175403 matches found
PT-2026-20802
Any unauthenticated user can reset the WorkTime on-prem database configuration by sending a specific HTTP request to the WorkTime server. No authorization check is applied here...
PT-2026-4581
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...
PT-2026-4329
Name of the Vulnerable Software and Affected Versions HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.2.800 HPE Alletra 6000/5000 and Nimble Storage versions prior to 6.1.3.300 Description A privilege escalation flaw exists in HPE Alletra 6000/5000 and Nimble Storage arrays. An...
PT-2025-41227
Name of the Vulnerable Software and Affected Versions Chartify – WordPress Chart Plugin versions prior to 3.5.9 Description The software contains a missing authentication check for a critical function. An unauthenticated AJAX action is registered, dispatching to admin-class methods based on a...
PT-2025-10720 · Rsa · Archer Platform
Name of the Vulnerable Software and Affected Versions: Archer Platform versions 6 through 6.14.00202.10024 Description: The issue allows an authenticated user with record creation privileges to manipulate immutable fields, such as the creation date, by intercepting and modifying a Copy request vi...
PT-2024-41495
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.1 Description A permissions issue allowed a malicious application with root privileges to access private information. This was addressed with additional restrictions. Recommendations Update to macOS version 15.1 or...
PT-2024-43: Remote code execution (RCE) in MediaCMS
The vulnerability was identified in MediaCMS, versions 4.1.0. Discovered vulnerability allows an attacker to execute OS commands on a vulnerable host, gain control over resources, and penetrate the internal network. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...
PT-2024-21948
Name of the Vulnerable Software and Affected Versions ChatGPT versions affected versions not specified Description A server-side request forgery SSRF vulnerability exists in the pictureproxy.php file of ChatGPT, specifically within commit f9f4bbc. This flaw allows attackers to force the applicati...
PT-2023-2775 · Cisco · Cisco Dna Center
Name of the Vulnerable Software and Affected Versions: Cisco DNA Center Software affected versions not specified Description: The issue is related to multiple vulnerabilities in the API of Cisco DNA Center Software. These vulnerabilities could allow an authenticated, remote attacker to read...
PT-2023-19107 · Mainwp · Mainwp Matomo Extension
Name of the Vulnerable Software and Affected Versions: MainWP Matomo Extension versions prior to 4.0.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintended actions on a web...
PT-2022-22958 · Dotcms · Dotcms
Name of the Vulnerable Software and Affected Versions: dotCMS versions prior to 22.06 dotCMS version 5.3.8.12 dotCMS version 21.06.9 dotCMS version 22.03.2 Description: The issue allows remote attackers to bypass intended access control and obtain sensitive information by using a semicolon in a U...
PT-2022-23551 · Unknown · Simple Task Scheduling System
Name of the Vulnerable Software and Affected Versions: Simple Task Scheduling System version 1.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability can be exploited via the id parameter at the "/classes/Master.php?f=delete student" endpoint. Recommendations: Fo...
PT-2026-48692
Impact An invalid incoming compressed message can cause a client or server process to crash. This affects all clients and servers that use @grpc/grpc-js Patches The following version have fixes for this vulnerability: - 1.9.16 - 1.10.12 - 1.11.4 - 1.12.7 - 1.13.5 - 1.14.4 Workarounds There is no...
PT-2026-40831
Name of the Vulnerable Software and Affected Versions Web::Passwd version 0.03 Description Web::Passwd, a small CGI application for managing htpasswd files via the htpasswd command, allows remote code execution. The user parameter is not validated or escaped before being used as the final argumen...
PT-2026-39963
The Coinbase Commerce for Contact Form 7 plugin for WordPress is vulnerable to Missing Authorization in versions up to and including 1.1.2. This is due to a missing capability check and missing nonce verification in the save settings function, which is registered on the admin post cccf7 save...
PT-2026-40079
Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...
PT-2026-40094
Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...
PT-2026-39928
Name of the Vulnerable Software and Affected Versions SAP NetWeaver Application Server for ABAP and ABAP Platform affected versions not specified Description An OS Command Injection issue allows an authenticated attacker with administrative access to execute specially crafted shell commands on th...
PT-2026-38395
Name of the Vulnerable Software and Affected Versions vm2 versions prior to 3.11.0 Description Sandboxed code can call the Buffer.alloc function with an arbitrary size to allocate memory directly on the host heap. Because Buffer.alloc is a synchronous C++ native call, the timeout option cannot...
PT-2026-37180
Name of the Vulnerable Software and Affected Versions Icinga Web versions prior to 0.13.1 Description An issue allows an attacker to inject malicious Javascript into a victim's browser to execute it within the context of Icinga Web. This occurs when a victim visits a specifically prepared website...
PT-2026-28590
Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A flaw exists in the Docker daemon’s privilege validation process during docker plugin install. The daemon does not fully enforce plugin privilege checks, potentially allowing unintended...
PT-2026-27788
Name of the Vulnerable Software and Affected Versions Cisco IOS Software affected versions not specified Cisco IOS XE Software affected versions not specified Cisco Secure Firewall Adaptive Security Appliance ASA Software affected versions not specified Cisco Secure Firewall Threat Defense FTD...
PT-2026-25089
soroban-sdk is a Rust SDK for Soroban contracts. Prior to 22.0.11, 23.5.3, and 25.3.0, The Fr scalar field types for BN254 and BLS12-381 in soroban-sdk compared values using their raw U256 representation without first reducing modulo the field modulus r. This caused mathematically equal field...
PT-2026-1484
Name of the Vulnerable Software and Affected Versions CodexThemes TheGem Theme Elements for Elementor versions through 5.11.0 Description TheGem Theme Elements for Elementor contains a flaw related to improper control of filename for include/require statements, potentially leading to PHP Local Fi...
PT-2025-47840
Name of the Vulnerable Software and Affected Versions D-Link DIR-822K versions 1.00 20250513164613 D-Link DWR-M920 versions 1.00 20250513164613 and 1.1.50 Description A buffer overflow issue exists in D-Link DIR-822K and DWR-M920. The issue is located in the file /boafrm/formFirewallAdv...
PT-2025-40844
Name of the Vulnerable Software and Affected Versions Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0 Description A security issue exists in the Tipray Data Leakage Prevention System. The findRolePage function within the findSingConfigPage.do file is susceptible to SQL...
PT-2025-35599
Name of the Vulnerable Software and Affected Versions DASYLab affected versions not specified Description DASYLab is susceptible to an out-of-bounds write due to improper bounds checking when parsing a DSB file. This can lead to arbitrary code execution if a user opens a specially crafted DSB fil...
PT-2025-29696 · Unknown · Access Point
Name of the Vulnerable Software and Affected Versions: Access point affected versions not specified Description: Successful exploitation of the issue could allow an attacker to inject commands with root privileges on the access point, potentially leading to the loss of confidentiality, integrity,...
PT-2025-24464 · Unknown · Snstheme Nitan
Name of the Vulnerable Software and Affected Versions: snstheme Nitan versions n/a through 2.9 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...
PT-2025-16290 · Unknown · Vision Helpdesk
Name of the Vulnerable Software and Affected Versions: Vision Helpdesk versions 5.7.0 and earlier Description: The issue allows Time-Based Blind SQL injection via the vis username parameter in the Forgot Password feature, also known as index.php?/home/forgot-password. No authentication is require...
PT-2025-11458
Name of the Vulnerable Software and Affected Versions WebAssembly wabt version 1.0.36 Description A critical issue affects the function wabt::interp::anonymous namespace::BinaryReaderInterp::OnExport of the component Malformed File Handler, leading to a heap-based buffer overflow. The attack may ...
PT-2025-11089 · Unknown · Softether Vpn
Name of the Vulnerable Software and Affected Versions: SoftEther VPN version 5.02.5187 Description: The issue is related to a Buffer Overflow in the Command.c file, specifically via the PtMakeCert and PtMakeCert2048 functions. Recommendations: For SoftEther VPN version 5.02.5187, consider disabli...
PT-2025-3350 · Technitium · Technitium Dns Server
Name of the Vulnerable Software and Affected Versions: Technitium DNS Server versions = 13.2.2 Description: The issue allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. This can lead to a deni...
PT-2024-41: Bypass authentication in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2
The vulnerability was identified in PT MaxPatrol SIEM, PT MaxPatrol VM, PT MaxPatrol EDR, PT MaxPatrol Carbon и PT MaxPatrol O2 that affects versions that include component PT MC version earlier than 101.4.8813 and component MPX version earlier than 27.2.14850. The discovered vulnerability allows...
PT-2024-34298 · Elementor · Alley Elementor Widget
Name of the Vulnerable Software and Affected Versions: Alley Elementor Widget versions 1.0.0 through 1.0.7 Description: The issue is related to improper neutralization of input during web page generation, which allows for DOM-Based XSS. This means an attacker could potentially inject malicious...
PT-2024-21813 · Zohocorp · Manageengine Ddi Central
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine DDI Central versions 4001 and prior Description: The issue allows a user to upload new files to the server folder due to a directory traversal vulnerability. Recommendations: For versions 4001 and prior, consider...
PT-2024-30780
Name of the Vulnerable Software and Affected Versions Jetpack – WP Security, Backup, Speed, & Growth plugin for WordPress versions up to, and including, 13.3.1 Description The issue is related to Stored Cross-Site Scripting via the plugin's wpvideo shortcode due to insufficient input sanitization...
PT-2024-27721 · Unknown · Phpgurukul Student Record System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Student Record System version 3.20 Description: A critical issue was found in the PHPGurukul Student Record System, affecting some unknown functionality of the file /edit-subject.php. The manipulation of the arguments sub1, sub2,...
PT-2024-22995 · Google · Android
Name of the Vulnerable Software and Affected Versions: Software affected versions not specified Description: The issue is related to a possible out of bounds read in the tmu get pi function of tmu.c due to improper input validation. This could lead to local information disclosure with no addition...
PT-2024-22733 · Woocommerce · Woocommerce Google Feed Manager
Name of the Vulnerable Software and Affected Versions: WooCommerce Google Feed Manager versions n/a through 2.2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
PT-2024-1986 · Ibm · Ibm Filenet Content Manager
Name of the Vulnerable Software and Affected Versions: IBM CP4BA - Filenet Content Manager Component versions 5.5.8.0 through 5.5.11.0 Description: The issue is related to insufficient access control in the IBM FileNet Content Manager component, which could allow a user to gain the privileges of...
PT-2023-31088 · Captainform · Forms By Captainform
Name of the Vulnerable Software and Affected Versions: Forms by CaptainForm – Form Builder for WordPress versions through 2.5.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enable...
PT-2023-29722 · Libsyn · Libsyn Publisher Hub
Name of the Vulnerable Software and Affected Versions: Libsyn Libsyn Publisher Hub plugin versions 1.4.4 and earlier Description: The issue is related to an Unauth. Reflected Cross-Site Scripting XSS vulnerability. This type of vulnerability allows an attacker to inject malicious scripts into a...
PT-2023-29736 · Zkteco · Zkteco Zem800
Name of the Vulnerable Software and Affected Versions: ZKTeco ZEM800 version 6.60 Description: An IDOR vulnerability has been found in the ZKTeco ZEM800 product. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or...
PT-2023-21824 · Qualcomm · Sd205 Firmware +58
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue arises from the cam get device priv function not checking the type of handle being returned, which can be a device, session, or link handle...
PT-2023-14370 · Ibm · Ibm Storage Scale Container Native Storage Access
Name of the Vulnerable Software and Affected Versions: IBM Storage Scale Container Native Storage Access versions 5.1.2.1 through 5.1.6.1 Description: The issue allows a local user to obtain escalated privileges on a host without proper security context settings configured. Recommendations: For...
PT-2023-23176 · Mage Ai · Mage Ai
Name of the Vulnerable Software and Affected Versions: mage-ai versions 0.8.34 through 0.8.71 Description: The issue affects mage-ai, an open-source data pipeline tool, when used with user authentication enabled. It allows the terminal to be accessed by users who are not signed in or do not have...
PT-2023-20852 · Llvm +1 · Llvm +1
Name of the Vulnerable Software and Affected Versions: LLVM version a0dab4950 Description: The issue is related to a segmentation fault in the mlir::outlineSingleBlockRegion function. It is noted that third parties dispute this as a vulnerability because the LLVM security policy excludes issues...
PT-2023-20010 · Gfi · Gfi Kerioconnect
Name of the Vulnerable Software and Affected Versions: GFI Kerio Connect versions 9.4.1 patch 1 through 9.4.1 patch 1 Description: An issue was discovered in the webmail component's 2FASetup function, which is vulnerable to a stack-based Buffer Overflow. This occurs via an authenticated request...
PT-2022-14002
Name of the Vulnerable Software and Affected Versions M-Files Server versions prior to 22.3.11164.0 M-Files Server versions prior to 22.3.11237.1 Description The issue is related to incorrect privilege assignment, allowing a user to read unmanaged objects. Recommendations For versions prior to...