PT-2025-19: Stack-based buffer overflow in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family , versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to stack-based buffer overflow. This leads to arbitrary code...

PT-2025-18: Denial of Service (DoS) in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family , versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to stack-based buffer overflow in the ChiMP core, which leads to...

PT-2025-17: Unrestricted memory access to internal memory of networking adapter in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family

The vulnerability was identified in Broadcom P225p NetXtreme-E Dual-port 10Gb/25Gb Ethernet PCIe Adapter, Broadcom NetXtreme-E family, versions 231.1.162.1 package version, 1.10.3 hwrm spec. The discovered vulnerability is related to improper access control to the network adapter memory read/writ...

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version with malicious content to bypass the encryption and withdraw cash. Advisory status: 07.2018 - Vendor notification date Credits: The vulnerability was discovered by Vladimir Kononovic...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

With access to the dispenser controller USB port, an attacker can install an outdated or modified firmware version with malicious content to bypass the encryption and withdraw cash. Advisory status: 07.2018 - Vendor notification date Credits: The vulnerability was discovered by Vladimir Kononovic...

PT-2025-21: Local Privilege Escalation in Microsoft OneDrive

The vulnerability was identified in OneDrive, version 25.020.0202. The vulnerability in Microsoft OneDrive was discovered on MacOS. Local privilege escalation allows an attacker to escalate privileges from a normal user to root. To exploit the vulnerability a potential attacker must be able to...

PT-2026-45657

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Memory corruption occurs when shared buffers are accessed without validating concurrent modifications to input from user-mode...

PT-2018-3479 · Google +2 · Go +2

Name of the Vulnerable Software and Affected Versions: Go versions prior to 1.10.6 Go versions 1.11.x prior to 1.11.3 Description: The issue is related to the "go get" command in the Go programming language, which is vulnerable to directory traversal when executed with the import path of a...

PT-2025-6477

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.3 PostgreSQL versions prior to 16.7 PostgreSQL versions prior to 15.11 PostgreSQL versions prior to 14.16 PostgreSQL versions prior to 13.19 Description The issue is related to improper neutralization of quoting...

PT-2020-15021 · Powerdns +4 · Powerdns Authoritative Server +4

Name of the Vulnerable Software and Affected Versions: PowerDNS Authoritative Server versions prior to 4.3.1 Description: An issue has been found where an authorized user with the ability to insert crafted records into a zone might be able to leak the content of uninitialized memory...

PT-2025-31357

DSM Version: 7.2.2-72806 Update 4 とな https://t.co/oSE7NaDt69 1.Fixed a security vulnerability regarding SDK library CVE-2025-8024. 2.Fixed multiple security vulnerabilities...

PT-2025-30597 · '1С' · 1С:Предприятие

Уязвимость технологической платформы «1С:Предприятие 8» связана с недостатками процедуры авторизации. Эксплуатация уязвимости, может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к системе от имени произвольного пользователя...

PT-2023-5241 · 1с · 1С-Битрикс

Name of the Vulnerable Software and Affected Versions: 1С-Битрикс: Управление сайтом affected versions not specified Description: The issue is caused by synchronization errors when using a shared resource in the landing module of the 1С-Битрикс site management system. Exploitation of this issue m...

PT-2023-5866

Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions prior to 2.4.57 Bamboo Data Center and Server versions 8.1.0, 8.2.0, 9.0.0, 9.1.0, 9.2.1, and 9.3.0 F5 NGINX products affected versions not specified gRPC-Go versions prior to 1.56.3, 1.57.1, and 1.58.3 IBM HTTP...

PT-2024-19994 · Geoserver · Geoserver

Name of the Vulnerable Software and Affected Versions: GeoServer versions prior to 2.23.2 and 2.24.1 Description: A stored cross-site scripting XSS issue exists that enables an authenticated administrator with workspace-level privileges to store a JavaScript payload in the GeoServer catalog. This...

PT-2021-19867 · Ory · Ory Oathkeeper

Name of the Vulnerable Software and Affected Versions: ORY Oathkeeper versions prior to v0.38.12-beta.1 Description: The issue arises when a request is made to an endpoint requiring a specific scope, and the access token is granted with that scope, making introspection valid and caching the token...

PT-2026-39329

Name of the Vulnerable Software and Affected Versions Hono versions prior to 4.12.18 Description Improper validation of the JWT NumericDate claims exp, nbf, and iat in hono/utils/jwt allows tokens with non-spec-compliant claim values to silently bypass time-based checks. This occurs because the...

PT-2026-34182

A vulnerability was identified in Sanluan PublicCMS up to 6.202506.d. Affected by this vulnerability is the function ZipSecureFile.setMinflateRatio of the file common/src/main/java/com/publiccms/common/tools/DocToHtmlUtils.java. Such manipulation leads to resource consumption. It is possible to...

PT-2026-45586

Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description An out-of-bounds read exists in the validateNode function within ResourceTypes.cpp due to an incorrect bounds check. This flaw allows for local escalation of privilege without requiring...

PT-2025-2626 · Microsoft +1 · Microsoft-Httpapi +1

The vulnerable software is HCL MyXalytics. It is affected by a sensitive information disclosure vulnerability, where the HTTP response header exposes the server's name and version as Microsoft-HTTP API/2.0. This vulnerability is identified as CVE-2024-42179. The vulnerability allows attackers to...

PT-2026-45602

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-41842

There is an unauthorized access vulnerability in ZTE MU5250. Due to improper permission control of the Web interface, an unauthorized attacker can modify configuration through the interface...

PT-2019-12140 · Thinkadmin · Thinkadmin

Name of the Vulnerable Software and Affected Versions: ThinkAdmin version 4.0 Description: The issue concerns the applicationadmincontrollerUser.php file in ThinkAdmin V4.0, where it fails to prevent the continued use of an administrator's cookie-based credentials after a password change. This...

PT-2017-12727 · Numpy +2 · Numpy +2

Name of the Vulnerable Software and Affected Versions: Numpy versions 1.13.1 and earlier Description: The issue is related to missing input validation in the numpy.pad function. This can cause an infinite loop when an empty list or ndarray is used, potentially allowing attackers to conduct a Deni...

PT-2026-39942

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

PT-2025-31959 · Undefined · Undefined

Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...

PT-2024-6815 · Unknown · Zangi Private Messenger

Name of the Vulnerable Software and Affected Versions: Zangi Private Messenger affected versions not specified Description: The issue is related to weaknesses in the session key generation mechanism of the application. This could allow a remote attacker to implement a "man-in-the-middle" attack...

PT-2026-34596

Name of the Vulnerable Software and Affected Versions CI4MS versions prior to 0.31.5.0 Description A Stored DOM XSS Cross-Site Scripting issue exists in the backup module. An attacker can manipulate the filename field using an SQL file to inject a hidden XSS payload, potentially leading to full...

PT-2026-45648

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. A reflected Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an external attacker to trick a user into executing arbitrary JavaScript...

PT-2026-39923

Due to a Code Injection vulnerability in SAP Application Server ABAP for SAP NetWeaver and ABAP Platform, an authenticated attacker could send specially crafted inputs to the application. If processed by the application, this input could be delivered to users subscribed to the channel and result ...

PT-2026-45416

Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf ac4 pres b 4 back channels present function within the /media tools/av parsers.c file. This issue allows an attacker to cause a Denial of...

PT-2025-23483 · Undefined · Undefined

Ubuntu is one of the most widely used Linux distributions, renowned for its security, stability, and performance. However, like any operating system, it’s not immune to vulnerabilities. With cybersecurity threats escalating in sophistication and scale, timely patching is essential to safeguard...

PT-2026-39241

Name of the Vulnerable Software and Affected Versions eventsource-encoder versions prior to 1.0.2 Description The software fails to sanitize the event and id fields of an EventSourceMessage before serialization in the encodeMessage function. An attacker who controls these fields can inject...

PT-2026-29496

Summary A stored and blind XSS vulnerability exists in the form title field. A malicious attacker can inject JavaScript without any authentication via a form title that is saved in the backend database. When any user visits that injected page, the JavaScript payload gets executed. Type: Stored an...

PT-2024-2606 · Dji · Dji Mavic Mini 3 Pro

Name of the Vulnerable Software and Affected Versions: DJI Mavic Mini 3 Pro affected versions not specified Description: A Missing Authentication for Critical Function issue affects the HTTP service running on the standard port 80, allowing an attacker to enumerate and download videos and picture...

PT-2026-46301

Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.32.0 Axios versions prior to 1.16.0 Description The Node.js HTTP adapter in Axios may forward a Proxy-Authorization header to a redirected origin during specific proxy-to-direct redirect flows. This occurs when an...

PT-2022-13726 · Phpipam +1 · Phpipam +1

Name of the Vulnerable Software and Affected Versions: phpipam/phpipam versions prior to 1.4.6 Description: The issue is related to improper access control, which can lead to incorrect authorization. Recommendations: For versions prior to 1.4.6, update to version 1.4.6 or later to resolve the iss...

PT-2025-33818 · Unknown · Screenshot-Desktop

Name of the Vulnerable Software and Affected Versions: screenshot-desktop versions prior to 1.15.2 Description: screenshot-desktop is susceptible to a command injection issue. User-controlled input provided to the format option of the screenshot function is interpolated into a shell command witho...

PT-2025-30076 · Git +1 · Pcapplusplus

Name of the Vulnerable Software and Affected Versions: cppc affected versions not specified Description: The software contains a heap-buffer-overflow read issue. The crash occurs within the toString function of the TelnetLayer class, triggered through toStringList and toString functions of the...

PT-2024-40: Readout protection level bypass in GigaDevice Semiconductor products

The vulnerability was identified in in series GD32E23x, GD32F20x, GD32F1x0, GD32F4xx, GD32F30x, GD32C10x, GD32E10x, GD32E50x of GigaDevice Semiconductor products. The vulnerability can be exploited by an attacker to run arbitrary shell code in SRAM. Vulnerability status: Confirmed by research Dat...

PT-2022-17911 · Intel · Intel Xmm 7560 Modem

Name of the Vulnerable Software and Affected Versions: IntelR XMMTM 7560 Modem software versions prior to M2 7560 R 01.2146.00 Description: The issue is related to an out-of-bounds write in the IntelR XMMTM 7560 Modem software, which may allow an unauthenticated user to potentially enable...

PT-2017-11760 · Bolt · Bolt Cms

Name of the Vulnerable Software and Affected Versions: Bolt CMS version 3.2.14 Description: The issue allows for stored XSS by uploading an SVG document with a "Content-Type: image/svg+xml" header. This can be exploited by uploading a malicious SVG file. Recommendations: For Bolt CMS version...

PT-2026-21992

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One Console affected versions not specified Description The Trend Micro Apex One Console is susceptible to a directory traversal issue that could lead to remote code execution. The issue allows an attacker to potentially gain...

PT-2026-7843

Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 18.2 PostgreSQL versions prior to 17.8 PostgreSQL versions prior to 16.12 PostgreSQL versions prior to 15.16 PostgreSQL versions prior to 14.21 Description A flaw exists in PostgreSQL due to improper validation of...

PT-2025-31655

Name of the Vulnerable Software and Affected Versions The Language Sloth Web Application version 1.0 Description A stored cross-site scripting XSS vulnerability exists in The Language Sloth Web Application. This allows attackers to execute arbitrary web scripts or HTML by injecting a crafted...

PT-2025-20117 · Unknown · Contact Form Widget

Name of the Vulnerable Software and Affected Versions: Contact Form Widget versions 1.4.6 and earlier Description: A Cross-Site Request Forgery CSRF issue affects the Contact Form Widget, allowing unauthorized requests. Recommendations: For versions 1.4.6 and earlier, update to a version that...

PT-2025-3266 · Axess · Axess Acs

Name of the Vulnerable Software and Affected Versions: AXESS ACS Auto Configuration Server versions prior to 5.2.0 Description: The issue is related to unsanitized user input in the TR069 API, which allows remote unauthenticated attackers to cause a permanent Denial of Service via crafted TR069...

PT-2020-15427 · Jenkins · Jenkins Github Coverage Reporter Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins GitHub Coverage Reporter Plugin versions 1.8 and earlier Jenkins GitHub Coverage Reporter Plugin versions 1.10 and earlier Description: The issue concerns the storage of secrets in plain text in the global configuration file on the...

PT-2026-45268

A security vulnerability has been detected in NousResearch hermes-agent up to 2026.4.30. This vulnerability affects the function handle webhook request of the file gateway/platforms/feishu.py of the component Webhook Endpoint. Such manipulation leads to resource consumption. The attack can be...

PT-2026-39952

The Eight Day Week Print Workflow plugin for WordPress is vulnerable to time-based blind SQL Injection via the 'title' parameter in the pp-get-articles AJAX action in all versions up to, and including, 1.2.6. This is due to insufficient escaping on the user supplied parameter and lack of sufficie...