PT-2025-32105 · Samsung · Emergency Sos

Name of the Vulnerable Software and Affected Versions: Emergency SoS versions prior to SMR Aug-2025 Release 1 Description: An improper export of an Android application component in Emergency SoS allows local attackers to access sensitive information. Recommendations: Update Emergency SoS to SMR...

PT-2025-30894 · Sitecore · Sitecore Experience Platform +2

Name of the Vulnerable Software and Affected Versions: Sitecore Experience Manager XM versions 8.0 Initial Release through 10.4 Initial Release Sitecore Experience Platform XP versions 8.0 Initial Release through 10.4 Initial Release Sitecore Experience Commerce XC versions 8.0 Initial Release...

PT-2025-28600

Name of the Vulnerable Software and Affected Versions: Microsoft Office Microsoft Word Microsoft 365 Apps for Enterprise Microsoft Office Long Term Servicing Channel Microsoft SharePoint Server versions prior to the July 15, 2025 update Description: A use-after-free issue exists in Microsoft Offi...

PT-2025-27546 · Intelbras · Intelbras Rx1500 Router

Name of the Vulnerable Software and Affected Versions: Intelbras RX1500 Router versions 2.2.17 and earlier Description: An integer overflow exists in the websReadEvent function when processing the command field of the HTTP header. This can allow a remote attacker to execute arbitrary code or caus...

PT-2025-27126 · Designthemes · Designthemes Lms

Name of the Vulnerable Software and Affected Versions: designthemes LMS versions n/a through 9.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject...

PT-2025-25727 · Noptin · Noptin

Name of the Vulnerable Software and Affected Versions: Noptin versions 3.8.7 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an attacker can inject malicious...

TencentOS Server 4: tomcat (TSSA-2025:0224)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0224 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

PT-2025-25381 · WordPress · Indieblocks

Name of the Vulnerable Software and Affected Versions: IndieBlocks plugin for WordPress versions up to, and including, 0.13.2 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated attackers with...

PT-2025-24521 · Unknown · Cryptocloud - Crypto Payment Gateway

Name of the Vulnerable Software and Affected Versions: CryptoCloud - Crypto Payment Gateway versions n/a through 2.1.2 Description: The issue is related to a Missing Authorization vulnerability, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

PT-2025-24087 · Gravity Forms · Real Time Validation For Gravity Forms

Name of the Vulnerable Software and Affected Versions: Real Time Validation for Gravity Forms versions 1.7.0 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the software, allowing unauthorized actions to be performed. This issue can be exploited to perform actions on beha...

PT-2025-21984 · David F. Carr · Rsvpmaker

Name of the Vulnerable Software and Affected Versions: davidfcarr RSVPMarker versions n/a through 11.5.6 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks, potentiall...

PT-2025-17168 · Unknown · Mapsvg Lite

Name of the Vulnerable Software and Affected Versions: MapSVG Lite versions prior to 8.5.35 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...

PT-2025-17047 · Radiustheme · Radiustheme Classified Listing

Name of the Vulnerable Software and Affected Versions: RadiusTheme Classified Listing versions n/a through 4.0.1 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an...

PT-2025-15754 · Unknown · Af Tell A Friend

Name of the Vulnerable Software and Affected Versions: AF Tell a Friend versions 1.4 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web application,...

PT-2025-15698 · Pbootcms · Pbootcms

Name of the Vulnerable Software and Affected Versions: PbootCMS version 3.2.9 Description: The issue is related to a XSS vulnerability. It affects the "admin.php?p=/Content/index/mcode/2tab=t2" endpoint. Recommendations: For PbootCMS version 3.2.9, update to a version that fixes this issue, as th...

PT-2025-15057 · WordPress · Multivendorx

Name of the Vulnerable Software and Affected Versions: The MultiVendorX plugin for WordPress versions up to, and including, 4.2.19 Description: The issue is related to a missing capability check on the delete table rate shipping row function, which allows unauthorized loss of data. This makes it...

PT-2025-14944 · Unknown · Radius Blocks

Name of the Vulnerable Software and Affected Versions: Radius Blocks versions n/a through 2.2.1 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...

PT-2025-14162 · WordPress · Uptime Robot Plugin

Name of the Vulnerable Software and Affected Versions: Uptime Robot Plugin for WordPress versions n/a through 2.3 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability, which allows for Cross Site Request Forgery. Recommendations: For versions n/a through 2.3, update to a...

PT-2025-32251

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 139.0.7258.66 Description An inappropriate implementation in permissions within Google Chrome allows a remote attacker to perform UI spoofing through a specially crafted HTML page. The security severity is rated...

PT-2024-5810 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in Custom Tabs, allowing a remote attacker to perform UI spoofing via a crafted...