EUVD-2021-19521

Malware in sbrugna...

EUVD-2021-25588

Malware in sbrugna...

PT-2025-27408 · Unknown · Code-Projects Movie Ticketing System

Name of the Vulnerable Software and Affected Versions: code-projects Movie Ticketing System version 1.0 Description: A critical issue has been discovered, affecting the /logIn.php file. The manipulation of the postName argument leads to SQL injection. This issue can be exploited remotely...

PT-2025-24316 · Spicedb · Spicedb

Name of the Vulnerable Software and Affected Versions: SpiceDB versions prior to 1.44.2 Description: The issue affects SpiceDB, an open source database for storing and querying fine-grained authorization data. On schemas involving arrows with caveats on the arrow'ed relation, when the path to...

CVE-2025-48495

Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. By renaming the friendly name of an API key, an authenticated user could inject JS into the API key overview, which would also be executed when another user clicks on his API tab. Prior to version 2.0.0,...

Vyper's `concat()` builtin may elide side-effects for zero-length arguments

Impact concat may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:...

CVE-2025-47279

Undici is an HTTP/1.1 client for Node.js. Prior to versions 5.29.0, 6.21.2, and 7.5.0, applications that use undici to implement a webhook-like system are vulnerable. If the attacker set up a server with an invalid certificate, and they can force the application to call the webhook repeatedly, th...

PT-2025-21573 · Sourcecodester · Sourcecodester Student Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A critical issue was found in the system, affecting the file academic/core/drop student.php. The manipulation of the img argument leads to path traversal. This issue can...

CVE-2024-56157

Summary: CVE-2024-56157 affects iTop before versions 3.1.3 and 3.2.1, where inserting malicious code into a CSV during import enables a cross-site scripting (XSS) attack. Affected software: iTop (web-based IT Service Management tool; Combodo). Root cause / vector: CSV import accepts unvalidated/m...

PT-2025-17315

Name of the Vulnerable Software and Affected Versions Fastify versions 4.29.0 through 5.3.1 Fastify version 4.9.0 Description Fastify is a fast, low overhead web framework for Node.js. Applications specifying different validation strategies for different content types may bypass validation by...

PT-2025-15282 · Gdal +1 · Gdal +1

Name of the Vulnerable Software and Affected Versions: gdal version 3.10.2 Description: The issue is a Buffer Overflow vulnerability that allows a local attacker to cause a denial of service via the OGRSpatialReference::Release function. Recommendations: For gdal version 3.10.2, as a temporary...

PT-2024-34422 · Unknown · Kashipara E-Learning Management System Project

Name of the Vulnerable Software and Affected Versions: kashipara E-learning Management System Project version 1.0 Description: A SQL Injection issue was found in the /admin/class.php file via the class name parameter. This allows for potential exploitation. Recommendations: For kashipara E-learni...

PT-2024-9622

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.24.10 Description The issue is related to a function qtdemux parse samples in the GStreamer multimedia framework, which is associated with an out-of-bounds read in memory. This can be exploited by a remote attacke...

PT-2024-32159 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.52 Description: The issue is related to a double put of @cfile in smb2 rename path. When smb2 set path attr is called with a valid @cfile and returns -EINVAL, it is necessary to call cifs get writable path...

PT-2024-16994 · Devklan · Alma Blog

Name of the Vulnerable Software and Affected Versions: Devklan's Alma Blog versions 2.1.10 and earlier Description: The issue is related to improper access control, which could allow an unauthenticated user to access the application's functionalities without the need for credentials...

PT-2024-14362 · Totolink · Totolink A3700R

Name of the Vulnerable Software and Affected Versions: TOTOlink A3700R version 9.1.2u.5822 B20200513 Description: The issue is related to a remote command execution RCE vulnerability. It can be exploited via the setTracerouteCfg function. Recommendations: For TOTOlink A3700R version 9.1.2u.5822...

PT-2023-24738 · Easyuse · Easyuse Mailhunter Ultimate

Name of the Vulnerable Software and Affected Versions: EasyUse MailHunter Ultimate versions 2023 and earlier Description: The issue allows remote authenticated users to extract files into arbitrary directories via a crafted ZIP archive. This is due to a path traversal vulnerability in the create...

PT-2023-33334 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.10.158 Description: The issue concerns error handling in the iavf init module function. It was introduced in version v4.6 and fixed in version v5.10.158. The actual impact and attack plausibility have not yet...

PT-2022-33532 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.19.2 Description: A potential refcount leak issue exists in the if usb probe function. The actual impact and attack plausibility have not yet been proven. This issue was introduced in version v3.5 and is fixe...

PT-2022-23133 · Kirby · Kirby

Name of the Vulnerable Software and Affected Versions: Kirby versions 3.5 through 3.5.8.0 Description: Cross-site scripting XSS allows execution of JavaScript code inside the Panel session of the same or other users. A harmful script can trigger requests to Kirby's API with the permissions of the...