PT-2025-30720 · Databasebackup +1 · Wp Database Backup – Unlimited Database & Files Backup By Backup For Wp +1

The WP Database Backup plugin for WordPress is vulnerable to OS Command Injection in versions before 5.2 via the mysqldump function. This vulnerability allows unauthenticated attackers to execute arbitrary commands on the host operating system...

PT-2025-20881 · Centreon · Centreon Web

Name of the Vulnerable Software and Affected Versions: Centreon web versions 22.10.0 through 22.10.29 Centreon web versions 23.04.0 through 23.04.27 Centreon web versions 23.10.0 through 23.10.22 Centreon web versions 24.04.0 through 24.04.11 Centreon web versions 24.10.0 through 24.10.5...

PT-2025-18539

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A connections leak issue has been resolved in the Linux kernel. The problem occurred when the tlink setup failed, causing a module reference count leak because the cifsd kthread did not...

PT-2025-18495 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc3+ Description: The issue arises from the incorrect handling of file map count for non-leaf pmd/pud in the Linux kernel, specifically when collapsing hugepages. This triggers an unexpected BUG ON due to...

PT-2024-5292 · Unknown · Openapi Generator

Name of the Vulnerable Software and Affected Versions: OpenAPI Generator versions prior to 7.6.0 Description: The issue is related to incorrect restriction of the path name to a directory with limited access. Exploitation of this issue may allow a remote attacker to bypass security restrictions a...

PT-2024-19105 · Electrolink · Electrolink Fm/Dab/Tv Transmitter

Name of the Vulnerable Software and Affected Versions: Electrolink FM/DAB/TV Transmitter affected versions not specified Description: The device allows an unauthenticated attacker to bypass authentication and modify the cookie to reveal hidden pages, allowing more critical operations to the...

PT-2024-15888 · Unknown · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue was found in the system, affecting the prepare function of the admin/pay.php file. The manipulation of the id argument leads to SQL injection...

PT-2023-7786

Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 9.6 libssh2 versions through 1.11.0 Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17....

PT-2023-8633

Name of the Vulnerable Software and Affected Versions Apache Tomcat versions 11.0.0-M1 through 11.0.0-M10 Apache Tomcat versions 10.1.0-M1 through 10.1.15 Apache Tomcat versions 9.0.0-M1 through 9.0.82 Apache Tomcat versions 8.5.0 through 8.5.95 Description The issue is related to an Improper Inp...

PT-2023-22954 · WordPress · Icontrolwp Article Directory Redux

Name of the Vulnerable Software and Affected Versions: iControlWP Article Directory Redux plugin versions 1.0.2 and earlier Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin access can inject malicious scrip...

PT-2023-26027 · Esds · Esds Emagic Data Center Management Suit

Name of the Vulnerable Software and Affected Versions: ESDS Emagic Data Center Management Suit affected versions not specified Description: The issue is caused by a lack of input sanitization in the Ping component of the ESDS Emagic Data Center Management Suit. A remote authenticated attacker cou...

PT-2023-21128 · WordPress · Erp

Name of the Vulnerable Software and Affected Versions: ERP WordPress plugin versions prior to 1.12.4 Description: The issue concerns a SQL injection problem. It occurs because the type parameter in the "erp/v1/accounting/v1/people" REST API endpoint is not properly sanitized and escaped before...

PT-2023-25644 · Malwarebytes · Malwarebytes Binisoft Windows Firewall Control

Name of the Vulnerable Software and Affected Versions: Malwarebytes Binisoft Windows Firewall Control version 6.9.2.0 Description: The issue concerns a lack of access control in the wfc.exe component of Malwarebytes Binisoft Windows Firewall Control, allowing local unprivileged users to bypass...

PT-2025-25967 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.19.0-rc6+ Description: A vulnerability in the Linux kernel has been resolved, which was causing a call trace with a null VSI during VF reset. The issue occurred during stress tests with attaching and detaching...

PT-2022-04: Cross Site Template Injection (CSTI)

Input validation was missing while creating the working set, in working set manager application. Nokia NetAct users can create a Working Set with a name that injects a client-side template Injection payloads. The attack can only be performed by an internal user. The vulnerability is fixed in NetA...

PT-2022-6493

Name of the Vulnerable Software and Affected Versions Linux Kernel affected versions not specified Description A vulnerability in the Linux Kernel has been classified as problematic. It affects an unknown function of the file mm/memory.c of the component Driver Handler, leading to use after free...

PT-2022-25272 · WordPress · Ali Khallad'S Contact Form By Mega Forms

Name of the Vulnerable Software and Affected Versions: Ali Khallad's Contact Form By Mega Forms plugin versions = 1.2.4 Description: The issue is an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with subscriber or higher privileges can inject malicious...

PT-2022-4818 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference flaw in the diFree function in fs/jfs/inode.c in the Journaled File System JFS of the Linux kernel could allow a local attacker to crash the system or leak...

PT-2021-7530 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.16-rc6 Description: The issue is related to the ef100 update stats function in the drivers/net/ethernet/sfc/ef100 nic.c module of the Linux kernel, which lacks a check of the return value of kmalloc. This can...

PT-2021-1522 · Arm +8 · Arm Cortex +9

Name of the Vulnerable Software and Affected Versions: Arm Cortex and Neoverse processors versions prior to 2022-03-08 Description: The issue is related to a hardware flaw that allows for cache speculation, also known as Spectre-BHB. An attacker can leverage the shared branch history in the Branc...

PT-2021-4234 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions up to 5.13.7 Description: The issue allows an unprivileged BPF program to obtain sensitive information from kernel memory via a Speculative Store Bypass side-channel attack. This is possible because the protection...

PT-2021-6032 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.12.4 Description: The issue is related to an information leak in the IPv4 implementation of the Linux kernel. This leak is caused by a small hash table in net/ipv4/route.c. The vulnerability may allow a remote...

PT-2020-6008 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.6.3 Description: The issue is related to the function snd ctl elem add in the Linux kernel, specifically with the line count = info-owner, which can lead to errors when multiplying private size count. This coul...

PT-2019-11812 · Jenkins · Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Arquillian Steps Plugin affected versions not specified Description: The issue allows attackers to invoke arbitrary methods, bypassing typical sandbox protection, due to a custom whitelist for script security...

PT-2017-4905 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.6.x through 4.x Description: The issue is a memory leak in the videobuf subsystem, specifically in the drivers/media/video/videobuf-core.c file. This allows local users to cause a denial of service by consuming memory...

PT-2026-48509

Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes. Prior to version 1.24.0, Fission's Environment CRD exposes spec.runtime.podSpec and spec.builder.podSpec, which are merged into the Kubernetes pod specs fo...

PT-2026-47174

A flaw has been found in GL.iNet GL-MT3000 4.4.5. This impacts the function snprintf of the file /cgi-bin/glc of the component FTP Protocol Handler. Executing a manipulation of the argument media dir can lead to command injection. It is possible to launch the attack remotely. Upgrading to version...

PT-2026-47137

Name of the Vulnerable Software and Affected Versions Smart Slider 3 versions prior to 3.5.1.37 Description The Smart Slider 3 plugin for WordPress contains a Directory Traversal flaw within the replaceHTMLImage function. This allows authenticated attackers with administrator-level access or high...

PT-2026-47124

Name of the Vulnerable Software and Affected Versions Page-list plugin for WordPress versions prior to 6.3 Description Missing authorization occurs in the pagelist unqprfx ext shortcode function, specifically within the 'pagelist ext' and 'pagelistext' shortcodes. The function accepts...

PT-2026-47130

Name of the Vulnerable Software and Affected Versions Essential Addons for Elementor versions prior to 6.6.5 Description The plugin is subject to information exposure due to insufficient restrictions on the posts that can be included within the ajax load more function. This allows unauthenticated...

PT-2026-47066

Name of the Vulnerable Software and Affected Versions WPvivid Backup & Migration versions prior to 0.9.129 Description The Migration, Backup, Staging – WPvivid Backup & Migration plugin for WordPress allows authenticated attackers with Administrator-level access and above to delete arbitrary...

PT-2026-46269

Name of the Vulnerable Software and Affected Versions Apache Fory fory-core versions prior to 1.1.0 Description Deserialization of untrusted data in the Java replace-resolve path on Java/JVM platforms allows a remote attacker to bypass class registration, TypeChecker, and DisallowedList checks. B...

PT-2026-46198

Care2x 2.7 contains multiple SQL injection vulnerabilities that allow unauthenticated attackers to execute arbitrary SQL commands by manipulating the ck config cookie parameter. Attackers can inject malicious SQL through the ck config cookie in multiple endpoints including login.php,...

PT-2026-46329

That number got my attention. I've cleaned up enough incidents to know what usually happens when a vulnerability becomes public. Attackers don't wait. Right now there are 145 WordPress plugins/themes with publicly disclosed vulnerabilities that still have no available fix. If you're running any o...

PT-2026-46212

Name of the Vulnerable Software and Affected Versions Zoner Real Estate version 4.1.1 Description A persistent cross-site scripting issue exists where authenticated agents can inject malicious JavaScript payloads through the Address input field during property creation. These scripts execute when...

PT-2026-45681

Name of the Vulnerable Software and Affected Versions Simple Custom Login Page versions prior to 1.0.4 Description The Simple Custom Login Page plugin for WordPress contains a Stored Cross-Site Scripting issue. The problem occurs because color settings fields are registered and stored without a...

PT-2026-45751

A stack-based buffer overflow in the export language.cgi binary in VIVOTEK FD8136 firmware FD8136-VVTK-0300a allows authenticated remote attackers to execute arbitrary code as root via a crafted POST request to the /cgi-bin/admin/export language.cgi endpoint. The handler passes the...

PT-2026-45761

Name of the Vulnerable Software and Affected Versions Progress Sitefinity versions 15.2.x through 15.2.8440 Progress Sitefinity versions 15.3.x through 15.3.8530 Progress Sitefinity versions 15.4.x through 15.4.8629 Description An authorization bypass exists in web services where a user-controlle...

PT-2026-45757

Name of the Vulnerable Software and Affected Versions Gleam versions 0.18.0-rc1 through 1.17.0 Description A path traversal issue in the dependency management system allows for the recursive deletion of arbitrary directories. This occurs because package keys read from the...

PT-2026-07: Local Privilege Escalation Vulnerability in the Linux Kernel (Copy Fail)

This security advisory provides information regarding a Linux kernel vulnerability, CVE-2026-31431 , informally known as Copy Fail. This vulnerability allows for local privilege escalation to the superuser root level and affects the Linux kernel module: algifaead. Vulnerability status : PT NGFW i...

PT-2026-45354

Incorrect permission assignment for critical resource issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

PT-2026-45414

A heap buffer overflow in the m2tsdmx send packet function filters/dmx m2ts.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a crafted MP4 file...

PT-2026-45574

In multiple functions of ubsan throwing runtime.cpp, there is a possible way to cause a system crash due to improper input validation. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45652

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. An Insecure Direct Object Reference IDOR—a flaw where an application provides direct access to objects based on user-supplied input—exists in Kiteworks Secu...

PT-2026-45584

In getPreferredSize of LauncherProcessImageListener.kt, there is a possible denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for exploitation...

PT-2026-45650

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description A stored Cross-Site Scripting XSS issue in Kiteworks Secure Data Forms allows an authenticated attacker to execute arbitrary JavaScript code within the sessions of other users. Recommendations Upda...

PT-2026-45440

Name of the Vulnerable Software and Affected Versions Gravity Forms versions prior to 2.10.0.2 Description An improper limitation of a pathname to a restricted directory, known as Path Traversal, exists in Gravity Forms. This allows an attacker to access files and directories outside of the...

PT-2026-45276

A weakness has been identified in Assimp up to 6.0.4. Affected by this vulnerability is the function aiNode::aiNode of the file scene.cpp of the component ASE File Parser. Executing a manipulation can lead to use after free. The attack needs to be launched locally. The exploit has been made...

PT-2026-45483

Impact When relying solely on a git commit ID SHA-1 or SHA-256 to qualify if a checkout of a repository is equivalent to the state validated while adding its commit ID to a kas configuration, users may be tricked to check out a branch of the same name from this repository. This implies that the...

PT-2026-45623

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...