PT-2025-28269 · Unknown · Campcodes Advanced Online Voting System

Name of the Vulnerable Software and Affected Versions: Campcodes Advanced Online Voting System version 1.0 Description: A critical issue has been discovered, affecting an unknown part of the file /admin/candidates delete.php. The manipulation of the ID argument leads to SQL injection. This issue...

PT-2025-27700

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A deadlock issue has been identified in the Linux kernel, specifically in the e1000 driver. The problem occurs when e1000 down calls cancel work sync for the e1000 reset task, which ca...

PT-2025-27787 · Vnc · Vnc

Name of the Vulnerable Software and Affected Versions: VNC affected versions not specified Description: The issue concerns the VNC authentication mechanism, which uses a challenge-response system. This system relies on both the server and client using the same password for encryption. An attacker...

PT-2025-27802 · Tenda · Tenda Ac6

Name of the Vulnerable Software and Affected Versions: Tenda AC6 version 15.03.05.16 multi Description: The issue is related to a Buffer Overflow in the formSetFirewallCfg function via the firewallEn parameter. Recommendations: For Tenda AC6 version 15.03.05.16 multi, as a temporary workaround,...

PT-2025-27633 · Unknown · Linkwarden

Name of the Vulnerable Software and Affected Versions: Linkwarden version 2.10.2 Description: The issue concerns a File Path Disclosure Vulnerability in Linkwarden, a self-hosted, open-source collaborative bookmark manager. In the affected version, the server accepts links of the format...

PT-2025-24828 · Microsoft · Windows Installer +1

Name of the Vulnerable Software and Affected Versions: Windows Installer affected versions not specified Description: The issue is related to improper access control in Windows Installer, allowing an authorized attacker to elevate privileges locally. Recommendations: At the moment, there is no...

PT-2025-23591 · Timeworks · Timeworks

Name of the Vulnerable Software and Affected Versions: TimeWorks versions 10.0 through 10.3 Description: The issue is related to improper limitation of a pathname to a restricted directory, also known as 'Path Traversal'. This could allow a remote unauthenticated attacker to access arbitrary JSON...

PT-2025-23216 · Unknown · Cs5000 Fire Panel

Name of the Vulnerable Software and Affected Versions: CS5000 Fire Panel affected versions not specified Description: The issue concerns a hard-coded password that runs on a VNC server and is visible as a string in the binary responsible for running VNC. This password cannot be altered, allowing...

PT-2025-23076 · Unknown · Freefloat Ftp Server

Name of the Vulnerable Software and Affected Versions: FreeFloat FTP Server version 1.0.0 Description: A critical vulnerability was found in the PORT Command Handler component of FreeFloat FTP Server, leading to a buffer overflow. The attack can be initiated remotely, and the exploit has been...

PT-2025-21030 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: A buffer overflow issue was discovered via the routername parameter in the "formDnsv6" interface. Recommendations: For TOTOLINK A3002R version 4.0.0-B20230531.1404, avoid using the...

PT-2025-20916 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: A buffer overflow issue was discovered via the static dns1 parameter in the "formIpv6Setup" interface. Recommendations: For TOTOLINK A3002R version 4.0.0-B20230531.1404, avoid using th...

PT-2025-17907 · Easyvirt · Easyvirt Co2Scope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.4 and earlier EasyVirt CO2Scope versions 1.3.4 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to specific A...

PT-2025-17550 · Nvidia · Nvidia Nemo Framework

Name of the Vulnerable Software and Affected Versions: NVIDIA NeMo Framework affected versions not specified Description: The issue is related to improper control of code generation, which could be exploited through remote code execution. A successful exploit might lead to code execution and data...

PT-2025-17561 · Unknown +1 · Hoteldruid +1

Name of the Vulnerable Software and Affected Versions: Hoteldruid version 3.0.5 Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the commento1 1 parameter. This enables attackers to potentially manipulate w...

PT-2025-16377 · Totolink · Totolink N600R

Name of the Vulnerable Software and Affected Versions: Totolink N600R version 4.3.0cu.7647 B20210106 Description: A stack overflow issue was discovered via the macCloneMac parameter in the setWanConfig function. Recommendations: For Totolink N600R version 4.3.0cu.7647 B20210106, consider...

PT-2025-16356 · Unknown +1 · Oncord+ Android Infotainment Systems +1

Name of the Vulnerable Software and Affected Versions: Oncord+ Android Infotainment Systems version Android 12 Description: The issue allows a remote attacker to execute arbitrary code via the ADB port component. Recommendations: For Oncord+ Android Infotainment Systems version Android 12, consid...

PT-2025-14518 · Jenkins · Jenkins Asakusasatellite Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins AsakusaSatellite Plugin versions 0.1.1 and earlier Description: The issue concerns the exposure of AsakusaSatellite API keys on the job configuration form, which could allow attackers to observe and capture them. Recommendations: For...

PT-2025-12247 · Mlflow · Mlflow

Name of the Vulnerable Software and Affected Versions: mlflow/mlflow version 2.15.1 Description: A path traversal issue exists when users configure and use the dbfs service. The vulnerability arises from directly concatenating the URL into the file protocol, resulting in an arbitrary file read...

PT-2025-12099 · Librechat · Librechat

Name of the Vulnerable Software and Affected Versions: danny-avila/librechat versions prior to 0.7.6 Description: The issue is related to improper access control, allowing authenticated users to delete other users' prompts. This occurs because the endpoint does not verify whether the provided...

PT-2024-9985 · Autodesk · Autodesk Navisworks Manage +2

Name of the Vulnerable Software and Affected Versions: Autodesk Navisworks Freedom affected versions not specified Autodesk Navisworks Simulate affected versions not specified Autodesk Navisworks Manage affected versions not specified Description: The issue is related to an Out-of-Bounds Write...