184419 matches found
PT-2026-23554
Name of the Vulnerable Software and Affected Versions OpenClaw versions prior to 2026.2.15 Description The software uses SHA-1 to hash sandbox identifier cache keys for Docker and browser sandbox configurations. SHA-1 is a deprecated cryptographic hash function with known collision weaknesses. A...
PT-2026-3696
Name of the Vulnerable Software and Affected Versions Oracle JD Edwards versions 9.2.0.0 through 9.2.26.0 Description A flaw exists within the Web Runtime SEC component of Oracle JD Edwards EnterpriseOne Tools that allows an unauthenticated attacker with network access via HTTP to compromise the...
PT-2026-3747
Name of the Vulnerable Software and Affected Versions Drupal Microsoft Entra ID SSO Login versions prior to 1.0.4 Description The Microsoft Entra ID SSO Login module for Drupal does not properly validate responses received from the Microsoft Entra ID service. This insufficient validation can lead...
PT-2026-2387
Name of the Vulnerable Software and Affected Versions Bitrix24 affected versions not specified Description A logged-in attacker can execute arbitrary system commands through the PHP command line admin interface, leading to remote code execution. The attacker leverages this by sending crafted POST...
PT-2026-1876
Name of the Vulnerable Software and Affected Versions TIM BPM Suite/ TIM FLOW versions through 9.1.2 Description The software contains multiple Hibernate Query Language injection flaws. A user with limited privileges can exploit these to obtain passwords of other users and access sensitive data...
PT-2026-2178
Name of the Vulnerable Software and Affected Versions Open eClass versions prior to 4.2 Description The Open eClass platform, previously known as GUnet eClass, is a course management system. Prior to version 4.2, a flaw exists in the theme import functionality that allows an attacker with...
PT-2025-43724
Name of the Vulnerable Software and Affected Versions Fast Velocity Minify versions prior to 3.5.1 Description The Fast Velocity Minify plugin for WordPress is susceptible to Stored Cross-Site Scripting through admin settings. Insufficient input sanitization and output escaping allow authenticate...
PT-2025-41822
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.0 Description WeGIA is a Web Manager for Institutions focused on Portuguese language users. A flaw exists that allows redirection to arbitrary external domains via the nextPage parameter in the ''control.php''...
PT-2025-41638
Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security issue exists in CodeAstro Gym Management System 1.0. The issue involves the manipulation of the ID argument in the file /admin/actions/delete-member.php, leading to a SQL...
PT-2025-40844
Name of the Vulnerable Software and Affected Versions Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 version 1.0 Description A security issue exists in the Tipray Data Leakage Prevention System. The findRolePage function within the findSingConfigPage.do file is susceptible to SQL...
PT-2025-40690
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.4.0-rc7-syzkaller-00014-g692b7dc87ca6 Description The usbnet driver in the Linux kernel has an issue where it trusts the bulk endpoint addresses received during the probe routine without verifying their...
PT-2025-39731
Name of the Vulnerable Software and Affected Versions westboy CicadasCMS version 1.0 Description A cross site scripting issue exists in an unknown functionality of the file /system/cms/category/save. The manipulation of the categoryName argument can lead to the execution of remote scripts. The...
PT-2025-38126
Name of the Vulnerable Software and Affected Versions N-Reporter affected versions not specified N-Cloud affected versions not specified N-Probe affected versions not specified Description The N-Reporter, N-Cloud, and N-Probe developed by N-Partner are susceptible to an OS Command Injection issue...
PT-2025-38180
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's i2c designware driver related to the handling of device interrupts. A regression was introduced by commit c7b79a752871, causing system crashes NULL...
PT-2025-37267
Name of the Vulnerable Software and Affected Versions: erjinzhi 10OA version 1.0 Description: A vulnerability exists in erjinzhi 10OA version 1.0. The issue involves cross site scripting caused by manipulation of the Name argument in an unknown function of the /trial/mvc/catalogue file. This...
PT-2025-34761
Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-47.48, 13.1-59.22, and 13.1-37.241-FIPS, and 12.1-55.330-FIPS Description Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows for remo...
PT-2025-33487 · Autodesk · Autocad
Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can trigger an uninitialized variable issue. A malicious actor can leverage this to cause a crash, read...
PT-2025-29698 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache Apache HTTP Server affected versions not specified Description: The reported issue concerns an authentication bypass. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a new...
PT-2025-29208 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The reported issue has been rejected as not used. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2025-28895 · Ibm · Ibm Openpages With Watson
Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 and 9.0 Description: An authenticated user may be able to obtain sensitive information that should only be accessible to privileged users. Recommendations: Apply appropriate access controls to restrict...
PT-2025-25517 · Unknown · Wukongopensource Wukongcrm
Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 9.0 Description: A vulnerability was found in the processing of the file AdminRoleController.java, leading to cross-site request forgery. The attack may be initiated remotely. Recommendations: For version 9....
PT-2025-24464 · Unknown · Snstheme Nitan
Name of the Vulnerable Software and Affected Versions: snstheme Nitan versions n/a through 2.9 Description: The issue is related to an Improper Control of Filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File Inclusion. This...
PT-2025-18559 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free issue has been identified in the Linux kernel, specifically in the ASoC core. The issue arises when snd soc util init fails, but its return value is ignored, leading t...
PT-2025-18655 · Totolink · Totolink Cpe Cp900
Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was found in the setApRebootScheCfg function through the hour or minute parameters. This allows attackers to execute arbitrary commands via a manipulated...
PT-2025-6546 · WordPress · Team Members Showcase Plugin
Name of the Vulnerable Software and Affected Versions: The Team – Team Members Showcase Plugin plugin for WordPress versions up to, and including, 4.4.9 Description: The issue is related to unauthorized access due to a missing capability check on the response function. This allows authenticated...
PT-2025-3350 · Technitium · Technitium Dns Server
Name of the Vulnerable Software and Affected Versions: Technitium DNS Server versions = 13.2.2 Description: The issue allows remote attackers to permanently stop the server from accepting new DNS-over-QUIC connections by triggering unhandled exceptions in listener threads. This can lead to a deni...
PT-2025-3123 · Codeastro · Codeastro Complaint Management System
Name of the Vulnerable Software and Affected Versions: CodeAstro Complaint Management System version 1.0 Description: The issue allows a remote attacker to escalate privileges via the delete e.php component. Recommendations: For CodeAstro Complaint Management System version 1.0, consider disablin...
PT-2025-3793 · Iobit · Iobit Protected Folder
Name of the Vulnerable Software and Affected Versions: IObit Protected Folder versions up to 13.6.0.5 Description: A vulnerability was found in the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to nu...
PT-2024-41036 · Stalker · Communigate Pro
Name of the Vulnerable Software and Affected Versions: CommuniGate Pro affected versions not specified Description: The issue is related to a buffer overflow on the stack in the CommuniGate Pro mail server. Exploitation of this issue may allow a remote attacker to execute arbitrary code...
PT-2024-16347 · Kognetiks · Kognetiks Chatbot For Wordpress
Name of the Vulnerable Software and Affected Versions: Kognetiks Chatbot for WordPress plugin versions up to, and including, 2.1.7 Description: The Kognetiks Chatbot for WordPress plugin has a vulnerability that lets users change data without permission due to a missing capability check on the ad...
PT-2024-43: Remote code execution (RCE) in MediaCMS
The vulnerability was identified in MediaCMS, versions 4.1.0. Discovered vulnerability allows an attacker to execute OS commands on a vulnerable host, gain control over resources, and penetrate the internal network. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...
PT-2024-7334 · Google · Google Cloud Migrate To Containers
Name of the Vulnerable Software and Affected Versions: Google Cloud Migrate to Containers versions 1.1.0 through 1.2.2 Description: The issue is related to an insecure default user permission in Google Cloud Migrate to containers. A local user m2cuser is created with administrator privileges,...
PT-2024-32821 · Jenkins · Credentials Plugin +2
Name of the Vulnerable Software and Affected Versions: Jenkins Credentials Plugin versions 1380.va 435002fa 924 and earlier, except version 1371.1373.v4eb fa b 7161e9 Description: The issue concerns the Jenkins Credentials Plugin, which does not redact encrypted values of credentials using the...
PT-2024-31673 · Zimbra · Zimbra Collaboration +2
Name of the Vulnerable Software and Affected Versions: Zimbra Collaboration ZCS versions prior to 10.1.1 Description: A Cross-Site Scripting XSS issue exists due to insufficient sanitization of the packages parameter in one of the endpoints of Zimbra Webmail. This allows attackers to bypass...
PT-2024-38700 · Unknown · Itsourcecode Project Expense Monitoring System
Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue affects some unknown functionality of the file print.php. The manipulation of the map id argument leads to SQL injection. This issue can be exploited...
PT-2024-21813 · Zohocorp · Manageengine Ddi Central
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine DDI Central versions 4001 and prior Description: The issue allows a user to upload new files to the server folder due to a directory traversal vulnerability. Recommendations: For versions 4001 and prior, consider...
PT-2024-25830 · Hamid Alinia · Idehweb Login With Phone Number
Name of the Vulnerable Software and Affected Versions: Hamid Alinia – idehweb Login with phone number versions 1.7.18 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Login with phone number feature. This vulnerability allows unauthorized access,...
PT-2024-13409 · Itop +1 · Itop +1
Name of the Vulnerable Software and Affected Versions: iTop versions prior to 3.1.1 iTop versions prior to 3.2.0 Description: The issue allows an XSS attack to be performed when an object is displayed as an n:n relation item in another object, by filling malicious code in an object friendlyname o...
PT-2024-13804 · Wwbn · Avideo
Name of the Vulnerable Software and Affected Versions: WWBN AVideo dev master commit 15fed957fb Description: A login attempt restriction bypass issue exists in the checkLoginAttempts functionality. This can be triggered by a specially crafted HTTP request, leading to captcha bypass. An attacker c...
PT-2023-31088 · Captainform · Forms By Captainform
Name of the Vulnerable Software and Affected Versions: Forms by CaptainForm – Form Builder for WordPress versions through 2.5.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enable...
PT-2023-17473 · Amd · Amd Epyc™ Embedded 7003 +77
Name of the Vulnerable Software and Affected Versions: Insufficient information is provided to determine the specific software and versions affected. Description: The issue involves improper initialization of variables in the DXE driver, which may allow a privileged user to leak sensitive...
PT-2023-26883 · Quic +6 · Quic +6
Name of the Vulnerable Software and Affected Versions: QUIC affected versions not specified Description: The issue allows a malicious QUIC connection to cause unbounded memory growth due to the lack of an upper bound on the amount of data buffered when reading post-handshake messages. With the fi...
PT-2023-29736 · Zkteco · Zkteco Zem800
Name of the Vulnerable Software and Affected Versions: ZKTeco ZEM800 version 6.60 Description: An IDOR vulnerability has been found in the ZKTeco ZEM800 product. This vulnerability allows a local attacker to obtain registered user backup files or device configuration files over a local network or...
PT-2023-23081 · Foundry · The Foundry Magritte Plugin Rest-Source
Name of the Vulnerable Software and Affected Versions: The Foundry Magritte plugin rest-source affected versions not specified Description: The issue is related to an XML external Entity attack XXE in the rest-source plugin. This type of attack allows an attacker to access local or remote content...
PT-2023-4318 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability in the Linux kernel's netfilter: nf tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule,...
PT-2023-16821 · WordPress · Http Headers
Name of the Vulnerable Software and Affected Versions: HTTP Headers WordPress plugin versions prior to 1.18.11 Description: The issue allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution. Recommendations: For versions prior to 1.18.11, update to version 1.18....
PT-2023-20010 · Gfi · Gfi Kerioconnect
Name of the Vulnerable Software and Affected Versions: GFI Kerio Connect versions 9.4.1 patch 1 through 9.4.1 patch 1 Description: An issue was discovered in the webmail component's 2FASetup function, which is vulnerable to a stack-based Buffer Overflow. This occurs via an authenticated request...
PT-2023-10767 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about a specific vulnerability. It appears to be a rejection notice for a candidate number,...
PT-2023-15661 · Mongodb · Mongodb .Net/C# Driver
Name of the Vulnerable Software and Affected Versions: MongoDB .NET/C Driver versions prior to and including v2.18.0 Description: Under very specific circumstances, a privileged user is able to cause arbitrary code to be executed, which may cause further disruption to services. This issue is...
PT-2022-24122 · Aruba · Aruba Clearpass Policy Manager
Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.x through 6.10.6 Aruba ClearPass Policy Manager versions 6.9.x through 6.9.11 Description: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated...