PT-2025-32135

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: The software suffers from a memory corruption issue when processing DirectDraw Interface DDI command calls. Recommendations: At the moment, there is no information about a newer version that contai...

PT-2025-31191 · Unknown · Human Resource Management System

Name of the Vulnerable Software and Affected Versions: Human Resource Management System version 1.0 Description: A SQL injection vulnerability exists in Human Resource Management System version 1.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases via the ci...

PT-2025-31308 · Apple · Ipados +7

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.6 iPadOS versions prior to 18.6 and 17.7.9 macOS Sequoia versions prior to 15.6 macOS Sonoma versions prior to 14.7.7 tvOS versions prior to 18.6 watchOS versions prior to 11.6 visionOS versions prior to 2.6...

PT-2025-30683 · Wwbn · Avideo

Name of the Vulnerable Software and Affected Versions: WWBN AVideo versions 14.4 and dev master commit 8a8954ff Description: A cross-site scripting xss vulnerability exists in the videosList page parameter functionality. A specially crafted HTTP request can lead to arbitrary Javascript execution,...

PT-2025-28182 · Unknown · Codeastro Online Movie Ticket Booking System

Name of the Vulnerable Software and Affected Versions: CodeAstro Online Movie Ticket Booking System version 1.0 Description: A problematic issue has been discovered, affecting an unknown part of the system, which leads to cross-site request forgery. The attack can be initiated remotely. The explo...

PT-2025-23054 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an authentication bypass in the Apache HTTP Server. No specific details about the estimated number of potentially affected devices worldwide or real-world...

PT-2025-22417

Name of the Vulnerable Software and Affected Versions Jeppesen JetPlanner Pro version 1.6.2.20 Description The issue allows a remote attacker to execute arbitrary code through a Cross Site Scripting vulnerability. This enables remote code execution. Recommendations For Jeppesen JetPlanner Pro...

Do Not Enable the DHCP Service

The Dynamic Host Configuration Protocol DHCP service provides dynamic allocation of IP addresses to machines. Unless a system is the designated DHCP server, you are advised to disable its DHCP service to reduce the attack surface. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions...

PT-2025-18300

Name of the Vulnerable Software and Affected Versions: Azure Bot Framework SDK affected versions not specified Description: The issue is related to improper authorization in the Azure Bot Framework SDK, allowing an unauthorized attacker to elevate privileges over a network. Recommendations: At th...

PT-2025-17908

Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A security issue was discovered that can allow hackers to gain access to sensitive information about students and prevent them from logging into their accounts, even after they had completed...

PT-2025-15736 · Essential Marketer · Essential Breadcrumbs

Name of the Vulnerable Software and Affected Versions: Essential Breadcrumbs versions 1.1.1 and earlier Description: A Cross-Site Request Forgery CSRF issue in Essential Marketer Essential Breadcrumbs allows Privilege Escalation. Recommendations: For Essential Breadcrumbs versions 1.1.1 and...

PT-2025-13414

Name of the Vulnerable Software and Affected Versions Data::Entropy versions 0.007 and earlier Description The issue concerns the use of the rand function as the default source of entropy, which is not cryptographically secure, for cryptographic functions. Recommendations For Data::Entropy versio...

PT-2025-23989

Name of the Vulnerable Software and Affected Versions: golang versions 1.15 through 1.19 Description: The issue affects golang packages in Debian Linux. No further details are available due to the lack of information from high-priority sources. Recommendations: For golang version 1.15, update to ...

PT-2024-7982

Name of the Vulnerable Software and Affected Versions D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L versions up to 20241028 Description A critical issue exists in the cgi user add function of the file /cgi-bin/account mgr.cgi?cmd=cgi user add within the affected D-Link devices. Manipulation of...

PT-2024-25309 · Unknown · Crelly Slider

Name of the Vulnerable Software and Affected Versions: Crelly Slider versions 1.4.5 and earlier Description: The issue is related to an Authorization Bypass Through User-Controlled Key vulnerability. This allows for authorization bypass, potentially compromising system security. Recommendations:...

PT-2023-35588 · Git +1 · Clamav

Name of the Vulnerable Software and Affected Versions: No specific software or versions mentioned. Description: A crash was reported due to a Memcpy-param-overlap issue. The crash state includes repeat, p ere, and p ere. Recommendations: At the moment, there is no information about a newer versio...

PT-2023-17466 · Unknown · System Management Mode

Name of the Vulnerable Software and Affected Versions: System Management Mode SMM affected versions not specified Description: A race condition in System Management Mode SMM code may allow an attacker using a compromised user space to potentially result in privilege escalation. Recommendations: A...

PT-2025-26127 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue was found in the Linux kernel, specifically in the security read state kernel function. This function directly returns the result of security read policy without...

PT-2023-5999 · Fortinet · Fortios

Name of the Vulnerable Software and Affected Versions: Fortinet FortiOS versions 7.2.0 through 7.2.4 Fortinet FortiOS version 7.4.0 Description: The issue is related to improper access control in the FortiOS REST API component, allowing an attacker to access restricted resources from non-trusted...

PT-2023-26674 · Berkaygediz · Oblog

Name of the Vulnerable Software and Affected Versions: berkaygediz O Blog version 1.0 Description: The issue allows a local attacker to escalate privileges via the secure file priv component. This is a SQL injection vulnerability. Recommendations: For berkaygediz O Blog version 1.0, consider...