133 matches found
EUVD-2024-41281
Malicious code in bioql PyPI...
EUVD-2025-0077
Malicious code in bioql PyPI...
PT-2025-31954 · Halo · Halo
Name of the Vulnerable Software and Affected Versions: Halo versions prior to 2.20.18LTS Description: The reconcile method within the AttachmentReconciler class is susceptible to Cross-Site Scripting XSS attacks. Recommendations: Update to a version of Halo later than 2.20.18LTS...
PT-2025-32001
Name of the Vulnerable Software and Affected Versions ModSecurity versions 2.9.11 and below Description ModSecurity is a web application firewall engine for Apache, IIS, and Nginx. An attacker can override the HTTP response’s Content-Type, potentially leading to issues such as cross-site scriptin...
PT-2025-29884 · Idera · Idera Up.Time Monitoring Station
Name of the Vulnerable Software and Affected Versions: Idera Up.Time Monitoring Station versions up to and including 7.2 Description: An unauthenticated arbitrary file upload issue exists. The wizards/post2file.php script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP...
PT-2025-29520 · Dokploy · Dokploy
Name of the Vulnerable Software and Affected Versions: Dokploy versions prior to 0.24.3 Description: Dokploy is a free, self-hostable Platform as a Service PaaS. A vulnerability in the preview deployment feature allows any user to execute arbitrary code and access sensitive environment variables ...
PT-2025-28862 · Unknown · Datasync Center
Name of the Vulnerable Software and Affected Versions: DataSync Center versions 1.1.0 through 1.1.0.r207 DataSync Center versions 1.2.0 through 1.2.0.r206 Description: A security bypass issue allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the...
PT-2025-27769 · Docker · Docker Desktop
Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.43.0 Description: The issue concerns the recording of system environment variables in Docker Desktop diagnostic logs when using shell auto-completion. This leads to the unintentional disclosure of sensitive...
PT-2025-26920 · WordPress · Vg Wort Metis
Name of the Vulnerable Software and Affected Versions: VG WORT METIS plugin for WordPress versions prior to 2.0.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the gutenberg save post function. This allows authenticated attackers with...
PT-2025-26731
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an...
PT-2025-26730
Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user visits a webpage with an invalid TLS certificate and grants an exception. In this scenario, the webpage can provide a WebAuthn challenge that the user is prompted to...
PT-2025-26290 · WordPress · Euro Fxref Currency Converter
Name of the Vulnerable Software and Affected Versions: Euro FxRef Currency Converter plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's currency shortcode due to insufficient input sanitization and output...
PT-2025-26231 · Powsybl · Powsybl
Name of the Vulnerable Software and Affected Versions: PowSyBl versions prior to 6.7.2 Description: The issue concerns an XML external entity XXE attack and a server-side request forgery SSRF attack in certain places of powsybl-core XML parsing. This allows an attacker to elevate their privileges...
PT-2025-25971 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-yocto-standard+ Description: A vulnerability in the Linux kernel has been resolved, related to the powerpc/pci component. The issue arises from the get phb number function, which causes a DEBUG ATOMIC SLE...
PT-2025-25399 · WordPress · Auto Attachments
Name of the Vulnerable Software and Affected Versions: Auto Attachments plugin for WordPress versions up to, and including, 1.8.5 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticat...
PT-2025-25343 · Vantage6 · Vantage6
Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.11.0 Description: The vantage6 server has a predictable JWT secret key generation issue. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This issue...
PT-2025-24564 · Hax Cms · Hax Cms
Name of the Vulnerable Software and Affected Versions: HAX CMS PHP versions prior to 11.0.0 Description: The issue allows an authenticated attacker to create a HAX site with a website block that can load another site in an iframe, potentially leading to phishing attacks. When a user visits the...
PT-2025-24435 · Github +4 · Github +4
Name of the Vulnerable Software and Affected Versions: Wasp versions prior to 0.16.6 Description: The issue concerns the implementation of OAuth authentication in Wasp, specifically affecting Keycloak with a particular configuration. Wasp's behavior of lowercasing OAuth user IDs before storing or...
PT-2025-24077 · WordPress · Simple History
Name of the Vulnerable Software and Affected Versions: The Simple History plugin for WordPress versions prior to 5.8.1 Description: The issue concerns sensitive data exposure due to improper sanitization within the append debug info to context function when Detective Mode is enabled. This allows...
PT-2025-24166 · Unknown · Melipayamak
Name of the Vulnerable Software and Affected Versions: Melipayamak versions through 2.2.12 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions throug...