EUVD-2026-23018

Weblate: SSRF via the webhook add-on using unprotected fetchurl...

PT-2025-30671 · Tenda · Tenda Ac8V4

Name of the Vulnerable Software and Affected Versions: Tenda AC8V4 version V16.03.34.06 Description: The Tenda AC8V4 device contains a stack overflow issue at the /goform/saveParentControlInfo API endpoint. Manipulation of the time parameter leads to a stack-based buffer overflow. Recommendations...

CVE-2025-47291

CVE-2025-47291 concerns containerd’s CRI: versions 2.0.1–2.0.4 do not place usernamespaced containers under the Kubernetes cgroup hierarchy, which may cause Kubernetes limits to not be honored and could lead to node denial of service. The issue is fixed in containerd 2.0.5+ and 2.1.0+. Remediatio...

PT-2025-23171 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.178 Description: The issue is related to the deserialization of untrusted data due to insufficient validation, allowing arbitrary code execution. This occurs when a string with a serialized object is passed...

PT-2025-16905

Name of the Vulnerable Software and Affected Versions Erlang/OTP versions prior to 27.3.3 Erlang/OTP versions prior to 26.2.5.11 Erlang/OTP versions prior to 25.3.2.20 Description A critical flaw in the SSH server implementation of Erlang/OTP allows an unauthenticated remote attacker to achieve...

PT-2024-5516 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 13.9 through 17.0.6 GitLab CE/EE versions 17.1 through 17.1.4 GitLab CE/EE versions 17.2 through 17.2.2 Description: An issue has been discovered in GitLab CE/EE where access tokens may have been logged when an API reque...

CVE-2024-32458 FreeRDP Out-Of-Bounds Read in planar_skip_plane_rle

FreeRDP is a free implementation of the Remote Desktop Protocol. FreeRDP based clients that use a version of FreeRDP prior to 3.5.0 or 2.11.6 are vulnerable to out-of-bounds read. Versions 3.5.0 and 2.11.6 patch the issue. As a workaround, use /gfx or /rfx modes on by default, require server side...

PT-2024-18021 · WordPress · Powerpack Addons For Elementor

Name of the Vulnerable Software and Affected Versions: PowerPack Addons for Elementor plugin for WordPress versions up to, and including, 2.7.15 Description: The issue is related to Stored Cross-Site Scripting via the settings of the Twitter Buttons Widget due to insufficient input sanitization a...

PT-2023-4228 · Siemens · Siemens Solid Edge

Name of the Vulnerable Software and Affected Versions: Siemens Solid Edge SE2023 versions prior to V223.0 Update 7 Description: The issue is related to an out of bounds read past the end of an allocated structure while parsing specially crafted PSM files. This could allow an attacker to execute...

PT-2023-20314 · WordPress · Ai Engine

Name of the Vulnerable Software and Affected Versions: AI Engine WordPress plugin versions prior to 1.6.83 Description: The issue allows high-privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

PT-2023-18385 · WordPress · Login Rebuilder

Name of the Vulnerable Software and Affected Versions: Login rebuilder WordPress plugin versions prior to 2.8.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

Path traversal

Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A...

PT-2022-23249 · Gpac · Gpac

Name of the Vulnerable Software and Affected Versions: GPAC versions 2.1-DEV-revUNKNOWN-master Description: A Null Pointer dereference issue exists via the function gf filter pid set property full at filter core/filter pid.c:5250, which causes a Denial of Service DoS. Recommendations: For GPAC...

CVE-2022-31093 Improper Handling of `callbackUrl` parameter in next-auth

NextAuth.js is a complete open source authentication solution for Next.js applications. In affected versions an attacker can send a request to an app using NextAuth.js with an invalid callbackUrl query parameter, which internally is converted to a URL object. The URL instantiation would fail due ...

CVE-2022-21720 SQL injection using custom CSS administration form in GLPI

GLPI is a free asset and IT management software package. Prior to version 9.5.7, an entity administrator is capable of retrieving normally inaccessible data via SQL injection. Version 9.5.7 contains a patch for this issue. As a workaround, disabling the Entities update right prevents exploitation...

"Code 0x80070057 The parameter is incorrect" error when you try to display a user's "effective access" to a file

"Code 0x80070057 The parameter is incorrect" error when you try to display a user's "effective access" to a file This article describes an issue that occurs when you try to display a user's "effective access" to a file in Windows 8.1, Windows Server 2012 R2, Windows 8, or Windows Server 2012. You...