PT-2025-4032 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: A control access issue has been identified, allowing an authenticated attacker to exploit the "/embedai/visits/show/" endpoint to obtain information about visits made by other users. The informati...

PT-2025-5361 · Jenkins · Jenkins Azure Service Fabric Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Service Fabric Plugin versions 1.6 and earlier Description: A missing permission check in the Jenkins Azure Service Fabric Plugin allows attackers with Overall/Read permission to enumerate the IDs of Azure credentials stored in...

PT-2024-38860

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2 Description: An Authentication Bypass issue exists, allowing a remote, unauthenticated attacker to access API endpoints as an administrator and access restricted functionality. Recommendations: For Flowise version 1.8.2,...

PT-2024-28867 · Unknown · Kashipara Online Exam System

Name of the Vulnerable Software and Affected Versions: Kashipara Online Exam System version 1.0 Description: A Broken Access Control issue was found in "admin/update.php" and "admin/dashboard.php", allowing remote unauthenticated attackers to view the administrator dashboard and delete valid user...

PT-2024-25520 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered that leads to an NTLM hash leak. This occurs via the "api/Cdn/GetFile" and "api/DocumentTemplate/GUID" endpoints. Recommendations: For versions prior to 1.4.0.1, update to...

PT-2024-3458

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.13 Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a path traversal vulnerability. This allows a remote attacker to execute arbitrary code b...

PT-2023-9854 · Tornado +7 · Tornado +7

Name of the Vulnerable Software and Affected Versions: Tornado versions 6.3.1 and earlier Description: The issue allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This is related to...

PT-2022-24711 · WordPress · Clerk

Name of the Vulnerable Software and Affected Versions: Clerk WordPress plugin versions prior to 4.0.0 Description: The issue affects the validation function for all API requests, making it vulnerable to time-based attacks due to the usage of comparison operators to verify API keys against the one...

PT-2022-25406 · Nps · Nps

Name of the Vulnerable Software and Affected Versions: NPS versions prior to 0.26.10 Description: The issue allows for an authentication bypass via constantly generating and sending the Auth key and Timestamp parameters. Recommendations: For versions prior to 0.26.10, update to version 0.26.10 or...