25 matches found
PT-2025-29546 · Matomo · Matomo
Name of the Vulnerable Software and Affected Versions: Matomo versions prior to 3.0.3 Description: An authenticated remote code execution issue exists in Matomo due to the plugin upload mechanism. An authenticated user with Superuser privileges can upload and activate a malicious plugin ZIP...
PT-2025-27572 · Junit · Junit
Name of the Vulnerable Software and Affected Versions: JUnit versions 5.12.0 through 5.13.1 Description: The issue concerns JUnit's support for writing Open Test Reporting XML files, which can leak Git credentials. The impact depends on the level of the access token exposed through the...
PT-2025-27072 · WordPress · Ninja Forms
Name of the Vulnerable Software and Affected Versions: Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress versions up to, and including, 3.10.2.1 Description: The issue is related to Stored Cross-Site Scripting via the use of a templating engine due to insufficient...
PT-2025-25478 · WordPress · Kk Youtube Video
Name of the Vulnerable Software and Affected Versions: kk Youtube Video plugin for WordPress versions up to, and including, 0.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'kkytv' shortcode due to insufficient input sanitization and output escaping on...
CVE-2024-37396
REDCap 13.1.9 is affected by a stored XSS in the Calendar component (Notes field). authenticated users can inject scripted HTML that is executed when the calendar event is viewed. The issue is caused by improper handling of input in the calendar event notes, leading to script execution in the con...
PT-2025-22972 · Mobatime · Mobatime Amx Mtapi
Name of the Vulnerable Software and Affected Versions: Mobatime AMX MTAPI v6 versions prior to 1.5 Description: The issue concerns Missing Authentication & Authorization in the Web-API of Mobatime AMX MTAPI v6 on IIS, allowing adversaries to gain unrestricted access via the network...
PT-2025-22740 · Unknown · Likecoin Web3Press
Name of the Vulnerable Software and Affected Versions: LikeCoin Web3Press versions n/a through 3.2.0 Description: The issue is related to an Improper Limitation of a Pathname to a Restricted Directory, also known as 'Path Traversal'. This allows for Path Traversal in LikeCoin Web3Press...
Alibaba Cloud Linux 3 : 0116: httpd:2.4 (ALINUX3-SA-2024:0116)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0116 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-31122: Out-of-bounds Read...
PT-2025-21166 · Opentext · Opentext Advance Authentication
Name of the Vulnerable Software and Affected Versions: OpenText Advance Authentication versions prior to 6.5 Description: The issue is related to an SQL Injection vulnerability due to the improper neutralization of special elements used in an SQL command. This allows for potential exploitation by...
PT-2025-17710 · WordPress · Lottie Player
Name of the Vulnerable Software and Affected Versions: Lottie Player plugin for WordPress versions up to, and including, 1.1.8 Description: The issue is related to Stored Cross-Site Scripting via File uploads due to insufficient input sanitization and output escaping. This allows authenticated...
PT-2025-15757 · Xgrammar · Xgrammar
Name of the Vulnerable Software and Affected Versions: XGrammar versions prior to 0.1.18 Description: The issue concerns an unbounded cache for compiled grammars in memory, which can be exploited to cause a denial of service by filling up a host's memory. This can occur when a system using XGramm...
PT-2025-15750 · Chandan Garg · Cg Scroll To Top
Name of the Vulnerable Software and Affected Versions: Chandan Garg CG Scroll To Top versions n/a through 3.5 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing unintended actions on a web...
PT-2025-15745 · Unknown · Script Compressor
Name of the Vulnerable Software and Affected Versions: Script Compressor versions 1.7.1 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS in the regen Script Compressor. Recommendations: For versions 1.7.1 and earlier, update to a version...
PT-2025-15007 · WordPress · Jetpack Feedback Exporter
Name of the Vulnerable Software and Affected Versions: Jetpack Feedback Exporter versions 1.23 and earlier Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For Jetpack...
PT-2024-34: Server Side Request Forgery (SSRF) in Passwork
The vulnerability was identified in Passwork version 6.4.0. The discovered vulnerability can be exploited by an attacker to send requests to both external nodes and servers with limited access, which leads to disclosure of sentisive data, denial of service, etc. Also, exploitation of the...
PT-2024-77: Time-based SQL Injection in Netcat CMS (module comments)
The vulnerability was identified in Netcat CMS module comments, version 6.4 Extra. The discovered vulnerability allows an attacker to read information from the database. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 20.08.2024 Recommendations: Update to version or...
PT-2024-4020 · Ivanti · Ivanti Avalanche
Name of the Vulnerable Software and Affected Versions: Ivanti Avalanche versions prior to 6.4.x Description: The issue is related to an unrestricted file upload vulnerability in the web component of Ivanti Avalanche. This vulnerability allows an authenticated, privileged user to execute arbitrary...
PT-2023-22612 · Openwb · Openwb
Name of the Vulnerable Software and Affected Versions: OpenWB versions 1.6 through 1.7 Description: The issue allows remote attackers to run arbitrary commands via crafted GET requests, potentially leading to command injection attacks. Recommendations: For OpenWB versions 1.6 through 1.7, update ...
PT-2023-35159 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.91 Description: A use-after-free issue exists in the local cleanup function. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to v5.15.91...
PT-2022-6392 · Schneider Electric · Apc Easy Ups Online Monitoring +1
Name of the Vulnerable Software and Affected Versions: APC Easy UPS Online Monitoring Software versions prior to V2.5-GA APC Easy UPS Online Monitoring Software versions prior to V2.5-GA-01-22261 Schneider Electric Easy UPS Online Monitoring Software versions prior to V2.5-GS Schneider Electric...