PT-2025-31292 · Apple · Macos Sonoma 14.7.7 +2

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Sequoia 15.6 macOS versions prior to Sonoma 14.7.7 Description: An application may be able to access protected user data due to vulnerable code. This issue was addressed by removing the vulnerable code. Recommendations...

PT-2025-30477

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 115.26 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to...

PT-2025-30017 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.16 Mattermost versions 10.5.x through 10.5.6 Mattermost versions 10.7.x through 10.7.3 Mattermost versions 10.8.x through 10.8.1 Description: The software fails to verify authorization when retrieving...

PT-2025-28464 · Fortinet · Fortiproxy +1

Name of the Vulnerable Software and Affected Versions: FortiOS versions prior to 7.4.8 FortiOS version 7.6.0 FortiOS versions 7.0 and earlier FortiOS versions 6.4 and earlier FortiProxy versions prior to 7.4.9 FortiProxy versions 7.2 and earlier FortiProxy versions 7.0 and earlier FortiProxy...

PT-2025-27903 · Unknown · Sb Breadcrumbs

Name of the Vulnerable Software and Affected Versions: SB Breadcrumbs versions n/a through 1.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as 'Cross-site Scripting', which allows Reflected XSS in SB Breadcrumbs. Recommendations: For...

PT-2025-26228 · Ibm · Ibm Qradar Siem

Name of the Vulnerable Software and Affected Versions: IBM QRadar SIEM versions 7.5 through 7.5.0 Update Package 12 Description: The issue allows a privileged user to modify configuration files, enabling the upload of a malicious autoupdate file to execute arbitrary commands. Recommendations: For...

PT-2025-25111 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.22 and earlier Description: A stored Cross-Site Scripting XSS issue affects the software, allowing an attacker with limited privileges to inject malicious scripts into vulnerable form fields. This could...

PT-2025-23134 · Next.Js · Next.Js

Name of the Vulnerable Software and Affected Versions: Next.js versions 13.0 through 15.2.2 Description: Next.js is a React framework for building full-stack web applications. In affected versions, Next.js may have allowed limited source code exposure when the dev server was running with the App...

PT-2025-22330 · Checkmk · Checkmk

Name of the Vulnerable Software and Affected Versions: Checkmk versions prior to 2.4.0p1 Checkmk versions prior to 2.3.0p32 Checkmk versions prior to 2.2.0p42 Checkmk version 2.1.0 Description: The issue allows authenticated attackers to write arbitrary files due to argument injection in special...

PT-2025-18930 · WordPress · Subpage List

Name of the Vulnerable Software and Affected Versions: Subpage List plugin for WordPress versions up to, and including, 1.3.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'subpages' shortcode due to insufficient input sanitization and output escaping on...

GHSA-V83Q-83HJ-RW38 ntpd NTS client denial of service via wrongly sized cookies

Two denial of service vulnerabilities were found in ntpd-rs related to the handling of NTS cookies in our client functionality. Whenever an NTS source is configured and the server behind that source is sending zero-sized cookies or cookies larger than what would fit in our buffer size, ntpd-rs...

PT-2025-4380 · Unknown · Namelessmc

Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.1.3 Description: The issue allows an attacker to reset user passwords via the forgot password link. This can be achieved when a user with admincp.core.emails or admincp.users.edit permissions manually validates ...

PT-2025-27814 · Mediawiki +1 · Mediawiki +2

Name of the Vulnerable Software and Affected Versions: Mediawiki - CentralAuth Extension versions 1.39.0 through 1.39.12 Mediawiki - CentralAuth Extension versions 1.42.0 through 1.42.6 Mediawiki - CentralAuth Extension versions 1.43.0 through 1.43.1 Description: The issue is related to an Improp...

PT-2024-8141 · Postgresql +6 · Postgresql +6

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions prior to 17.1 PostgreSQL versions prior to 16.5 PostgreSQL versions prior to 15.9 PostgreSQL versions prior to 14.14 PostgreSQL versions prior to 13.17 PostgreSQL versions prior to 12.21 Description: The issue is related t...

PT-2024-23251 · Org Mode +5 · Org Mode +5

Name of the Vulnerable Software and Affected Versions: Emacs versions prior to 29.3 Org Mode versions prior to 9.6.23 Description: The issue allows arbitrary Lisp code to be evaluated as part of turning on Org mode. Recommendations: For Emacs versions prior to 29.3, update to version 29.3 or late...

PT-2024-19285 · Terminalfour · Terminalfour +1

Name of the Vulnerable Software and Affected Versions: Terminalfour versions 7.4 through 7.4.0004 QP3 Terminalfour versions 8 through 8.3.19 Formbank versions through 2.1.10-FINAL Description: An issue allows Unauthenticated Stored Cross-Site Scripting, potentially leading to Admin Session...

PT-2024-10915 · Liferay · Liferay Dxp +1

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.2.0 through 7.3.5 Liferay DXP 7.3 before fix pack 1 Liferay DXP 7.2 before fix pack 17 Description: The issue allows attackers to use man-in-the-middle or shoulder surfing attacks to steal user's password reminder...

PT-2023-29938 · Roundcube · Roundcube

Name of the Vulnerable Software and Affected Versions: Roundcube versions 1.4.x through 1.4.14 Roundcube versions 1.5.x through 1.5.4 Roundcube versions 1.6.x through 1.6.3 Description: The issue allows for XSS via a text/html e-mail message containing an SVG image with a USE element. This is...

PT-2023-13453 · Unknown · Orocommerce

Name of the Vulnerable Software and Affected Versions: OroCommerce versions 4.1.0 through 4.1.13 OroCommerce versions 4.2.0 through 4.2.10 OroCommerce versions 5.0.0 through 5.0.10 OroCommerce versions 5.1.0 Description: The issue allows a JS payload added to the product name to be executed at th...

PT-2023-2841

Name of the Vulnerable Software and Affected Versions Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73 Zyxel VPN series firmware versions 4.60 through 5.35 Zyxel USG FLEX series firmware versions 4.60 through 5.35 Zyxel ATP series firmware versions 4.60 through 5.35 Description The iss...