PT-2026-39259

Name of the Vulnerable Software and Affected Versions free5GC version 4.2.1 Description The Session Management Function SMF mounts the UPI management route group without OAuth2 or bearer-token authorization middleware. This allows a network attacker with access to the Service Based Interface SBI ...

CVE-2021-33359

A vulnerability exists in gowitness 2.3.6 that allows an unauthenticated attacker to perform an arbitrary file read using the file:// scheme in the url parameter to get an image of any file...

PT-2025-51776

@vitejs/plugin-rs provides React Server Components RSC support for Vite. Prior to version 0.5.8, the / vite rsc findSourceMapURL endpoint in @vitejs/plugin-rsc allows unauthenticated arbitrary file read during development mode. An attacker can read any file accessible to the Node.js process by...

CVE-2025-34139

The CVE-2025-34139 issue affects Sitecore XM/XP/XC and Managed Cloud, allowing an unauthenticated attacker to read arbitrary files. According to PT-2025-30894, affected products include Sitecore Experience Manager (XM), Experience Platform (XP), and Experience Commerce (XC) across versions 8.0 In...