938 matches found
PT-2025-39582
Name of the Vulnerable Software and Affected Versions Joovii Sendle Shipping versions through 6.02 Description A Cross-Site Request Forgery CSRF issue exists in Joovii Sendle Shipping. This allows attackers to perform actions on behalf of unsuspecting users. The issue allows Cross Site Request...
CVE-2025-34186
Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a vulnerability in its authentication mechanism. Unsanitized input is passed to a system call for authentication, allowing attackers to inject special characters and manipulate command parsing. Because the binary interprets non-zero exit...
CVE
It is an offensive tool for web applications. The repository app...
CVE-2025-43784
CVE-2025-43784 affects Liferay Portal (7.4.0–7.4.3.124) and Liferay DXP (2024.Q2.0–2024.Q2.8, 2024.Q1.1–2024.Q1.12, and 7.4 GA through update 92). Root cause: improper access control allowing guest users to view object entries via API Builder. Impact: exposure of object entries information (confi...
PT-2025-36440
Name of the Vulnerable Software and Affected Versions: Apache Jackrabbit Core versions 1.0.0 through 2.22.1 Apache Jackrabbit JCR Commons versions 1.0.0 through 2.22.1 Description: This issue involves the deserialization of untrusted data in Apache Jackrabbit Core and Apache Jackrabbit JCR Common...
CVE-2025-58460
The CVE concerns the Jenkins OpenTelemetry Plugin (versions up to 3.1543.v8446b_92b_cd64) with a missing permission check. This allows attackers who have Overall/Read to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, enabling capture...
PT-2025-34842 · Print.Pl · Print.Pl
Name of the Vulnerable Software and Affected Versions: Print.pl affected versions not specified Description: The uhcPrintServerPrint function allows execution of arbitrary code via the CopyCounter parameter. Recommendations: At the moment, there is no information about a newer version that contai...
PT-2025-34852 · Uhcrtfdoc · Uhcrtfdoc
Name of the Vulnerable Software and Affected Versions: UHCRTFDoc affected versions not specified Description: The filename parameter in UHCRTFDoc can be exploited to execute arbitrary code through command injection into the system function call within the ConvertToPDF function. Recommendations: A...
PT-2025-34847 · Clininet · Clininet
Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: The vulnerability allows unauthenticated users to download a file containing session ID data by directly accessing the /cgi-bin/CliniNET.prd/utils/userlogxls.pl endpoint. Recommendations: ...
PT-2025-34857 · Cgm · Cgm Clininet
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The configuration file containing database logins and passwords is readable by any local user. Recommendations: At the moment, there is no information about a...
PT-2025-34846 · Clininet · Clininet
Name of the Vulnerable Software and Affected Versions: CliniNET affected versions not specified Description: Unauthenticated access to the /cgi-bin/CliniNET.prd/GetActiveSessions.pl endpoint allows takeover of any user session logged into the system, including those with administrative privileges...
PT-2025-34343 · Uniong · Webitr
Name of the Vulnerable Software and Affected Versions: WebITR versions affected versions not specified Description: WebITR developed by Uniong is susceptible to an arbitrary file reading issue. This allows remote attackers with regular privileges to exploit an Absolute Path Traversal flaw to...
PT-2025-34237
Name of the Vulnerable Software and Affected Versions: org.keycloak/keycloak-model-storage-service affected versions not specified Description: A flaw exists in the KeycloakRealmImport custom resource, which substitutes placeholders within imported realm documents, referencing environment...
PT-2025-33903 · Six Apart · Movable Type
Name of the Vulnerable Software and Affected Versions: Movable Type affected versions not specified Description: An open redirect issue exists in Movable Type. Exploitation of this issue may allow an attacker to insert an invalid parameter into the password reset page, potentially redirecting use...
PT-2025-33716 · Unknown · Fluke Process Instruments Devices
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: An unauthenticated remote attacker can grant access without password protection to the affected device, enabling unprotected read-only access to stored measurement data. Recommendations: At the...
PT-2025-33725 · Lexmark · Lexmark Cloud Services
Name of the Vulnerable Software and Affected Versions: Lexmark Cloud Services affected versions not specified Description: A missing authorization vulnerability in Lexmark Cloud Services badge management allows an attacker to reassign badges within their organization. Recommendations: At the...
PT-2025-33473 · Zte · Zte F50
Name of the Vulnerable Software and Affected Versions: ZTE F50 affected versions not specified Description: An unauthorized access issue exists in ZTE F50 due to improper permission control of the Web module interface. This allows an unauthorized attacker to obtain sensitive information through t...
Malicious code in @malware-test-airer-dojos-rabat-mased/test-mlw3-airer-dojos-rabat-mased (npm)
The package @malware-test-airer-dojos-rabat-mased/test-mlw3-airer-dojos-rabat-mased was found to contain malicious code...
PT-2025-33397 · WordPress · Visual Composer Website Builder
Name of the Vulnerable Software and Affected Versions: Visual Composer Website Builder affected versions not specified Description: Improper neutralization of input during web page generation allows for Stored Cross-site Scripting XSS. Recommendations: At the moment, there is no information about...
Windows Download Execute
Downloads and executes the file from the specified url. Module Options msf use payload/windows/x64/downloadexec msf payloaddownloadexec show actions ...actions... msf payloaddownloadexec set ACTION msf payloaddownloadexec show options ...show and set options... msf payloaddownloadexec run...