175418 matches found
PT-2026-2291
Name of the Vulnerable Software and Affected Versions osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 Description osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 contain an arbitrary file read issue in the ticket PDF export functionality. An attacker can...
PT-2026-1529
Name of the Vulnerable Software and Affected Versions versions prior to 2025-47334 Description A memory corruption issue exists when processing shared command buffer packets between the camera userspace and kernel. This can potentially lead to system instability or compromise. The issue involves ...
PT-2025-54457
Name of the Vulnerable Software and Affected Versions PocketMine-MP versions prior to 4.18.1 Description PocketMine-MP versions prior to 4.18.1 have an issue with how input is checked when handling inventory transactions. A remote attacker who has a valid player session can ask the server to drop...
PT-2025-46897
Name of the Vulnerable Software and Affected Versions Dell Alienware Command Center versions prior to 6.10.15.0 Description Dell Alienware Command Center 6.x has an issue involving insecure temporary files. A local attacker with limited privileges could potentially modify information...
PT-2025-43882
Name of the Vulnerable Software and Affected Versions projectworlds Expense Management System version 1.0 Description A flaw exists in projectworlds Expense Management System that allows for cross site scripting. The issue is located in an unknown function within the /public/admin/users/create fi...
PT-2025-43475
In onActivityResult of EditFdnContactScreen.java, there is a possible way to leak contacts from the work profile due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PT-2025-41957
Name of the Vulnerable Software and Affected Versions Fortinet FortiAnalyzer versions 7.6.0 through 7.6.3 Fortinet FortiAnalyzer versions prior to 7.4.6 Description An improper authentication issue exists in FortiAnalyzer. An unauthenticated attacker can obtain information about the device’s heal...
PT-2025-41094
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's fbdev subsystem, specifically within the omapfb and lcd mipid components. An error handling path in the mipid spi probe function does not properly fre...
PT-2025-41062
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the BTRFS file system. Specifically, the issue involves the handling of reloc trees, which are used for managing shared tree blocks between...
PT-2025-41180
『allow an unauthenticated user to execute arbitrary commands with lower user privileges on the system』 IBM Security Verify Access and IBM Verify Identity Access products. CVE-2025-36354, CVE-2025-36355, CVE-2025-363546 https://t.co/SJGzwogo72...
PT-2025-38294
Name of the Vulnerable Software and Affected Versions D-Link DIR-823X versions 240126, 240802, and 250416 Description A weakness exists in the Environment Variable Handler component of the D-Link DIR-823X router. Manipulation of the terminal addr, server ip, or server port argument within the sub...
PT-2025-38123
Name of the Vulnerable Software and Affected Versions: StoreEngine – Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More versions prior to 1.5.1 Description: The StoreEngine WordPress plugin is susceptible to arbitrary file uploads due to the absence of file ty...
PT-2025-36911
Name of the Vulnerable Software and Affected Versions lmsys sglang version 0.4.6 Description A security flaw exists in lmsys sglang version 0.4.6. The issue involves the main function within the /update weights from tensor file, which is susceptible to deserialization due to manipulation of the...
PT-2025-36073
Name of the Vulnerable Software and Affected Versions: DevicePolicyManagerService.java affected versions not specified Description: A logic error in the saveGlobalProxyLocked function within DevicePolicyManagerService.java may allow for desynchronization from persistence. This could lead to local...
PT-2025-35730
Name of the Vulnerable Software and Affected Versions: MailOptin versions through 1.2.75.0 Description: MailOptin is susceptible to a cross-site scripting XSS issue due to improper neutralization of input during web page generation. This allows for stored XSS attacks. Recommendations: Update...
PT-2025-35703
Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions prior to 3.2.2 Description: An authenticated user can execute any shell script on the server through the alert script functionality due to improper input validation. Recommendations: Upgrade to version 3.3.1...
PT-2025-35837
Name of the Vulnerable Software and Affected Versions: code-projects Responsive Blog Site version 1.0 Description: A weakness exists in code-projects Responsive Blog Site 1.0, affecting an unknown function within the blogs view.php file. Manipulation of the product code, gen name, product name, o...
PT-2025-34493 · Salesforce · Tableau Server
Name of the Vulnerable Software and Affected Versions: Tableau Server versions prior to 2025.1.3 Tableau Server versions prior to 2024.2.12 Tableau Server versions prior to 2023.3.19 Description: A Path Traversal vulnerability exists in Salesforce Tableau Server on Windows and Linux due to improp...
PT-2025-34188
Name of the Vulnerable Software and Affected Versions: GiveWP – Donation Plugin and Fundraising Platform versions prior to 4.5.1 Description: The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is susceptible to unauthorized data modification. This is due to the absence of ...
PT-2025-33234 · Unknown +2 · Gravity Forms +2
Name of the Vulnerable Software and Affected Versions: CRM Perks Connector for Gravity Forms and Google Sheets versions through 1.2.4 Description: The CRM Perks Connector for Gravity Forms and Google Sheets is susceptible to a Cross-Site Request Forgery CSRF issue. This allows for the potential...
PT-2025-32366 · Trendnet · Tpl-430Ap +2
Name of the Vulnerable Software and Affected Versions: TRENDnet TI-G160i versions up to 20250724 TRENDnet TI-PG102i versions up to 20250724 TRENDnet TPL-430AP versions up to 20250724 Description: A critical vulnerability exists in the SSH Service component of TRENDnet devices. The issue involves...
PT-2025-31651 · Unknown · Microweber Cms
Name of the Vulnerable Software and Affected Versions: Microweber CMS version 2.0 Description: This issue involves a reflected Cross-Site Scripting XSS vulnerability. It allows arbitrary JavaScript execution within the context of authenticated administrator users through manipulation of the layou...
PT-2025-31684 · Microsoft +1 · Windows +1
Name of the Vulnerable Software and Affected Versions: MiniWeb HTTP Server versions prior to and including Build 300 Description: An unrestricted file upload vulnerability exists that allows unauthenticated remote attackers to upload arbitrary files to the server’s filesystem. By abusing the uplo...
PT-2025-31523 · Copyparty · Copyparty
Name of the Vulnerable Software and Affected Versions: Copyparty versions 1.18.6 and below Description: Copyparty is a portable file server susceptible to a reflected Cross-Site Scripting XSS issue. When accessing the recent uploads page at /?ru, the application does not properly escape...
PT-2025-31267 · National Instruments · Ni Labview
Name of the Vulnerable Software and Affected Versions: NI LabVIEW versions 2025 Q1 and prior Description: A memory corruption issue due to improper error handling when a VILinkObj is null exists, potentially leading to arbitrary code execution. Successful exploitation requires a user to open a...
PT-2025-31109 · Gitlab · Gitlab Language Server
Name of the Vulnerable Software and Affected Versions: GitLab Language Server versions 7.6.0 through 7.29.0 Description: Insufficient input validation within GitLab Language Server allows arbitrary GraphQL query execution. Recommendations: Update to GitLab Language Server version 7.30.0 or later...
PT-2025-30391 · Unknown · Wrc-Be36Qs-B +1
Name of the Vulnerable Software and Affected Versions: WRC-BE36QS-B WRC-W701-B Description: A hidden functionality issue exists that may allow a remote attacker to enable the product’s hidden debug function by logging into the WebGUI. Recommendations: At the moment, there is no information about ...
PT-2025-29524 · Xwiki · Xwiki
Name of the Vulnerable Software and Affected Versions: XWiki versions 4.2-milestone-1 through 13.10.10 XWiki versions 14.4.0 through 14.4.6 XWiki versions 14.10.0 through 14.9.9 Description: XWiki Rendering is a system that converts textual input into different syntaxes. A flaw exists where the...
PT-2025-27581
Name of the Vulnerable Software and Affected Versions: Apache Guacamole versions 1.5.5 and older Description: The issue is related to improper validation of console codes received from servers via text-based protocols like SSH. A malicious user with access to a text-based connection could execute...
PT-2025-26840 · Onetrust · Onetrust Sdk
Name of the Vulnerable Software and Affected Versions: OneTrust SDK version 6.33.0 Description: The issue allows a local attacker to cause a denial of service via the Object.setPrototypeOf, proto , and Object.assign components. Recommendations: For OneTrust SDK version 6.33.0, consider disabling...
PT-2025-26556 · Unknown · Codeastro Expense Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Expense Management System version 1.0 Description: A vulnerability was found in the system, which has been rated as problematic. It affects some unknown functionality and leads to cross-site request forgery. The attack may be launch...
PT-2025-25966
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue has been identified in the Linux kernel, specifically in the sja1105 setup devlink regions function. This occurs when an error happens in dsa devlink region creat...
PT-2025-25212
Name of the Vulnerable Software and Affected Versions Microsoft 365 Copilot affected versions not specified Description EchoLeak is a critical zero-click prompt injection issue that allows an unauthorized remote attacker to exfiltrate sensitive organizational data, including emails, documents, an...
PT-2025-24612 · WordPress · Elementor Website Builder
Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions up to, and including, 3.29.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...
PT-2025-21834 · Advaya Softech · Advaya Softech Gems Erp Portal
Name of the Vulnerable Software and Affected Versions: Advaya Softech GEMS ERP Portal version 2.1 Description: A critical issue was found in the software, affecting an unknown part of the file "/studentLogin/studentLogin.action". The manipulation of the userId argument leads to SQL injection. It ...
PT-2025-23249 · Freescout · Freescout
Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to Cross-Site Scripting XSS attacks due to incorrect input validation and sanitization of user-input data during mail signature sanitization. An attacker can inject arbitra...
PT-2025-16493 · Growatt · Cloud Portal
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An attacker can obtain information about the groups of smart home devices for arbitrary users, referred to as "rooms". Recommendations: At the moment, there is no information about a newer...
PT-2025-14071 · Unknown · Qi Addons For Elementor
Name of the Vulnerable Software and Affected Versions: King Addons for Elementor versions through 24.12.58 Description: The issue is related to a Missing Authorization vulnerability. It is reported to affect devices worldwide, but the exact number of potentially affected devices is not specified...
PT-2025-35718
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's netfilter module related to handling duplicate devices during netfilter table updates. Specifically, a chain or flowtable update may proceed with...
PT-2025-6100
Name of the Vulnerable Software and Affected Versions Wazuh versions 4.4.0 through 4.9.1 Description Wazuh, a platform used for threat prevention, detection, and response, is affected by an unsafe deserialization vulnerability. This flaw, potentially allowing remote code execution, arises from th...
PT-2025-5738
Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate...
PT-2025-1283 · Microsoft +5 · Edge +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Payments component of Google Chrome and Microsoft Edge, allowing a remote...
PT-2025-1280 · Microsoft +5 · Edge +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge versions affected versions not specified Description: The issue is related to a race condition in the Frames component of Google Chrome and Microsoft Edge, allowing a remote attacke...
PT-2025-1977 · Go +2 · Github.Com/Ollama/Ollama +2
Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: A security issue has been discovered in a famous LLM product. The estimated number of potentially affected devices worldwide is not...
PT-2025-3215 · Webdeclic · Webdeclic Wpmastertoolkit
Name of the Vulnerable Software and Affected Versions: Webdeclic WPMasterToolKit versions 1.13.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to unauthorized upload of malicio...
PT-2026-5515
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to DMA engine functionality, specifically within the dw dmamux component. The issue involves a potential Open Firmware OF node leak during route...
PT-2025-9943
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference issue has been resolved in the Linux kernel, specifically in the iwlwifi mvm module. The issue occurred when iterating over the links of a vif, where a check w...
PT-2024-32617 · Mattermost +1 · Mattermost +1
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1 Description: The issue allows an attacker to generate a large response and cause an amplified GraphQL response which...
PT-2024-7388 · Mitsubishi · M800/M80/E80 Series +5
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric M800V/M80V Series versions affected versions not specified Mitsubishi Electric M800/M80/E80 Series versions affected versions not specified Mitsubishi Electric C80 Series versions affected versions not specified Mitsubishi...
PT-2024-5919 · Google +4 · Skia +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. Th...