PT-2025-4032 · Embedai · Embedai

Name of the Vulnerable Software and Affected Versions: EmbedAI versions 2.1 and earlier Description: A control access issue has been identified, allowing an authenticated attacker to exploit the "/embedai/visits/show/" endpoint to obtain information about visits made by other users. The informati...

PT-2025-5361 · Jenkins · Jenkins Azure Service Fabric Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Azure Service Fabric Plugin versions 1.6 and earlier Description: A missing permission check in the Jenkins Azure Service Fabric Plugin allows attackers with Overall/Read permission to enumerate the IDs of Azure credentials stored in...

PT-2024-38860

Name of the Vulnerable Software and Affected Versions: Flowise version 1.8.2 Description: An Authentication Bypass issue exists, allowing a remote, unauthenticated attacker to access API endpoints as an administrator and access restricted functionality. Recommendations: For Flowise version 1.8.2,...

PT-2024-28867 · Unknown · Kashipara Online Exam System

Name of the Vulnerable Software and Affected Versions: Kashipara Online Exam System version 1.0 Description: A Broken Access Control issue was found in "admin/update.php" and "admin/dashboard.php", allowing remote unauthenticated attackers to view the administrator dashboard and delete valid user...

PT-2024-25520 · Linqi · Linqi

Name of the Vulnerable Software and Affected Versions: linqi versions prior to 1.4.0.1 Description: An issue was discovered that leads to an NTLM hash leak. This occurs via the "api/Cdn/GetFile" and "api/DocumentTemplate/GUID" endpoints. Recommendations: For versions prior to 1.4.0.1, update to...

PT-2024-3458

Name of the Vulnerable Software and Affected Versions Apache OFBiz versions prior to 18.12.13 Description The issue is related to an improper limitation of a pathname to a restricted directory, also known as a path traversal vulnerability. This allows a remote attacker to execute arbitrary code b...

PT-2023-9854 · Tornado +7 · Tornado +7

Name of the Vulnerable Software and Affected Versions: Tornado versions 6.3.1 and earlier Description: The issue allows a remote unauthenticated attacker to redirect a user to an arbitrary web site and conduct a phishing attack by having the user access a specially crafted URL. This is related to...

PT-2022-24711

Name of the Vulnerable Software and Affected Versions Clerk WordPress plugin versions prior to 4.0.0 Description The issue affects the validation function for all API requests, making it vulnerable to time-based attacks due to the usage of comparison operators to verify API keys against the ones...

PT-2022-25406 · Nps · Nps

Name of the Vulnerable Software and Affected Versions: NPS versions prior to 0.26.10 Description: The issue allows for an authentication bypass via constantly generating and sending the Auth key and Timestamp parameters. Recommendations: For versions prior to 0.26.10, update to version 0.26.10 or...