PT-2026-28721

Name of the Vulnerable Software and Affected Versions PromtEngineer localGPT versions prior to 4d41c7d1713b16b216d8e062e51a5dd88b20b054 Description A flaw exists in PromtEngineer localGPT that allows for information disclosure. The issue is located in the handle index function within the rag...

EUVD-2021-2446

Malware in sbrugna...

EUVD-2024-2329

Malicious code in bioql PyPI...

EUVD-2025-17468

Malicious code in bioql PyPI...

PT-2025-30214 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.6.0 Description: An issue exists in Logpoint that allows an attacker with operator privileges to exploit a path traversal vulnerability when creating a Layout Template. Successful exploitation can lead to remote...

PT-2025-30008 · WordPress · Masterstudy Lms Pro

Name of the Vulnerable Software and Affected Versions: MasterStudy LMS Pro versions up to and including 4.7.9 Description: The MasterStudy LMS Pro plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the install and activate plugin function. Thi...

PT-2025-29784 · WordPress · Medical Prescription Attachment Plugin For Woocommerce

Name of the Vulnerable Software and Affected Versions: Medical Prescription Attachment Plugin for WooCommerce versions n/a through 1.2.3 Description: The Medical Prescription Attachment Plugin for WooCommerce contains a flaw that permits the upload of arbitrary files, potentially including web...

PT-2025-28219 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being...

Wireshark 3.6.x < 3.6.14, 4.0.x < 4.0.6 Multiple Vulnerabilities (Jul 2025) - Mac OS X

Wireshark is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wireshark:wireshark"; ifdescripti...

PT-2025-27937 · WordPress · Kossy - Minimalist Ecommerce Wordpress Theme

Name of the Vulnerable Software and Affected Versions: Kossy - Minimalist eCommerce WordPress Theme versions 1.45 and earlier Description: The issue affects the Kossy - Minimalist eCommerce WordPress Theme due to improper control of filename for include/require statement in PHP program, allowing...

PT-2025-27103 · Sneeit · Sneeit Magone

Name of the Vulnerable Software and Affected Versions: Sneeit MagOne versions through 8.5 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. This means that an attacker can inject...

PT-2025-27207 · Zealousweb · Zealousweb Accept Stripe Payments Using Contact Form 7

Name of the Vulnerable Software and Affected Versions: ZealousWeb Accept Stripe Payments Using Contact Form 7 versions 3.0 and earlier Description: The issue allows the retrieval of embedded sensitive data due to the insertion of sensitive information into sent data. Recommendations: For ZealousW...

CVE-2024-37395

REDCap 13.1.9.x stores XSS in the Public Survey page: authenticated users can inject scripts via the Survey Title and Survey Instructions. The vulnerability triggers when the survey is accessed via its public link. Remediation is to update to 14.2.1 or later (per the CVE description). The connect...

PT-2025-24503 · WordPress · Backup/Staging By Wp Time Capsule

Name of the Vulnerable Software and Affected Versions: Backup and Staging by WP Time Capsule versions 1.22.23 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This means an...

PT-2025-24182 · Unknown · Nexa Blocks

Name of the Vulnerable Software and Affected Versions: Nexa Blocks versions 1.1.0 and earlier Description: A Server-Side Request Forgery SSRF issue affects Nexa Blocks, allowing for Server Side Request Forgery. Recommendations: For versions 1.1.0 and earlier, update to a version that contains a f...

PT-2025-24117 · Unknown · Nir Complete Google Seo Scan

Name of the Vulnerable Software and Affected Versions: Nir Complete Google Seo Scan versions 3.5.1 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

CVE-2025-23033

WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the adicionarsituacao.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...

CVE-2024-45876

The login form of baltic-it TOPqw Webportal v1.35.283.2 fixed in version 1.35.283.4 at /Apps/TOPqw/Login.aspx is vulnerable to SQL injection. The vulnerability exists in the POST parameter txtUsername, which allows for manipulation of SQL queries...

CVE-2021-21367

Switchboard Bluetooth Plug for elementary OS from version 2.3.0 and before version version 2.3.5 has an incorrect authorization vulnerability. When the Bluetooth plug is running in discoverable mode, Bluetooth service requests and pairing requests are automatically accepted, allowing physically...

CVE-2021-41238

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...