PT-2025-22459 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.10.7 GitLab CE/EE version 17.11 prior to 17.11.3 GitLab CE/EE version 18.0 prior to 18.0.1 Description: An issue has been discovered in GitLab CE/EE that could allow an authenticated attacker to cause a denia...

PT-2025-18293 · Xwiki · Xwiki

Name of the Vulnerable Software and Affected Versions: XWiki versions 6.1-milestone-1 through 15.10.12 XWiki versions 16.0.0-rc-1 through 16.4.3 XWiki versions 16.5.0-rc-1 through 16.8.0-rc-1 Description: The script API of the LESS compiler in XWiki is incorrectly checking for rights when calling...

PT-2025-16582 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11 Description: A vulnerability in the Linux kernel's xhci driver has been resolved. The issue occurred when handling Stoppend and Stopped - Length Invalid events, where the driver did not skip missed...

PT-2025-16438

Name of the Vulnerable Software and Affected Versions MySQL Server versions 8.0.0 through 8.0.41 MySQL Server versions 8.4.0 through 8.4.4 MySQL Server versions 9.0.0 through 9.2.0 Description The issue allows a high-privileged attacker with network access via multiple protocols to compromise MyS...

PT-2025-10607

Name of the Vulnerable Software and Affected Versions Nomad Community and Nomad Enterprise versions prior to 1.9.7 Nomad Enterprise versions prior to 1.8.11 Nomad Enterprise versions prior to 1.7.19 Description The issue concerns unintentional exposure of the workload identity token and client...

PT-2024-9380 · Drupal · Drupal Core

Name of the Vulnerable Software and Affected Versions: Drupal Core versions 8.0.0 through 10.2.11 Drupal Core versions 10.3.0 through 10.3.9 Drupal Core versions 11.0.0 through 11.0.8 Description: A vulnerability in Drupal Core allows privilege escalation. This issue is related to inconsistencies...

PT-2024-16390 · WordPress · Wpforms

Name of the Vulnerable Software and Affected Versions: WPForms – Easy Form Builder for WordPress – Contact Forms, Payment Forms, Surveys, & More plugin for WordPress versions up to, and including, 1.9.1.6 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect...

PT-2024-4796 · Juniper Networks · Junos

Name of the Vulnerable Software and Affected Versions: Junos OS versions prior to 20.4R3-S7 Junos OS versions 21.1 prior to 21.1R3 Junos OS versions 21.2 prior to 21.2R2-S1, 21.2R3 Junos OS versions 21.3 prior to 21.3R1-S2, 21.3R2 Description: A Missing Authentication for Critical Function issue ...

PT-2025-26319 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.0 through 17.0.6 GitLab EE versions 17.1 through 17.1.4 GitLab EE versions 17.2 through 17.2.2 Description: An issue was discovered in GitLab EE where webhook deletion audit log preserved auth credentials. Recommendation...

PT-2024-19186 · Unknown · Firefly-Iii

Name of the Vulnerable Software and Affected Versions: Firefly III versions prior to 6.1.1 Description: The issue allows for HTML injection in webhooks. It is related to a Client-Side Path Traversal CSPT vulnerability, which can be used to control data that was assumed to be uncontrollable. This...

PT-2023-24122 · Hashicorp +1 · Hashicorp Nomad Enterprise +1

Name of the Vulnerable Software and Affected Versions: HashiCorp Nomad Enterprise versions 1.2.11 through 1.5.6 HashiCorp Nomad Enterprise version 1.4.10 Description: A vulnerability exists where the API caller's ACL token secret ID is exposed to Sentinel policies. Additionally, ACL policies usin...

PT-2023-16260 · WordPress · Article Directory Wordpress Plugin

Name of the Vulnerable Software and Affected Versions: Article Directory WordPress plugin versions prior to 1.4 Description: The issue arises from improper sanitization of the publish terms text setting, which can be exploited to conduct Stored XSS attacks, particularly in multisite environments...

PT-2023-16189 · WordPress · Ooohboi Steroids For Elementor

Name of the Vulnerable Software and Affected Versions: OoohBoi Steroids for Elementor WordPress plugin versions prior to 2.1.5 Description: The issue concerns CSRF and broken access control vulnerabilities. These vulnerabilities allow a user with a role as low as a subscriber to delete attachment...

PT-2022-25815 · Kitty +4 · Kitty +4

Name of the Vulnerable Software and Affected Versions: Kitty versions prior to 0.26.2 Description: The issue is related to insufficient validation in the desktop notification escape sequence, which can lead to arbitrary code execution. This occurs when a user displays attacker-controlled content ...

PT-2021-24198 · Mozilla +4 · Pdf.Js +4

Name of the Vulnerable Software and Affected Versions: GNOME Web aka Epiphany versions prior to 40.4 GNOME Web aka Epiphany versions 41.x prior to 41.1 Description: A security issue exists due to the use of a server's suggested filename as the pdf name value in PDF.js, leading to potential XSS...

PT-2014-2022 · Oracle +10 · Mysql Server +9

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 5.7.32 and prior MySQL Server versions 8.0.22 and prior Description: The issue exists due to insufficient input validation in the Information Schema component of MySQL Server. This allows a remote attacker to gain...