Hitachi Energy Ellipse

SUMMARY Hitachi Energy is aware of a Jasper Report vulnerability that affects the Ellipse product versions mentioned in this document below. This vulnerability can be exploited to carry out remote code execution RCE attack on the product. Please refer to the Recommended Immediate Actions for...

PT-2025-24051 · Totolink · Totolink X15

Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical vulnerability has been found in the HTTP POST Request Handler component of TOTOLINK X15, affecting the file /boafrm/formWlanRedirect. The manipulation of the redirect-url...

PT-2025-29663

Name of the Vulnerable Software and Affected Versions Oracle VM VirtualBox version 7.1.10 Description An easily exploitable issue exists in the Core component of Oracle VM VirtualBox, allowing a high-privileged attacker with access to the infrastructure where Oracle VM VirtualBox executes to...

PT-2025-21975 · Unknown · Woocommerce

Name of the Vulnerable Software and Affected Versions: Product Code for WooCommerce versions 1.5.0 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. This means an attacker can trick a user into performing unintended...

Hitachi Energy RTU500 Series (Update B)

SUMMARY Hitachi Energy is aware of the vulnerabilities, CVE-2024-10037, CVE-2024-11499, CVE-2024-12169, and CVE-2025-1445 in the RTU500 Web server component, the IEC 60870-5-104 controlled station implementation and IEC 61850 implementation, that affects the RTU500 versions that are listed...

Hitachi Energy MACH PS700

SUMMARY Hitachi Energy is aware of a vulnerability in third party component Intel Chipset Device Software, that affects MACH PS700 v2 product versions listed in this document. Authenticated malicious clients successfully exploiting this vulnerability could escalate the privilege to cause...

PT-2025-5726 · Progress · Loadmaster

Name of the Vulnerable Software and Affected Versions: LoadMaster versions 7.2.48.12 and earlier LoadMaster versions 7.2.49.0 through 7.2.54.12 LoadMaster versions 7.2.55.0 through 7.2.60.1 ECS versions prior to 7.2.60.1 Description: The issue is related to improper input validation of...

PT-2025-3816 · Unknown · Code-Projects Online Book Shop

Name of the Vulnerable Software and Affected Versions: code-projects Online Book Shop version 1.0 Description: A critical issue has been found in the code-projects Online Book Shop, affecting an unknown part of the /booklist.php file. The manipulation of the subcatid argument leads to SQL...

PT-2024-34546 · Jepaas · Jepaas

Name of the Vulnerable Software and Affected Versions: JEPaaS version 7.2.8 Description: The issue is related to SQL injection vulnerability in multiple parameters via the "/je/login/btnLog/insertBtnLog" API endpoint. This could allow a remote user to submit a specially crafted query, enabling an...

Windows Secure Kernel Mode Elevation of Privilege Vulnerability

Summary: As of July 10, 2025 Microsoft has completed mitigations to address this vulnerability. See KB5042562: Guidance for blocking rollback of virtualization-based security related updates and the Recommended Actions section of this CVE for guidance on how to protect your systems from this...

Intel® Data Center GPU Max Series Advisory

Summary: A potential security vulnerability in the Intel® Data Center GPU Max Series 1100 and 1550 products may allow denial of service. Intel is releasing prescriptive guidance to address this potential vulnerability. Vulnerability Details: CVEID: CVE-2023-47165 Description: Improper conditions...

Hitachi Energy RTU500 Series Product (Update B)

SUMMARY Hitachi Energy is aware of the vulnerability CVE-2024-2617 in the RTU500 Web server component, that affects the RTU500 versions that are listed below. An attacker successfully exploiting this vulnerability could bypass secure update. Please refer to the Recommended Immediate Actions for...

PT-2023-8128

Name of the Vulnerable Software and Affected Versions OpenSSH versions 9.6 and earlier Description The issue is related to a potential row hammer attack that could allow authentication bypass. This is applicable to a certain threat model of attacker-victim co-location in which the attacker has us...

PT-2023-18403 · Intel · Intel Unison

Name of the Vulnerable Software and Affected Versions: Intel Unison affected versions not specified Description: The issue concerns an uncaught exception in Intel Unison software that could allow an authenticated user with local access to potentially escalate privileges. Recommendations: At the...

PT-2023-32521 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The issue was accidentally requested. There is a vulnerability notification available. Recommendations: At the moment, there is no information...

PT-2023-35578 · Git +1 · Libredwg

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read error. Technical details include a crash type of Heap-buffer-overflow READ 16, with the crash state...

PT-2023-18740 · Samsung · Samsung Knox Sdk

Name of the Vulnerable Software and Affected Versions: Samsung Knox SDK versions 2.8.60 and earlier Description: The issue allows an attacker to bypass the authentication process and gain access to sensitive data. Recommendations: For Samsung Knox SDK versions 2.8.60 and earlier, at the moment,...

PT-2023-12857 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about the issue. It mentions a candidate in a CNA pool not assigned to any issues during 2022,...

PT-2023-10402 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No vulnerable software or affected versions specified. Description: The provided information does not describe a vulnerability but rather a rejected CVE candidate number. There is no general information about an issue, estimated number of...

PT-2023-20915 · Tenda · Tenda Ax3

Name of the Vulnerable Software and Affected Versions: Tenda AX3 version 16.03.12.11 Description: The issue is related to a Buffer Overflow that can be triggered via the "/goform/SetFirewallCfg" API endpoint. This allows for potential exploitation. Recommendations: For Tenda AX3 version...