EUVD-2024-41281

Malicious code in bioql PyPI...

EUVD-2025-0077

Malicious code in bioql PyPI...

PT-2025-32001

Name of the Vulnerable Software and Affected Versions ModSecurity versions 2.9.11 and below Description ModSecurity is a web application firewall engine for Apache, IIS, and Nginx. An attacker can override the HTTP response’s Content-Type, potentially leading to issues such as cross-site scriptin...

PT-2025-31954 · Halo · Halo

Name of the Vulnerable Software and Affected Versions: Halo versions prior to 2.20.18LTS Description: The reconcile method within the AttachmentReconciler class is susceptible to Cross-Site Scripting XSS attacks. Recommendations: Update to a version of Halo later than 2.20.18LTS...

PT-2025-29884 · Idera · Idera Up.Time Monitoring Station

Name of the Vulnerable Software and Affected Versions: Idera Up.Time Monitoring Station versions up to and including 7.2 Description: An unauthenticated arbitrary file upload issue exists. The wizards/post2file.php script accepts arbitrary POST parameters, allowing attackers to upload crafted PHP...

PT-2025-29520 · Dokploy · Dokploy

Name of the Vulnerable Software and Affected Versions: Dokploy versions prior to 0.24.3 Description: Dokploy is a free, self-hostable Platform as a Service PaaS. A vulnerability in the preview deployment feature allows any user to execute arbitrary code and access sensitive environment variables ...

PT-2025-28862 · Unknown · Datasync Center

Name of the Vulnerable Software and Affected Versions: DataSync Center versions 1.1.0 through 1.1.0.r207 DataSync Center versions 1.2.0 through 1.2.0.r206 Description: A security bypass issue allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the...

PT-2025-27769 · Docker · Docker Desktop

Name of the Vulnerable Software and Affected Versions: Docker Desktop versions prior to 4.43.0 Description: The issue concerns the recording of system environment variables in Docker Desktop diagnostic logs when using shell auto-completion. This leads to the unintentional disclosure of sensitive...

PT-2025-26920 · WordPress · Vg Wort Metis

Name of the Vulnerable Software and Affected Versions: VG WORT METIS plugin for WordPress versions prior to 2.0.0 Description: The issue is related to unauthorized modification of data due to a missing capability check on the gutenberg save post function. This allows authenticated attackers with...

PT-2025-26731

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The exception page for the HTTPS-Only feature, displayed when a website is opened via HTTP, lacked an anti-clickjacking delay, potentially allowing an attacker to trick a user into granting an...

PT-2025-26730

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 140 Description: The issue arises when a user visits a webpage with an invalid TLS certificate and grants an exception. In this scenario, the webpage can provide a WebAuthn challenge that the user is prompted to...

PT-2025-26290 · WordPress · Euro Fxref Currency Converter

Name of the Vulnerable Software and Affected Versions: Euro FxRef Currency Converter plugin for WordPress versions up to, and including, 2.0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's currency shortcode due to insufficient input sanitization and output...

PT-2025-26231 · Powsybl · Powsybl

Name of the Vulnerable Software and Affected Versions: PowSyBl versions prior to 6.7.2 Description: The issue concerns an XML external entity XXE attack and a server-side request forgery SSRF attack in certain places of powsybl-core XML parsing. This allows an attacker to elevate their privileges...

PT-2025-25971 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-yocto-standard+ Description: A vulnerability in the Linux kernel has been resolved, related to the powerpc/pci component. The issue arises from the get phb number function, which causes a DEBUG ATOMIC SLE...

PT-2025-25399 · WordPress · Auto Attachments

Name of the Vulnerable Software and Affected Versions: Auto Attachments plugin for WordPress versions up to, and including, 1.8.5 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This allows authenticat...

PT-2025-25343 · Vantage6 · Vantage6

Name of the Vulnerable Software and Affected Versions: vantage6 versions prior to 4.11.0 Description: The vantage6 server has a predictable JWT secret key generation issue. The auto-generated key is a UUID1, which is not cryptographically secure as it is predictable to some extent. This issue...

PT-2025-24564 · Hax Cms · Hax Cms

Name of the Vulnerable Software and Affected Versions: HAX CMS PHP versions prior to 11.0.0 Description: The issue allows an authenticated attacker to create a HAX site with a website block that can load another site in an iframe, potentially leading to phishing attacks. When a user visits the...

PT-2025-24435 · Github +4 · Github +4

Name of the Vulnerable Software and Affected Versions: Wasp versions prior to 0.16.6 Description: The issue concerns the implementation of OAuth authentication in Wasp, specifically affecting Keycloak with a particular configuration. Wasp's behavior of lowercasing OAuth user IDs before storing or...

PT-2025-24166 · Unknown · Melipayamak

Name of the Vulnerable Software and Affected Versions: Melipayamak versions through 2.2.12 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Stored XSS attacks. Recommendations: For versions throug...

PT-2025-24141 · Woocommerce · Direct Checkout For Woocommerce Lite

Name of the Vulnerable Software and Affected Versions: Direct Checkout for WooCommerce Lite versions 1.0.3 and earlier Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions...