PT-2026-5176

Discourse is an open source discussion platform. A vulnerability present in versions prior to 3.5.4, 2025.11.2, 2025.12.1, and 2026.1.0 affects anyone who uses S3 for uploads. While scripts may be executed, they will only be run in the context of the S3/CDN domain, with no site credentials...

PT-2025-2059 · Wander Chu · Springboot-Blog

Name of the Vulnerable Software and Affected Versions: wander-chu SpringBoot-Blog version 1.0 Description: A critical vulnerability has been found in the Admin Attachment Handler component, specifically affecting the upload function of the AttachtController.java file. The manipulation of the file...

PT-2025-2024 · Unknown · Mysiteforme

Name of the Vulnerable Software and Affected Versions: wangl1989 mysiteforme version 1.0 Description: A critical issue has been found in the file upload function of the LocalUploadServiceImpl class, located at src/main/java/com/mysiteform/admin/service/ipl/. The manipulation of the test argument...

PT-2024-39860 · Codezips · Codezips Tourist Management System

Name of the Vulnerable Software and Affected Versions: Codezips Tourist Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown functionality of the file /admin/create-package.php. The manipulation of the packageimage argument leads to...