PT-2026-28715

Name of the Vulnerable Software and Affected Versions Sinaptik AI PandasAI versions up to 3.0.0 Description A security flaw exists in Sinaptik AI PandasAI up to version 3.0.0. The issue resides within the is sql query safe function located in the pandasai/helpers/sql sanitizer.py file, allowing f...

EUVD-2025-18328

Malicious code in bioql PyPI...

PT-2025-32457 · Unknown · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar versions up to 2.9 Description: A problematic issue exists in Portabilis i-Educar up to version 2.9, specifically within the Cadastrar Vínculo Page. The issue involves the manipulation of the nome argument in the...

WordPress Restrict File Access plugin <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion vulnerability

Cross-Site Request Forgery to Arbitrary File Deletion vulnerability discovered by johska in WordPress Plugin Restrict File Access versions = 1.1.2...

CVE-2025-7667 Restrict File Access <= 1.1.2 - Cross-Site Request Forgery to Arbitrary File Deletion

The Restrict File Access plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.2. This is due to missing or incorrect nonce validation on the 'restrict-file-access' page. This makes it possible for unauthenticated attackers to to delete arbitra...

WordPress plugin Restrict File Access 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2025-6070

The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server...

WordPress plugin Restrict File Access 路径遍历漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A path traversal vulnerability exis...

PT-2025-25483 · WordPress · Restrict File Access

Name of the Vulnerable Software and Affected Versions: Restrict File Access plugin for WordPress versions up to, and including, 1.1.2 Description: The issue allows authenticated attackers with Subscriber-level access and above to read the contents of arbitrary files on the server, which can conta...

PT-2025-7130 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: The issue is related to missing authentication for a critical function, allowing an unauthenticated remote attacker to reset arbitrary user passwords via crafted HTTP requests. This is d...

PT-2024-16725 · Unknown · Amtt Hotel Broadband Operation System

Name of the Vulnerable Software and Affected Versions: AMTT Hotel Broadband Operation System versions up to 3.0.3.151204 Description: A critical issue has been found in the AMTT Hotel Broadband Operation System. It affects an unknown function of the file /manager/frontdesk/online status.php. The...

PT-2024-16407 · Safenet · Esafenet Cdg

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG version 5 Description: A critical issue affects the delProtocol function of the file /com/esafenet/servlet/system/PrintScreenListService.java. The manipulation of the id argument leads to SQL injection. The attack may be initiate...

PT-2024-32854 · Json Lib +2 · Json-Lib +2

Name of the Vulnerable Software and Affected Versions: JSON-lib versions prior to 3.1.0 Description: The issue is related to the handling of an unbalanced comment string in the util/JSONTokener.java file. This flaw can be exploited due to the mishandling of such strings. Recommendations: For...

PT-2024-6010 · Adobe · Commerce

Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p1, 2.4.6-p6, 2.4.5-p8, 2.4.4-p9 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type, which could result in arbitrary code execution by an attacker. An attacker cou...

PT-2024-27437 · Jan · Jan

Name of the Vulnerable Software and Affected Versions: Jan version 0.4.12 Description: The issue allows attackers to execute arbitrary code via uploading a crafted file to the "/v1/app/appendFileSync" interface. Recommendations: For Jan version 0.4.12, as a temporary workaround, consider disablin...

PT-2024-26563 · O2Oa · O2Oa

Name of the Vulnerable Software and Affected Versions: O2OA version 8.3.8 Description: The issue allows attackers to execute arbitrary code by uploading a crafted PDF file, exploiting an arbitrary file upload vulnerability. Recommendations: For O2OA version 8.3.8, consider restricting file upload...

PT-2024-26237 · Opentext · Opentext Imanager

Name of the Vulnerable Software and Affected Versions: OpenText iManager version 3.2.6.0200 Description: The issue is related to a File Upload vulnerability in an unauthenticated session, which could allow an attacker to upload a file without authentication. Recommendations: For OpenText iManager...

PT-2024-3499 · Adobe · Acrobat Reader

Name of the Vulnerable Software and Affected Versions: Acrobat Reader versions 20.005.30574, 24.002.20736 and earlier Description: The issue is an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigation...

PT-2024-25515 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.4.0 Description: An issue was discovered that allows Local File Inclusion LFI when an arbitrary File Path is used within the File System Collector. The content of the file specified can be viewed in the incoming...

PT-2024-25027 · Dassault Systèmes · Edrawings

Name of the Vulnerable Software and Affected Versions: eDrawings versions Release SOLIDWORKS 2023 through Release SOLIDWORKS 2024 Description: The issue exists in the file reading procedure, allowing an attacker to execute arbitrary code while opening a specially crafted DWG or DXF file. This cou...