PT-2026-36292

Name of the Vulnerable Software and Affected Versions SourceCodester Advanced School Management System version 1.0 Description A SQL injection flaw exists in the 'checkEmail' endpoint within the commonController.php file. This issue allows remote attackers to manipulate database queries through a...

CVE-2025-68435 Zerobyte has Authentication Bypass by Primary Weakness

Zerobyte is a backup automation tool Zerobyte versions prior to 0.18.5 and 0.19.0 contain an authentication bypass vulnerability where authentication middleware is not properly applied to API endpoints. This results in certain API endpoints being accessible without valid session credentials. This...

SUSE CVE-2025-68216

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

UBUNTU-CVE-2025-68216

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

CVE-2025-68216

Summary (CVE-2025-68216): In the Linux kernel, LoongArch-architecture BPF trampoline attachments to kernel module functions have been disabled due to incompatibilities with tracing in modules. This prevents attaching BPF fentry/trampoline probes to module functions, addressing severe user-visible...

CVE-2025-68216 LoongArch: BPF: Disable trampoline for kernel module function trace

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

PT-2025-51629

In the Linux kernel, the following vulnerability has been resolved: LoongArch: BPF: Disable trampoline for kernel module function trace The current LoongArch BPF trampoline implementation is incompatible with tracing functions in kernel modules. This causes several severe and user-visible problem...

EUVD-2022-36952

Malicious code in bioql PyPI...

PT-2025-26576 · Htacg +1 · Tidy-Html5 +1

Name of the Vulnerable Software and Affected Versions: HTACG tidy-html5 version 5.8.0 Description: A memory leak issue has been discovered, affecting the defaultAlloc function in the src/alloc.c file. This issue can be exploited locally, potentially leading to memory leak. The exploit details hav...

PT-2024-12602 · Loftware · Loftware Spectrum

Name of the Vulnerable Software and Affected Versions: Loftware Spectrum versions through 4.6 Description: The issue concerns an unprotected JMX Registry in Loftware Spectrum. Recommendations: For versions through 4.6, consider restricting access to the JMX Registry as a temporary mitigation...

PT-2024-27077 · Unknown · Akbr Update

Name of the Vulnerable Software and Affected Versions: akbr update version 1.0.0 Description: The issue is related to Prototype Pollution, which occurs via the update/index.js file. Recommendations: For akbr update version 1.0.0, consider restricting access to the update/index.js file as a...

PT-2024-14508 · Ibm · Ibm Db2

Name of the Vulnerable Software and Affected Versions: IBM DB2 for Linux, UNIX and Windows includes Db2 Connect Server version 11.5 Description: The issue is related to a denial of service condition that can occur when querying a specific UDF built-in function concurrently. Recommendations: For I...

PT-2023-21328 · Wondershare · Wondershare Uniconverter

Name of the Vulnerable Software and Affected Versions: Wondershare UniConverter version 14.0.0 Description: An issue in Wondershare UniConverter allows a remote attacker to execute arbitrary commands via the uniconverter14 64bit setup full14204.exe file. Recommendations: For Wondershare...

PT-2022-27909 · Trendnet · Trendnet Tew755Ap

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW755AP version 1.13B01 Description: A stack overflow issue was discovered, related to the cameo.nslookup target parameter in the tools nslookup function. Recommendations: For TRENDnet TEW755AP version 1.13B01, avoid using the...

CVE-2022-33915

Versions of the Amazon AWS Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3.5 are affected by a race condition that could lead to a local privilege escalation. This Hotpatch package is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 or...

Important: log4j-cve-2021-44228-hotpatch

Issue Overview: Versions of the Apache Log4j hotpatch package before log4j-cve-2021-44228-hotpatch-1.3-5 are affected by a race condition that could lead to a local privilege escalation. The Apache Log4j Hotpatch is not a replacement for updating to a log4j version that mitigates CVE-2021-44228 o...

Patch Your WSO2: CVE-2022-29464 Exploited to Install Linux-Compatible Cobalt Strike Beacons, Other Malware

Users of WSO2 products are advised to update their respective products and platforms or to apply the temporary mitigation steps immediately...

PT-2019-14784 · Imagemagick +4 · Imagemagick +4

Name of the Vulnerable Software and Affected Versions: ImageMagick version 7.0.8-35 Description: The issue is related to a memory leak in the coders/dps.c file, which can be demonstrated through the XCreateImage function. Recommendations: For ImageMagick version 7.0.8-35, consider restricting...

Microsoft Windows Media Player ‘winmm.dll’ MIDI文件解析远程代码执行漏洞(CVE-2012-0003)

CVE-2012-0003 Microsoft Windows是微软发布的非常流行的操作系统。Windows Media Player是系统的多媒体播放组件。 WMP在处理畸形结构的MIDI数据时存在内存破坏漏洞。远程攻击者可利用该漏洞通过诱使用户访问恶意网页控制用户系统。 0 Microsoft Windows XP Professional Microsoft Windows XP Home Edition Microsoft Windows Vista Microsoft Windows Storage Server 2003 Microsoft Windows Server 20...

Microsoft IE winhlp32.exe服务远程代码执行漏洞(MS10-022)

BUGTRAQ ID: 38463 CVE ID: CVE-2010-0483 Internet Explorer是Windows操作系统中默认捆绑的web浏览器。 用户可以使用VBScript从IE调用winhlp32.exe服务，如果向该服务传送了恶意的.HLP文件就会导致执行任意命令。 必需一些用户交互才可以触发这个漏洞，在显示MsgBox弹出框时用户需要按下F1。以下是MsgBox函数的句法： MsgBoxprompt,buttons,title,helpfile,context...