3196 matches found
PT-2025-30673 · Ibm · Ibm Mq Operator
Name of the Vulnerable Software and Affected Versions: IBM MQ Operator versions 2.0.0 through 2.0.29 IBM MQ Operator versions 3.0.0 through 3.1.3 IBM MQ Operator versions 3.2.0 through 3.2.13 IBM MQ Operator versions 3.3.0 IBM MQ Operator versions 3.4.0 through 3.4.1 IBM MQ Operator versions 3.5....
PT-2025-30962 · Tenda · Tenda Ch22
Name of the Vulnerable Software and Affected Versions: Tenda CH22 version 1.0.0.1 Description: A critical issue exists in the formdeleteUserName function within the /goform/deleteUserName file. The old account argument is susceptible to buffer overflow, allowing for remote exploitation. The explo...
PT-2025-30630 · Medtronic · Mycarelink Patient Monitor
Name of the Vulnerable Software and Affected Versions: Medtronic MyCareLink Patient Monitor models 24950 and 24952 before June 25, 2025 Description: The Medtronic MyCareLink Patient Monitor contains a built-in user account with no password. This allows an attacker with physical access to log in...
PT-2025-30706 · Quiet · Quiet
Name of the Vulnerable Software and Affected Versions: Quiet versions 6.1.0-alpha.4 and below Description: Quiet’s API for backend/frontend communication used an insecure, not constant-time comparison function for token verification. This allowed for a potential timing attack where an attacker...
PT-2025-30525 · Bun · Bun
Name of the Vulnerable Software and Affected Versions: bun versions prior to 0.0.12 Description: The package bun is susceptible to Improper Neutralization of Special Elements used in an OS Command OS Command Injection within the $shell API. This issue stems from inadequate neutralization of...
PT-2025-30635 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 15.0 through 18.0.4 GitLab CE/EE versions 18.1 through 18.1.2 GitLab CE/EE versions 18.2 through 18.2.0 Description: An issue allows privileged users to access certain resource group information through the API that shou...
PT-2025-30569 · Profiles · Profiles
Name of the Vulnerable Software and Affected Versions: ProFiles component for Joomla versions 1.0 through 1.5.0 Description: A stored Cross-Site Scripting XSS vulnerability exists in the ProFiles component for Joomla. This issue allows malicious actors to inject and store scripts into the...
PT-2025-30614
Name of the Vulnerable Software and Affected Versions Redis versions through 7.4.3 Description Redis allows excessive memory consumption via a multi-bulk command consisting of numerous bulks sent by an authenticated user. The server allocates memory for command arguments for each bulk, even if th...
PT-2025-30523 · Unknown · Private-Ip
Name of the Vulnerable Software and Affected Versions: private-ip affected versions not specified Description: The package is susceptible to a Server-Side Request Forgery SSRF issue. An attacker can exploit this by providing an IP address or hostname that resolves to a multicast IP address...
PT-2025-30616 · Unknown · Lbry-Desktop
Name of the Vulnerable Software and Affected Versions: lbry-desktop version 0.53.9 Description: A URL redirection issue exists in lbry-desktop version 0.53.9, potentially allowing attackers to redirect users to malicious websites. Recommendations: Update lbry-desktop to a newer version that...
PT-2025-30476
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 115.26 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to...
PT-2025-30439
Name of the Vulnerable Software and Affected Versions authentik versions prior to 2025.4.4 authentik versions 2025.6.0-rc1 through 2025.6.3 Description Deactivated users who registered through OAuth/SAML or linked their accounts to OAuth/SAML providers can retain partial access to the system...
PT-2025-30407 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The provided descriptions indicate the issue was rejected as not used. No further details are available. Recommendations: At the moment, there is no informati...
PT-2025-30443 · Letta-Ai · Letta
Name of the Vulnerable Software and Affected Versions: letta versions 0.7.12 Description: A remote code execution issue exists in letta.server.rest api.routers.v1.tools.run tool from source within letta-ai Letta. The vulnerability allows remote attackers to execute arbitrary Python code and syste...
PT-2025-30440 · Ibm · Security Qradar Network Threat Analytics
Name of the Vulnerable Software and Affected Versions: IBM Security QRadar Network Threat Analytics versions 1.0.0 through 1.3.1 Description: IBM Security QRadar Network Threat Analytics versions 1.0.0 through 1.3.1 may allow a privileged user to cause a denial of service due to improper allocati...
PT-2025-30449
Name of the Vulnerable Software and Affected Versions Ollama version 0.6.7 Description A cross-domain token exposure exists in the server.auth.getAuthorizationToken function. This allows remote attackers to steal authentication tokens and bypass access controls by exploiting a malicious realm val...
PT-2025-30466
Name of the Vulnerable Software and Affected Versions: Ashlar-Vellum Cobalt VC6 affected versions not specified Description: This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt. User interaction is required to exploit this...
PT-2025-30409 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: The provided information indicates a rejected reason associated with an identifier. No further details about the issue are available. Recommendations: At the...
PT-2025-30506 · Poly · Poly Clariti Manager
Name of the Vulnerable Software and Affected Versions: Poly Clariti Manager versions prior to 10.12.2 Description: A security issue has been identified in Poly Clariti Manager that may allow a bypass of the application's Cross-Site Scripting XSS filter by submitting untrusted characters...
PT-2025-30441 · Unknown +1 · Aimhubio Aim +1
Name of the Vulnerable Software and Affected Versions: aimhubio Aim versions 3.28.0 Description: A cross-site scripting XSS issue exists in aimhubio Aim 3.28.0. Remote attackers can execute arbitrary JavaScript in a victim’s browser by submitting malicious Python code to the /api/reports endpoint...