PT-2026-1638

Name of the Vulnerable Software and Affected Versions QR Code for WooCommerce order emails, PDF invoices, packing slips plugin for WordPress versions through 1.9.42 Description The plugin is susceptible to Stored Cross-Site Scripting through its shortcode due to inadequate input sanitization and...

PT-2025-30277 · Unknown · Extremecontrol

Name of the Vulnerable Software and Affected Versions: ExtremeControl versions prior to 25.5.12 Description: The application contains a cross-site scripting XSS issue in a login interface. This is due to improper handling of user-supplied input within HTML attributes, which allows an attacker to...

PT-2025-30190 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat versions 4.60 and 4.61 Description: A stored cross-site scripting XSS issue exists in the Personal Canned Messages feature. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload...

PT-2025-28941

Name of the Vulnerable Software and Affected Versions: Ameba-AIoT ameba-arduino-d versions prior to 3.1.9 ameba-rtos-d versions prior to commit c2bfd8216a1cbc19ad2ab5f48f372ecea756d67a Description: A heap-based buffer overflow exists in the WLAN driver defragment function due to a lack of...

PT-2025-27285 · WordPress · Beeteam368 Extensions Pro

Name of the Vulnerable Software and Affected Versions: BeeTeam368 Extensions Pro plugin for WordPress versions up to, and including, 2.3.4 Description: The issue allows authenticated attackers with Subscriber-level access and above to perform actions on files outside of the originally intended...

CVE-2024-37394

A stored cross-site scripting XSS vulnerability in the Project Dashboards of REDCap 13.1.9 allows authenticated users to execute arbitrary web script or HTML by injecting a crafted payload into the 'Dashboard title' and 'Dashboard content' text boxes. This can lead to the execution of malicious...

PT-2025-20063 · Penup · Penup

Name of the Vulnerable Software and Affected Versions: PENUP versions prior to 3.9.19.32 Description: The issue is related to improper access control, allowing local attackers to access files with PENUP privilege. Recommendations: For versions prior to 3.9.19.32, update to version 3.9.19.32 or...

PT-2025-20573 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.0 through 17.9.7 GitLab CE/EE versions 17.10 through 17.10.5 GitLab CE/EE versions 17.11 through 17.11.1 Description: An issue has been discovered in GitLab CE/EE that allows users to bypass IP access restrictions and...

PT-2025-18084 · Devexpress · Devexpress

Name of the Vulnerable Software and Affected Versions: DevExpress versions prior to 23.1.3 Description: The issue is related to the improper protection of XtraReport serialized data in ASP.NET web forms. This affects the security of the data, potentially allowing unauthorized access or...

PT-2025-17781 · John Weissberg · John Weissberg Print Science Designer

Name of the Vulnerable Software and Affected Versions: John Weissberg Print Science Designer versions 1.3.155 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in John Weissberg Print Science Designer. Recommendations: For versions 1.3.15...

PT-2025-17204 · Foxcms · Foxcms

Name of the Vulnerable Software and Affected Versions: FOXCMS versions prior to V1.25 Description: The issue allows for SQL Injection via the title parameter in the /admin/util/Field.php file. Recommendations: For versions prior to V1.25, consider restricting access to the title parameter in the...

PT-2025-15635 · Dnn · Dnn

Name of the Vulnerable Software and Affected Versions: DNN formerly DotNetNuke versions prior to 9.13.2 Description: The issue allows uploading files with malicious content by renaming them to have an allowed file extension, such as renaming an executable file to have a .jpg extension. This could...

CVE-2024-56195 Apache Traffic Server: Intercept plugins are not access controlled

Improper Access Control vulnerability in Apache Traffic Server. This issue affects Apache Traffic Server: from 9.2.0 through 9.2.8, from 10.0.0 through 10.0.3. Users are recommended to upgrade to version 9.2.9 or 10.0.4, which fixes the issue...

Mozilla Thunderbird ESR Security Update (MFSA2024-69) - Windows

Mozilla Thunderbird ESR is prone to an insufficient validation vulnerability. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2024-33377 · Unknown · Social Sharing Plugin

Name of the Vulnerable Software and Affected Versions: The Social Sharing Plugin versions prior to 3.3.63 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, in a...

PT-2024-21: OS Command Injection in Pandora FMS

The vulnerability was identified in Pandora FMS versions 700 to 776. The discovered vulnerability can be exploited by an attacker to inject commands into the operating system. The vulnerability is a part of the chain that leads to remote code execution PT-2024-20, CVE-2024-35305. Vulnerability...

PT-2025-3930

Name of the Vulnerable Software and Affected Versions Sparkle versions prior to 2.6.4 Description A security issue was found in Sparkle, where an attacker can replace an existing signed update with another payload, bypassing Sparkle’s EdDSA signing checks. This allows the attacker to potentially...

PT-2023-36310 · Unknown · Ca-Certificates

Name of the Vulnerable Software and Affected Versions: ca-certificates versions prior to 2.60 Description: The ca-certificates package contained outdated CA certificates. This update refreshes the included certificates to those contained in the 2.60 version of the Mozilla certificate authority...

PT-2023-19859 · Autodesk · Autodesk Infraworks

Name of the Vulnerable Software and Affected Versions: Autodesk InfraWorks versions 2021 through 2023 Description: A maliciously crafted DLL file can be forced to read beyond allocated boundaries when parsing the DLL files, potentially leading to a resource injection issue. Recommendations: For...

PT-2023-22246 · Bzip3 · Bzip3

Name of the Vulnerable Software and Affected Versions: bzip3 versions prior to 1.2.3 Description: An issue was discovered in libbzip3.a. There is an xwrite out-of-bounds read. Recommendations: For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue...