LearnPress Plugin < 4.2.0 - Unauthenticated Time-Based Blind SQLi

SQL Injection vulnerability in LearnPress – WordPress LMS Plugin = 4.1.7.3.2 versions. id: CVE-2022-45808 info: name: LearnPress Plugin 4.2.0 - Unauthenticated Time-Based Blind SQLi author: DhiyaneshDK severity: critical description: | SQL Injection vulnerability in LearnPress – WordPress LMS...

PT-2026-45137

Name of the Vulnerable Software and Affected Versions Tenda W12 version 3.0.0.74763 Description A stack-based buffer overflow can be triggered remotely via the set local time 0 function within the /bin/httpd file. This occurs when the Time argument is manipulated. Recommendations At the moment,...

CrushFTP VFS - Sandbox Escape LFR

VFS Sandbox Escape in CrushFTP in all versions before 10.7.1 and 11.1.0 on all platforms allows remote attackers with low privileges to read files from the filesystem outside of VFS Sandbox. id: CVE-2024-4040 info: name: CrushFTP VFS - Sandbox Escape LFR author: DhiyaneshDK,pussycat0x severity:...

PT-2026-43020

A severe vulnerability was disclosed for Edimax EW-7438RPn CVE-2026-9482 https://t.co/41d9U3ZOrq...

PT-2026-42951

Name of the Vulnerable Software and Affected Versions Edimax EW-7438RPn version 1.31 Description A stack-based buffer overflow exists in the webs component. This issue occurs during the manipulation of the selSSID/submit-url argument within the formWlSiteSurvey function of the...

PT-2026-36916

Name of the Vulnerable Software and Affected Versions Quarkus version 3.32.4 Description An authorization bypass exists where semicolons used as matrix parameters in HTTP requests can circumvent security constraints, potentially granting unauthorized access to protected resources. Unauthenticated...

PT-2026-35228

A vulnerability was identified in D-Link DIR-825 3.00b32. This affects the function NMBD process of the file sserver.c of the component nmbd. Such manipulation leads to buffer overflow. The attack can only be initiated within the local network. The exploit is publicly available and might be used...

PT-2026-32187

Name of the Vulnerable Software and Affected Versions Totolink A7100RU version 7.4cu.2313 b20191024 Description A flaw exists in the CGI Handler component of Totolink A7100RU version 7.4cu.2313 b20191024. Specifically, manipulating the FileName argument within the UploadFirmwareFile function,...

PT-2026-27015

Name of the Vulnerable Software and Affected Versions Belkin F9K1122 version 1.00.33 Description A flaw exists in Belkin F9K1122. The issue involves a stack-based buffer overflow that can be triggered by manipulating the webpage argument within the formWISP5G function located in the...

PT-2026-26919

A vulnerability has been found in Tenda FH451 1.0.0.9. This vulnerability affects the function WrlclientSet of the file /goform/WrlclientSet. Such manipulation of the argument GO leads to stack-based buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the publi...

PT-2026-21294

Name of the Vulnerable Software and Affected Versions D-Link DWR-M960 version 1.01.07 Description A flaw exists in the D-Link DWR-M960 router, specifically in the function sub 41914C within the /boafrm/formWanConfigSetup component, which handles WAN interface configuration. The issue allows a...

PT-2026-5017

A severe vulnerability was disclosed for Xen CVE-2025-58151 https://t.co/aRR5DmmtNF...

Weaponizing cross site scripting: When one bug isn’t enough

Cross-Site Scripting XSS is often underestimated as a minor vulnerability. In reality, XSS can open the door to more severe attacks when combined with other vulnerabilities...

EUVD-2025-88866

Malicious code in severewolverinez3n npm...

EUVD-2025-75667

Malicious code in severemollusk-appteadev npm...

EUVD-2025-78340

Malicious code in severechickenz3n npm...

EUVD-2025-78339

Malicious code in severehedgehogz3n npm...

EUVD-2025-80599

Malicious code in severetarantula0xrequest npm...

EUVD-2025-80600

Malicious code in severeparrot0xrequest npm...

EUVD-2025-73752

Malicious code in severeslugz3n npm...