PT-2025-21224 · Peergos · Peergos

Name of the Vulnerable Software and Affected Versions: Peergos versions through 1.1.0 Description: The issue is related to an improper restriction of XML external entity reference in the getDocumentBuilder method of the WebDav servlet in Peergos. This allows for potential exploitation...

Huawei EulerOS: Security Advisory for glib2 (EulerOS-SA-2025-1514)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-19828 · Unknown · Phpgurukul Art Gallery Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Art Gallery Management System version 1.1 Description: A critical issue affects an unknown functionality of the file /admin/add-art-type.php. The manipulation of the arttype argument leads to SQL injection. This issue can be...

CVE-2025-46342

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to versions 1.13.5 and 1.14.0, it may happen that policy rules using namespace selectors in their match statements are mistakenly not applied during admission review request processing due to a missing error...

PT-2025-17568 · Totolink · Totolink A950Rg +3

Name of the Vulnerable Software and Affected Versions: TOTOLINK A830R version 4.1.2cu.5182 B20201102 TOTOLINK A950RG version 4.1.2cu.5161 B20200903 TOTOLINK A3000RU version 5.9c.5185 B20201128 TOTOLINK A3100R version 4.1.2cu.5247 B20211129 Description: A buffer overflow vulnerability was discover...

PT-2025-18305 · NetGear · Netgear Wag302V2

Name of the Vulnerable Software and Affected Versions: Netgear WG302v2 versions up to 5.2.9 Description: A critical issue was found, affecting the function ui get input value. The manipulation of the host argument leads to command injection. This issue can be exploited remotely. The vendor was...

PT-2025-14585

Name of the Vulnerable Software and Affected Versions PHPGurukul Bus Pass Management System version 1.0 Description A critical issue was found in the PHPGurukul Bus Pass Management System, affecting an unknown part of the file /view-pass-detail.php. The manipulation of the viewid argument leads t...

PT-2025-11189 · Modx · Modx

Name of the Vulnerable Software and Affected Versions: MODX versions prior to 3.1.0 Description: A cross-site scripting XSS issue has been identified. The issue allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

Linux Distros Unpatched Vulnerability : CVE-2024-49942

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xemigratecopy xemigratecopy designed to copy content ...

CVE-2024-42357

Shopware is an open commerce platform. Prior to versions 6.6.5.1 and 6.5.8.13, the Shopware application API contains a search functionality which enables users to search through information stored within their Shopware instance. The searches performed by this function can be aggregated using the...

CVE-2024-12300

CVE-2024-12300 (AR for WordPress) is an unauthorized double extension file upload vulnerability in the AR for WordPress WordPress plugin, caused by a missing capability check in set_ar_featured_image(). The issue affects all versions up to and including 7.3, enabling unauthenticated attackers to ...

PT-2024-34376 · Unknown · Python Book

Name of the Vulnerable Software and Affected Versions: python book version V1.0 Description: The issue concerns an arbitrary file upload vulnerability in the user avatar upload function. This vulnerability allows for the upload of arbitrary files, which could potentially lead to security issues...

PT-2024-34620 · Unknown · Open Floodlight Sdn Controller

Name of the Vulnerable Software and Affected Versions: Floodlight SDN Open Flow Controller version 1.2 Description: The issue allows local hosts to build fake LLDP packets, which can cause Floodlight to miss specific clusters. This, in turn, leads to missed hosts inside and outside the cluster. T...

PT-2024-33089 · Qualitor · Qualitor

Name of the Vulnerable Software and Affected Versions: Qualitor version 8.24 Description: The issue is a remote code execution RCE vulnerability. It can be exploited via the gridValoresPopHidden parameter. Recommendations: For Qualitor version 8.24, avoid using the gridValoresPopHidden parameter...

PT-2024-26233 · F Logic · F-Logic Datacube3

Name of the Vulnerable Software and Affected Versions: F-logic DataCube3 version 1.0 Description: The issue is related to command injection due to improper string filtering at the command execution point in the ./admin/transceiver schedule.php file. An unauthenticated remote attacker can exploit...

PT-2024-2959 · Ruijie · Ruijie Rg-Nbr700Gw

Name of the Vulnerable Software and Affected Versions: Ruijie RG-NBR700GW version 10.34b12 Description: The issue is related to a lack of cookie verification when resetting the password, resulting in an administrator password reset vulnerability. An attacker can exploit this to log in to the devi...

CVE-2023-36857 Baker Hughes Bently Nevada 3500 System Authentication Bypass by Capture-replay

Baker Hughes – Bently Nevada 3500 System TDI Firmware version 5.05 contains a replay vulnerability which could allow an attacker to replay older captured packets of traffic to the device to gain access...

PT-2023-17706 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-12 through Android-12L Description: A possible way to bypass restrictions on starting activities from the background exists due to a missing permission check in the getMainActivityLaunchIntent function of...

PT-2022-26093 · Xpdf +1 · Xpdf +1

Name of the Vulnerable Software and Affected Versions: Xpdf version 4.04 Description: An issue was discovered that causes a crash in the gfseek IO FILE, long, int function in the goo/gfile.cc file. Recommendations: For Xpdf version 4.04, as a temporary workaround, consider disabling the gfseek...

PT-2022-14475 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions Android-13 Description: The issue concerns a side channel information disclosure in PackageManager, allowing an attacker to determine whether an app is installed without requiring query permissions. This could lead to local...