PT-2025-49626

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the hpsa init one function within the SCSI subsystem of the Linux kernel. The hpda alloc ctlr info function allocates memory for a controller information structur...

PT-2025-46861

MaxKB is an open-source AI assistant for enterprise. In versions prior to 2.3.1, a user can get sensitive informations by Python code in tool module, although the process run in sandbox. Version 2.3.1 fixes the issue...

PT-2025-37346

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.1.0 through 7.4.3.101 Liferay DXP versions 2023.Q3.1 through 2023.Q3.4 Liferay Portal 7.4 GA through update 92 Liferay Portal 7.3 GA through update 35 Older unsupported versions Description: An open redirect issue...

PT-2025-36507

Name of the Vulnerable Software and Affected Versions: Fides versions prior to 2.69.1 Description: Fides is an open-source privacy engineering platform. Admin UI user password changes do not invalidate active user sessions prior to version 2.69.1, creating a vulnerability chaining opportunity...

PT-2025-33890 · Totvs · Totvs Portal Meu Rh

Name of the Vulnerable Software and Affected Versions: TOTVS Portal Meu RH versions up to 12.1.17 Description: A flaw has been identified in the Password Reset Handler component that may allow for an open redirect. Manipulation of the redirectUrl argument can lead to a redirect to an arbitrary UR...

PT-2025-34069 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

PT-2025-34146 · My-Site · My-Site

Name of the Vulnerable Software and Affected Versions: my-site version 1.0.2 Description: Incorrect access control in the preHandle function allows attackers to access sensitive components without authentication via the cn.luischen.interceptor.BaseInterceptor class. Recommendations: Update to a...

PT-2025-32422 · Workos · Authkit

Name of the Vulnerable Software and Affected Versions: @workos-inc/authkit-remix versions 0.14.1 and below Description: The AuthKit library for Remix exposed sensitive authentication artifacts – specifically sealedSession and accessToken – by returning them from the authkitLoader, causing them to...

PT-2025-29613 · Cyberark · Secrets Manager +1

Name of the Vulnerable Software and Affected Versions: Conjur OSS versions 1.19.5 through 1.21.1 Secrets Manager, Self-Hosted versions 13.1 through 13.4.1 Description: Conjur provides secrets management and application identity for infrastructure. An authenticated attacker who can inject secrets ...

PT-2025-28925 · Jenkins · Jenkins Sensedia Api Platform Tools Plugin

Name of the Vulnerable Software and Affected Versions: Jenkins Sensedia Api Platform Tools Plugin version 1.0 Description: The Jenkins Sensedia Api Platform Tools Plugin stores the Sensedia API Manager integration token unencrypted in its global configuration file on the Jenkins controller. This...

PT-2025-27340 · Undefined · Undefined

CVE-2013-1440 - CVE-2022-26237: Microsoft Windows DNS Server Remote Code Execution Vulnerability CVE ID : CVE-2013-1440 Published : June 26, 2025, 9:15 p.m. | 3 hours, 2 minutes ago Description : Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Severity:...

PT-2025-25898 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to the XDP SHARED UMEM mode in the Linux kernel, where packets are corrupted for the second and any further sockets bound to the same umem. This does not affect th...

PT-2025-25938 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the initialization of jump labels on 64-bit systems. Specifically, calling jump label init in setup featu...

PT-2025-25467 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure problem. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this...

PT-2025-18559 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue has been identified in the Linux kernel, specifically in the ASoC core. The issue arises when snd soc util init fails, but its return value is ignored, leading t...

PT-2025-9655 · Mozilla +9 · Firefox +9

Name of the Vulnerable Software and Affected Versions: Firefox versions prior to 136 Firefox ESR versions prior to 115.21 Firefox ESR versions prior to 128.8 Description: A compromised content process could trigger a use-after-free in the Browser process by sending bad StreamData over AudioIPC...

PT-2025-5663 · Oatpp · Oatpp

Name of the Vulnerable Software and Affected Versions: oatpp affected versions not specified Description: The issue is related to a heap-buffer-overflow error. Technical details about the error include the escapeString function, serializeString function, and serializePairs function...

PT-2024-39774

Name of the Vulnerable Software and Affected Versions Hunk Companion plugin for WordPress versions prior to 1.9.0 WP Query Console versions affected versions not specified Description The Hunk Companion plugin for WordPress has a flaw allowing unauthorized plugin installation and activation. This...

PT-2024-41391 · Suse +7 · Kernel-Azure +12

The SUSE Linux Enterprise 12 SP5 Azure kernel was updated to receive various security bugfixes. The following security bugs were fixed: - CVE-2024-39494: ima: Fix use-after-free on a dentry's dname.name bsc1227716. - CVE-2024-42096: x86: stop playing stack games in profile pc bsc1228633. -...

PT-2024-36483 · Kofax · Kofax Power Pdf

Name of the Vulnerable Software and Affected Versions: Kofax Power PDF affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Kofax Power PDF. It requires user interaction, where the target must visit a malicious page...

PT-2024-27537 · Electrolink · Electrolink Transmitters

Name of the Vulnerable Software and Affected Versions: Electrolink transmitters affected versions not specified Description: The issue concerns Electrolink transmitters storing credentials in clear-text, which could allow an attacker to access the system using these credentials. Recommendations: ...

PT-2023-31942 · Kantega +1 · Kantega Saml Sso Oidc Kerberos Single Sign-On +4

Name of the Vulnerable Software and Affected Versions: Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos...

PT-2023-31523 · Hewlett Packard · Hpe Integrated Lights-Out 6 +2

Name of the Vulnerable Software and Affected Versions: HPE Integrated Lights-Out 5 iLO 5 affected versions not specified HPE Integrated Lights-Out 6 iLO 6 affected versions not specified Description: A potential security issue has been identified that could allow authentication bypass. This issue...

PT-2025-18864 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability has been resolved in the Linux kernel. The issue was found by Syzbot and is related to the ext4 file system. Specifically, it concerns the ext4 update inline data...

PT-2023-27199 · WordPress · Wordpress

Name of the Vulnerable Software and Affected Versions: WordPress versions 4.1 through 4.1.38 WordPress versions 4.2 through 4.2.35 WordPress versions 4.3 through 4.3.31 WordPress versions 4.4 through 4.4.30 WordPress versions 4.5 through 4.5.29 WordPress versions 4.6 through 4.6.26 WordPress...

PT-2023-31778 · WordPress · The Contact Form By Formget

Name of the Vulnerable Software and Affected Versions: The Contact Form by FormGet plugin for WordPress versions up to, and including, 5.5.5 Description: The issue is related to Stored Cross-Site Scripting via the formget shortcode due to insufficient input sanitization and output escaping on...

PT-2023-18385 · WordPress · Login Rebuilder

Name of the Vulnerable Software and Affected Versions: Login rebuilder WordPress plugin versions prior to 2.8.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks, even when the unfiltered html capability is disallowed, for example, ...

PT-2024-1443 · Openeuler +7 · Openeuler Kernel +7

Name of the Vulnerable Software and Affected Versions: openEuler kernel versions 4.19.90 through 4.19.90-2401.3 openEuler kernel versions 5.10.0-60.18.0 through 5.10.0-183.0.0 Description: The issue is related to an integer overflow in the ext4 write inline data end function of the openEuler kern...

PT-2025-8523 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists around the sysctl igmp llm reports variable in the Linux kernel. This occurs because the variable can be changed concurrently while being read, potentially...

PT-2025-40694

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/i915 subsystem related to handling requests for GuC virtual engines. Specifically, references to i915 requests could be held indefinitely acro...

PT-2023-3345 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.2 Description: A use-after-free issue was found in the renesas usb3 remove function in the drivers/usb/gadget/udc/renesas usb3.c module of the Linux kernel's USB device driver. This issue is related to a rac...

PT-2023-14350 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The record for this issue has been rejected due to non-compliance with CNA rules, as it has not been used. The information is from the National...

PT-2022-21881 · Unknown · Microscada X Sys600 +1

Name of the Vulnerable Software and Affected Versions: MicroSCADA Pro affected versions not specified MicroSCADA X SYS600 affected versions not specified Description: An input validation issue exists in the Monitor Pro interface, allowing an authenticated user to perform administrator-level remot...

PT-2022-3971 · Draytek · Draytek Vigor

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor routers versions prior to 4.3.1.1 Description: The issue is related to a buffer overflow in the /cgi-bin/wlogin.cgi script of the DrayTek Vigor router's web management interface. This can be exploited by sending a specially...

PT-2022-08: Deserialization of untrusted data in Veeam Agent for Microsoft Windows

The vulnerability was identified in Veeam Agent for Windows versions 2.0, 2.1, 2.2, 3.0.2, 4.0, and 5.0. The discovered vulnerability allows local users to run arbitrary code with LOCAL SYSTEM privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 12.03.2022...

PT-2022-10654 · Unknown · Jquery File Upload

Name of the Vulnerable Software and Affected Versions: jQuery-Upload-File version 4.0.11 Description: A cross-site scripting XSS issue exists due to a vulnerability in the fileNameStr parameter, allowing attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript paylo...

PT-2022-16116 · Fleet +1 · Fleet +1

Name of the Vulnerable Software and Affected Versions: Fleet versions prior to 4.9.1 Description: The issue exposes a limited ability to spoof SAML authentication with missing audience verification, impacting deployments using SAML SSO in two specific cases. A malicious or compromised Service...

PT-2021-23224 · Rubygems · Rails Multisite

Name of the Vulnerable Software and Affected Versions: rails multisite versions prior to 4 Description: The issue impacts Rails applications using rails multisite alongside Rails' signed/encrypted cookies. Depending on how the application makes use of these cookies, it may be possible for an...

PT-2021-23212 · Unknown +1 · Graphql-Playground-React +2

Name of the Vulnerable Software and Affected Versions: graphiql versions prior to 1.4.7 graphql-playground-react versions prior to 1.7.28 Description: The vulnerability allows for compromised HTTP schema introspection responses or schema prop values with malicious GraphQL type names, exposing a...

PT-2023-2066 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.13.3 Description: The issue is related to a buffer overflow in the seq buf putmem hex function of the Linux kernel, which can lead to a denial of service. The problem is caused by the function writing beyond t...

PT-2021-4255 · Bluez +7 · Bluez +7

Name of the Vulnerable Software and Affected Versions: BlueZ affected versions not specified Description: The issue is related to improper access control in BlueZ, which may allow an authenticated user to potentially enable information disclosure via adjacent access. This is due to incorrect...

PT-2021-7753 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability was found in the fs/inode.c:inode init owner function logic of the Linux kernel. This issue allows local users to create files for the XFS file-system with unintended...

PT-2020-15252 · Uftpd · Uftpd

Name of the Vulnerable Software and Affected Versions: uftpd FTP server versions 2.7 to 2.10 Description: The issue arises from improper implementation of a chroot jail in the compose abspath function in common.c, leading to multiple unauthenticated directory traversal vulnerabilities in differen...

PT-2020-6080 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the Linux kernel's child/parent process identification handling while filtering signal handlers, related to a race condition and incorrect initialization of the...

PT-2020-3141 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 4.4 through 5.7.6 Description: The issue is related to a memory leak in the usbtest disconnect function. This function is part of the Linux kernel and is located in drivers/usb/misc/usbtest.c. The memory leak occurs when...

PT-2019-4253 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel versions through 5.3.12 Description: The issue in the Linux kernel's btrfs free extent function allows local users to obtain potentially sensitive information about register values via the dmesg program in a certain ENOENT case...

PT-2019-5853 · Imagemagick +5 · Imagemagick +5

Name of the Vulnerable Software and Affected Versions: ImageMagick versions prior to 7.0.8-68 Description: The issue is related to the WriteOnePNGImage function from coders/png.c the PNG coder which has a for loop with an improper exit condition. This can allow an out-of-bounds READ via...

PT-2019-11811 · Jenkins · Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin affected versions not specified Description: The issue concerns a custom whitelist for script security in the Jenkins Kubernetes :: Pipeline :: Kubernetes Steps Plugin, which allowed...

PT-2020-5463 · Fasterxml +7 · Jackson-Databind +7

Name of the Vulnerable Software and Affected Versions: FasterXML jackson-databind versions 2.0.0 through 2.9.10.3 FasterXML jackson-databind versions 2.6.0 through 2.6.7.3 Description: The issue is related to the interaction between serialization gadgets and typing, specifically with...

PT-2017-2911 · Geutebruck · G-Cam/Efd-2250

Name of the Vulnerable Software and Affected Versions: Geutebruck IP Camera G-Cam/EFD-2250 version 1.11.0.12 Description: The issue is related to the improper neutralization of special elements in the logic of data requests, which can allow a remote attacker to gain access to the operating system...