all versions of Windows Server from 2000 to 2025. To exploit this issue, an unauthorized attacker can connect to the Remote Desktop...

PT-2024-37680 · Unknown · Y Project Ruoyi

Name of the Vulnerable Software and Affected Versions: y project RuoYi versions up to 4.7.9 Description: A vulnerability was found in the function isJsonRequest of the component Content-Type Handler. The manipulation of the argument HttpHeaders.CONTENT TYPE leads to cross site scripting. The atta...

PT-2024-6731

Name of the Vulnerable Software and Affected Versions Microsoft Configuration Manager versions prior to 2403 5.00.9128.1024 Microsoft Configuration Manager versions prior to 2309 5.00.9122.1033 Microsoft Configuration Manager versions prior to 2303 5.00.9106.1037 Microsoft Configuration Manager...

PT-2024-4135 · Qlik · Qlik Sense Enterprise For Windows

Name of the Vulnerable Software and Affected Versions: Qlik Sense Enterprise for Windows versions 14.67.7 through 14.187.3 Description: The issue is related to improper validation, allowing a remote attacker to elevate their privilege and execute commands on the server. This can lead to remote co...

PT-2024-23621 · Bento4 · Bento4

Name of the Vulnerable Software and Affected Versions: Bento4 version 1.6.0-641-2-g1529b83 Description: An issue was discovered in Bento4, leading to a Denial of Service DoS. The issue is a heap-use-after-free in AP4 UnknownAtom::AP4 UnknownAtom at Ap4Atom.cpp, as demonstrated by mp42ts...

PT-2024-21421 · Codiad · Codiad

Name of the Vulnerable Software and Affected Versions: Codiad version 2.8.4 Description: The issue allows reflected XSS via the type parameter in the "components/market/dialog.php" endpoint. This can lead to remote execution. There is no information about the estimated number of potentially...

PT-2024-2247

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions prior to March 2024 Patch Tuesday Windows Server 2019 10.0.17763.2300 Description: A vulnerability exists in the Windows Error Reporting Service that allows attackers to gain SYSTEM-level privileges. The...