PT-2025-21935 · Unknown · Campcodes Online Shopping Portal

Name of the Vulnerable Software and Affected Versions: Campcodes Online Shopping Portal version 1.0 Description: A critical vulnerability has been found in Campcodes Online Shopping Portal. The issue affects an unknown function of the file /my-cart.php. The manipulation of the billingaddress...

PT-2025-21927 · Unknown · Sourcecodester Client Database Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Client Database Management System version 1.0 Description: A critical issue has been found in the processing of the file /user delivery update.php, where the manipulation of the uploaded file cancelled argument leads to...

PT-2025-21852 · Unknown · Sourcecodester Restaurant Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Restaurant Management System version 1.0 Description: A critical issue affects the processing of the file /admin/assign save.php. The manipulation of the team argument leads to SQL injection. The attack may be initiated remotely...

WordPress LogDash Activity Log plugin < 1.1.4 - Unauthenticated SQLi vulnerability

Unauthenticated SQLi vulnerability discovered by Nicolas Surribas in WordPress Plugin LogDash Activity Log versions 1.1.4...

WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.2 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Phat RiO - BlueRock in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 13.6.2...

Security advisory: Improper Link Resolution Before File Access in QFileSystemEngine in the Qt corelib module on Windows impacts Qt

Improper Link Resolution Before File Access 'Link Following' vulnerability in QFileSystemEngine in the Qt corelib module on Windows potentially allows Symlink Attacks and the use of Malicious Files. This vulnerability has been discovered and assigned the CVE ID CVE-2025-4211. The issue originates...

PT-2025-21359 · Unknown · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue has been found in the system, affecting an unknown function of the file /pages/reprint.php. The manipulation of the sid argument leads to SQL injection. This issue...

PT-2025-21224 · Peergos · Peergos

Name of the Vulnerable Software and Affected Versions: Peergos versions through 1.1.0 Description: The issue is related to an improper restriction of XML external entity reference in the getDocumentBuilder method of the WebDav servlet in Peergos. This allows for potential exploitation...

Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2025-1514)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-20627 · Unknown · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue has been discovered, affecting the /pages/creditor add.php file, which can lead to sql injection. This issue can be exploited remotely. Recommendations: For...

PT-2025-20630 · Unknown · Sourcecodester Online College Library System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online College Library System version 1.0 Description: A critical vulnerability was found in the SourceCodester Online College Library System. The issue is related to an unknown function of the file /index.php, where the...

PT-2025-20469 · Totolink · Totolink N150Rt

Name of the Vulnerable Software and Affected Versions: TOTOLINK N150RT version 3.4.0-B20190525 Description: A vulnerability was found in the Virtual Server Page component, leading to cross-site scripting. The attack can be initiated remotely, and the exploit has been disclosed to the public...

PT-2025-19822 · Unknown · Kefaming Mayi

Name of the Vulnerable Software and Affected Versions: kefaming mayi versions 1.3.9 and earlier Description: A critical vulnerability has been found in kefaming mayi, affecting the function Upload of the file app/tools/controller/File.php. The manipulation of the argument File leads to unrestrict...

PT-2025-19828 · Unknown · Phpgurukul Art Gallery Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Art Gallery Management System version 1.1 Description: A critical issue affects an unknown functionality of the file /admin/add-art-type.php. The manipulation of the arttype argument leads to SQL injection. This issue can be...

PT-2025-19775 · Unknown · Itranswarp

Name of the Vulnerable Software and Affected Versions: itranswarp version 2.19 Description: An issue in the component /manage/ of itranswarp allows attackers to bypass authentication via a crafted request. Recommendations: For version 2.19, consider restricting access to the /manage/ component...

CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

PT-2025-18902 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-rc3 Description: A use-after-free issue has been identified in the Linux kernel, specifically in the cfusbl device notify function. This issue occurs when unregistering a net device, which can lead to a...

PT-2025-18100 · Unknown · Phpgurukul Pre-School Enrollment System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Pre-School Enrollment System version 1.0 Description: A critical vulnerability was found in the PHPGurukul Pre-School Enrollment System. This issue affects unknown code in the file /admin/aboutus.php. The manipulation of the...

PT-2025-19360 · Npm · @Escape.Tech/Graphql-Armor-Cost-Limit

Summary A query cost restriction using the cost-limit can be bypassed if ignoreIntrospection is enabled which is the default configuration by naming your query/fragment schema. Details At the start of the computeComplexity function, we have the following check for ignoreIntrospection option: ts i...

PT-2025-17568 · Totolink · Totolink A950Rg +3

Name of the Vulnerable Software and Affected Versions: TOTOLINK A830R version 4.1.2cu.5182 B20201102 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK A3100R version 4.1.2cu.5247 B20211129 Description: A buffer overflow vulnerability was discover...