PT-2025-24612 · WordPress · Elementor Website Builder

Name of the Vulnerable Software and Affected Versions: Elementor Website Builder Pro plugin for WordPress versions up to, and including, 3.29.0 Description: The issue is related to Stored Cross-Site Scripting due to insufficient input sanitization and output escaping. This allows authenticated...

PT-2025-21834 · Advaya Softech · Advaya Softech Gems Erp Portal

Name of the Vulnerable Software and Affected Versions: Advaya Softech GEMS ERP Portal version 2.1 Description: A critical issue was found in the software, affecting an unknown part of the file "/studentLogin/studentLogin.action". The manipulation of the userId argument leads to SQL injection. It ...

PT-2025-16493 · Growatt · Cloud Portal

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An attacker can obtain information about the groups of smart home devices for arbitrary users, referred to as "rooms". Recommendations: At the moment, there is no information about a newer...

PT-2025-35718

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's netfilter module related to handling duplicate devices during netfilter table updates. Specifically, a chain or flowtable update may proceed with...

PT-2025-6100

Name of the Vulnerable Software and Affected Versions Wazuh versions 4.4.0 through 4.9.1 Description Wazuh, a platform used for threat prevention, detection, and response, is affected by an unsafe deserialization vulnerability. This flaw, potentially allowing remote code execution, arises from th...

PT-2025-5738

Name of the Vulnerable Software and Affected Versions nginx versions 1.11.4 through 1.27.31 nginx version 1.26.3 nginx version 1.27.4 Description When multiple server blocks are configured to share the same IP address and port, an attacker can use session resumption to bypass client certificate...

PT-2025-1283 · Microsoft +5 · Edge +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Payments component of Google Chrome and Microsoft Edge, allowing a remote...

PT-2025-1280 · Microsoft +5 · Edge +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge versions affected versions not specified Description: The issue is related to a race condition in the Frames component of Google Chrome and Microsoft Edge, allowing a remote attacke...

PT-2025-1977 · Go +2 · Github.Com/Ollama/Ollama +2

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: A security issue has been discovered in a famous LLM product. The estimated number of potentially affected devices worldwide is not...

PT-2025-3215 · Webdeclic · Webdeclic Wpmastertoolkit

Name of the Vulnerable Software and Affected Versions: Webdeclic WPMasterToolKit versions 1.13.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to unauthorized upload of malicio...

PT-2026-5515

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to DMA engine functionality, specifically within the dw dmamux component. The issue involves a potential Open Firmware OF node leak during route...

PT-2024-32617 · Mattermost +1 · Mattermost +1

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.9 Mattermost versions 9.10.x through 9.10.2 Mattermost versions 9.11.x through 9.11.1 Description: The issue allows an attacker to generate a large response and cause an amplified GraphQL response which...

PT-2024-7388 · Mitsubishi · M800/M80/E80 Series +5

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric M800V/M80V Series versions affected versions not specified Mitsubishi Electric M800/M80/E80 Series versions affected versions not specified Mitsubishi Electric C80 Series versions affected versions not specified Mitsubishi...

PT-2024-5919 · Google +4 · Skia +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. Th...

PT-2024-30427 · Mediavine · Create By Mediavine

Name of the Vulnerable Software and Affected Versions: Create by Mediavine versions 1.9.8 and earlier Description: This issue exposes sensitive information to unauthorized actors. Users are urged to upgrade to the latest version to mitigate risks. Recommendations: For versions 1.9.8 and earlier,...

PT-2024-37570 · WordPress · User Profile Builder

Name of the Vulnerable Software and Affected Versions: User Profile Builder WordPress plugin versions prior to 3.11.8 Description: The issue allows unauthenticated users to upload media files via the async upload functionality of WordPress due to a lack of proper authorization. Recommendations: F...

PT-2024-29710 · Splashtop · Splashtop Streamer

Name of the Vulnerable Software and Affected Versions: Splashtop Streamer for Windows versions prior to 3.7.0.0 Description: The MSI installer for Splashtop Streamer for Windows uses a temporary folder with weak permissions during installation. A local user can exploit this to escalate privileges...

PT-2024-4623

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.59 and earlier Description: The issue is related to the core of the Apache HTTP Server, where malicious or exploitable response headers from backend applications can lead to information disclosure, Server-Side...

PT-2024-26109

Name of the Vulnerable Software and Affected Versions GP Premium plugin for WordPress versions up to, and including, 2.4.0 Description The issue is related to Reflected Cross-Site Scripting via the message parameter due to insufficient input sanitization and output escaping. This allows...

PT-2024-6083

Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to the next release exact version not specified CPython version 3.9 and earlier Description The issue is related to the OpenSSL API function SSL select next proto which can cause a crash or memory contents to be sent to...

PT-2024-22902 · Ros2 · Ros2

Name of the Vulnerable Software and Affected Versions: ROS2 Robot Operating System 2 Humble Hawksbill versions 2 Description: An issue was discovered where the system transmits messages in plaintext, allowing attackers to access sensitive information via a man-in-the-middle attack. Recommendation...

PT-2024-1389 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 121.0.6167.85 Description: The issue is related to incorrect security UI in Payments, allowing a remote attacker to potentially spoof security UI via a crafted HTML page. This could enable the attacker to bypas...

PT-2024-10824 · Cloudlinux · Cloudlinux Cagefs

Name of the Vulnerable Software and Affected Versions: CloudLinux CageFS versions 7.0.8-2 and below Description: The issue allows local users to read and write arbitrary files of certain file formats outside the CageFS environment due to insufficient restrictions on file paths supplied to the...

PT-2023-9102 · Linux +5 · Linux Kernel +5

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.6.0-rc5 Description: The issue is related to a use-after-free vulnerability in the binder driver's shrinker callback. The mmap read lock is used during the shrinker's callback, which can lead to a race conditi...

PT-2023-30910 · Unknown · Statamic Cms

Name of the Vulnerable Software and Affected Versions: Statamic CMS versions prior to 3.4.15 and 4.36.0 Description: The issue allows HTML files crafted to look like images to be uploaded, bypassing mime validation. This is applicable on front-end forms using the "Forms" feature with an assets...

PT-2023-5915 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 118.0.5993.70 Description: The issue is related to a use after free vulnerability in the Cast component of Google Chrome, which can be exploited by a remote attacker using a specially crafted HTML page to...

PT-2023-8839 · Aiohttp +5 · Aiohttp +5

Name of the Vulnerable Software and Affected Versions: aiohttp versions prior to 3.8.6 Description: The HTTP parser in aiohttp has numerous problems with header parsing, which could lead to request smuggling. This issue is related to the handling of Content-Length values, improper handling of NUL...

PT-2023-5059 · Microsoft +1 · Visual Studio +2

Name of the Vulnerable Software and Affected Versions: Visual Studio affected versions not specified Description: The issue is related to insufficient input validation in Visual Studio, which can be exploited to execute arbitrary code. This can allow an attacker to run malicious code on the syste...

PT-2023-27519

Name of the Vulnerable Software and Affected Versions find-exec versions prior to 1.0.3 Description The issue is related to Command Injection, where attackers may run malicious shell commands in the context of the running process due to improper escaping of user input. This can be achieved via an...

PT-2023-11743 · Thinkcmf · Thinkcmf

Name of the Vulnerable Software and Affected Versions: ThinkCMF version 5.1.5 Description: The issue is a Cross Site Scripting XSS vulnerability in the UserController.php file, which allows attackers to execute arbitrary code via a crafted user login. This can lead to unauthorized access and...

PT-2023-27785 · Phpjabbers · Phpjabbers Availability Booking Calendar

Name of the Vulnerable Software and Affected Versions: PHP Jabbers Availability Booking Calendar version 5.0 Description: A vulnerability has been found in the software, classified as problematic. It affects an unknown functionality of the file /index.php. The manipulation of the session id...

PT-2023-3966 · Fortinet · Fortiextender

Name of the Vulnerable Software and Affected Versions: FortiExtender versions 3.2.1 through 3.2.3 FortiExtender versions 3.3.0 through 3.3.2 FortiExtender versions 4.0.0 through 4.0.2 FortiExtender versions 4.1.1 through 4.1.8 FortiExtender versions 4.2.0 through 4.2.4 FortiExtender versions 5.3...

PT-2023-4176 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.170 Description: The issue is related to a heap buffer overflow in the Visuals component of Google Chrome, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This...

PT-2025-26115 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A file pointer leak has been identified in the Linux kernel, specifically in the tools/power turbostat component. This issue occurs when a fscanf fails, leading to an early return that...

PT-2023-2733 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, whi...

PT-2023-03: Unauth Buffer Overflow in fbwifi_forward.cgi in Zyxel products

An issue was identified in Zyxel products affecting: USG FLEX ZLD V4.50V5.35; USG FLEX 50W/ USG20W-VPN ZLD V4.30V5.35; VPN ZLD V4.30V5.35. Discovered vulnerability of Buffer Overflow in fbwififorward.cgi can be exploited by an unauthenticated attacker to cause a denial of service DoS conditions b...

PT-2023-3585 · Git +10 · Git +10

Name of the Vulnerable Software and Affected Versions: Git versions prior to 2.30.9 Git versions prior to 2.31.8 Git versions prior to 2.32.7 Git versions prior to 2.33.8 Git versions prior to 2.34.8 Git versions prior to 2.35.8 Git versions prior to 2.36.6 Git versions prior to 2.37.7 Git versio...

PT-2023-17393 · Sourcecodester · Sourcecodester Online Computer/Laptop Store

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Computer and Laptop Store version 1.0 Description: A critical issue was found in the function delete order of the file /classes/master.php?f=delete order. The manipulation of the argument id leads to sql injection. It is...

PT-2023-20326 · Nextcloud +1 · Nextcloud Enterprise Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions 24.0.x through 24.0.9 Nextcloud Server versions 25.0.x through 25.0.4 Nextcloud Enterprise Server versions 21.x through 21.0.9.9 Nextcloud Enterprise Server versions 22.x through 22.2.0.9 Nextcloud Enterprise Server...

PT-2023-16193 · WordPress · Custom Content Shortcode

Name of the Vulnerable Software and Affected Versions: Custom Content Shortcode WordPress plugin versions 4.0.2 and earlier Description: The Custom Content Shortcode WordPress plugin does not validate one of its shortcode attributes, which could allow users with a contributor role and above to...

PT-2023-14507 · Avalanche · Avalanche

Name of the Vulnerable Software and Affected Versions: Avalanche versions 6.3.x and below Description: An improper authentication issue exists, allowing an unauthenticated attacker to modify properties on a specific port. Recommendations: For Avalanche versions 6.3.x and below, update to a versio...

PT-2023-20493 · Dot-Lens · Dot-Lens

Name of the Vulnerable Software and Affected Versions: dot-lens versions all Description: The issue concerns Prototype Pollution via the set function in the index.js file. This affects all versions of the dot-lens package. There is no information provided about the estimated number of potentially...

PT-2025-18809

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, related to the usb: gadget: u audio component. The issue occurs when userspace can block the driver unbind, causing a deadlock duri...

PT-2022-8303 · Unknown · Nsupdate.Info

Name of the Vulnerable Software and Affected Versions: nsupdate.info affected versions not specified Description: A problematic vulnerability has been found in nsupdate.info, affecting the component CSRF Cookie Handler in the file src/nsupdate/settings/base.py. The manipulation of the argument CS...

PT-2024-11847 · Linux +4 · Linux Kernel +4

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a crash when replugging CSR fake controllers in the Linux kernel's Bluetooth component. It seems that fake CSR 5.0 clones can cause the suspend notifier to be...

PT-2022-8681 · Optilink · Optilink Op-Xt71000N

Name of the Vulnerable Software and Affected Versions: OPTILINK OP-XT71000N Hardware Version: V2.2, Firmware Version: OP V3.3.1-191028 Description: A vulnerability allows an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack to enable or disable ports and to chan...

PT-2022-24498 · Apache · Apache Airflow +1

Name of the Vulnerable Software and Affected Versions: Apache Airflow Pinot Provider versions prior to 4.0.0 Apache Airflow versions prior to 2.3.0 Description: The issue is related to an Improper Neutralization of Special Elements used in an OS Command, also known as 'OS Command Injection'. This...

PT-2022-20039 · Technitium · Technitium Dns Server

Name of the Vulnerable Software and Affected Versions: Technitium DNS Server versions 8.0.2 and earlier Description: An issue was discovered that allows variant V2 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and...

PT-2022-11683 · Stimulsoft · Stimulsoft Reports

Name of the Vulnerable Software and Affected Versions: Stimulsoft aka Stimulsoft Reports version 2013.1.1600.0 Description: The issue allows an attacker to execute arbitrary C code on any machine that renders a report, including the application server or a user's local machine. This is demonstrat...

PT-2022-6045 · Linux +8 · Linux Kernel +8

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to 6.2 Description: A regression exists in the Linux Kernel within KVM: nVMX that allowed for speculative execution attacks. L2 can carry out Spectre v2 attacks on L1 due to L1 thinking it doesn't need retpolines o...