EUVD-2021-9691

Malicious code in bioql PyPI...

PT-2025-32113 · Samsung · Galaxy Wearable

Name of the Vulnerable Software and Affected Versions: Galaxy Wearable versions prior to 2.2.63.25042861 Description: Improper access control in Galaxy Wearable allows local attackers to access sensitive information. Recommendations: Update Galaxy Wearable to version 2.2.63.25042861 or later...

PT-2025-31048

Name of the Vulnerable Software and Affected Versions ssrfcheck versions prior to 1.2.0 Description The package is vulnerable to Server-Side Request Forgery SSRF due to an incomplete denylist of IP address ranges. The package fails to classify the reserved IP address space 224.0.0.0/4 Multicast a...

PT-2025-30909 · Unknown · Codeigniter4

Name of the Vulnerable Software and Affected Versions: CodeIgniter4 version 4.6.0 Description: A stored cross-site scripting XSS vulnerability exists in CodeIgniter4. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the debugbar time parameter...

PT-2025-30527 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: An unrestricted file upload issue with dangerous file types exists in Samsung Electronics MagicINFO 9 Server, potentially leading to code injection. Recommendations: Update MagicINFO...

PT-2025-30528 · Samsung · Magicinfo 9 Server

Name of the Vulnerable Software and Affected Versions: MagicINFO 9 Server versions prior to 21.1080.0 Description: A flaw exists in Samsung Electronics MagicINFO 9 Server that allows code injection through the unrestricted upload of files with dangerous types. Recommendations: Update MagicINFO 9...

PT-2025-30325 · Ibm · Ibm Cognos Analytics Mobile

Name of the Vulnerable Software and Affected Versions: IBM Cognos Analytics Mobile iOS versions 1.1.0 through 1.1.22 Description: IBM Cognos Analytics Mobile iOS is susceptible to a security issue that may allow malicious actors to obtain sensitive information. This is due to the cleartext...

PT-2025-30328 · Luxcal · Luxcal

Name of the Vulnerable Software and Affected Versions: Luxcal version 4.5.2 Description: A reflected cross-site scripting XSS vulnerability exists in index.php that allows an unauthenticated attacker to steal other users' data. Recommendations: Update to a newer version that contains a fix for th...

PT-2025-30362 · Pyload · Pyload

Name of the Vulnerable Software and Affected Versions: pyLoad versions prior to 0.5.0b3.dev90 Description: pyLoad contains an authenticated path traversal vulnerability in the /json/upload endpoint. By manipulating the filename of an uploaded file, an attacker can traverse out of the intended...

PT-2025-29999 · WordPress · Woocommerce Refund/Exchange With Rma - Warranty Management

Name of the Vulnerable Software and Affected Versions: WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet versions up to and including 3.2.6 Description: The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User...

PT-2025-30057 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.6 Description: WeGIA is an open source web manager designed for the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting XSS vulnerability exists in the personalizacao.php endpoint...

PT-2025-29816 · Unknown · Uxper Sala

Name of the Vulnerable Software and Affected Versions: uxper Sala versions n/a through 1.1.3 Description: A missing authorization issue exists in uxper Sala, allowing access to functionality not properly constrained by Access Control Lists ACLs. Recommendations: Update uxper Sala to a version...

PT-2025-29753 · WordPress · Wpadverts

Name of the Vulnerable Software and Affected Versions: WPAdverts versions through 2.2.5 Description: The software contains a DOM-Based Cross-site Scripting issue due to improper neutralization of input during web page generation. Recommendations: Update WPAdverts to a version later than 2.2.5...

PT-2025-29805 · Unknown · Funnelkit Funnel Builder

Name of the Vulnerable Software and Affected Versions: FunnelKit Funnel Builder versions through 3.10.2 Description: FunnelKit Funnel Builder is susceptible to a SQL injection flaw due to improper neutralization of special elements within SQL commands. This issue allows for potential SQL injectio...

PT-2025-29573 · Dassault Systèmes · Solidworks Edrawings +1

Name of the Vulnerable Software and Affected Versions: SOLIDWORKS eDrawings versions prior to SOLIDWORKS Desktop 2025 Description: A use of uninitialized variable issue exists in the JT file reading procedure. This could allow an attacker to execute arbitrary code when opening a specially crafted...

PT-2025-29399 · Unknown · Sapido Rb-1802

Name of the Vulnerable Software and Affected Versions: Sapido RB-1802 version 1.0.32 Description: A cross-site scripting issue exists in the URL Filtering Page component, specifically within the urlfilter.asp file. The manipulation of the URL address argument can lead to exploitation. The exploit...

PT-2025-29310 · WordPress · Beeteam368 Extensions

Name of the Vulnerable Software and Affected Versions: BeeTeam368 Extensions plugin for WordPress versions up to and including 2.3.5 Description: The BeeTeam368 Extensions plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the handle...

PT-2025-28397 · Siemens · Solid Edge

Name of the Vulnerable Software and Affected Versions: Solid Edge SE2025 versions prior to V225.0 Update 5 Description: A vulnerability has been identified in the affected applications, which contain an out of bounds read past the end of an allocated structure while parsing specially crafted PAR...

PT-2025-28761 · Adobe · Indesign Desktop

Name of the Vulnerable Software and Affected Versions: InDesign Desktop versions 19.5.3 and earlier Description: InDesign Desktop versions 19.5.3 and earlier are susceptible to an out-of-bounds write issue. Successful exploitation of this issue could lead to arbitrary code execution with the...

PT-2025-27822 · Unknown · Wpcenter Aibud Wp

Name of the Vulnerable Software and Affected Versions: WPCenter AiBud WP versions 1.8.5 and earlier Description: The issue affects WPCenter AiBud WP, allowing an unrestricted upload of a file with a dangerous type, which enables uploading a web shell to a web server. Recommendations: For versions...