175403 matches found
PT-2022-5400 · Exiv2 +1 · Exiv2 +1
Name of the Vulnerable Software and Affected Versions: Exiv2 affected versions not specified Description: The issue is related to a buffer overflow in the QuickTimeVideo::decodeBlock function of the quicktimevideo.cpp file in the Exiv2 library, which can be exploited by a remote attacker to execu...
PT-2022-24122 · Aruba · Aruba Clearpass Policy Manager
Name of the Vulnerable Software and Affected Versions: Aruba ClearPass Policy Manager versions 6.10.x through 6.10.6 Aruba ClearPass Policy Manager versions 6.9.x through 6.9.11 Description: Vulnerabilities in the ClearPass Policy Manager web-based management interface allow remote authenticated...
PT-1997-1103 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The issue allows attackers to read CGI programs due to a problem with the ScriptAlias directory in NCSA and Apache httpd. Recommendations: At the moment, there is no information about ...
PT-2026-41089
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 148.0.7778.168 Description A heap buffer overflow in SwiftShader allows a remote attacker to perform an out-of-bounds memory read by using a crafted HTML page. A heap buffer overflow occurs when a program writes...
PT-2026-39415
Name of the Vulnerable Software and Affected Versions JeecgBoot version 3.9.1 Description A flaw in the 'mLogin' endpoint within the LoginController.java file of the jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/ component allows for remote authorization...
PT-2026-38316
Name of the Vulnerable Software and Affected Versions Angular SSR versions 19.0.0-next.0 through 19.2.24 Angular SSR versions 20.x through 20.3.24 Angular SSR versions 21.x through 21.2.8 Angular SSR versions 22.0.0-next.0 through 22.0.0-next.6 Description An issue exists in the processing logic ...
PT-2026-36785
A flaw has been found in CodeAstro Online Classroom 1.0. The affected element is an unknown function of the file /OnlineClassroom/facultylogin. Executing a manipulation of the argument fid can lead to sql injection. The attack can be executed remotely. The exploit has been published and may be us...
PT-2026-34609
Name of the Vulnerable Software and Affected Versions @nocobase/database versions prior to 2.0.39 Description An issue exists in the queryParentSQL function within the core database package where a recursive CTE query is constructed by joining nodeIds using string concatenation instead of...
PT-2026-27771
Name of the Vulnerable Software and Affected Versions Stackfield Desktop App affected versions not specified Description The Stackfield Desktop App is susceptible to Remote Code Execution RCE due to a path traversal and arbitrary file write condition. This allows an attacker to potentially execut...
PT-2026-25823
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. Prior to 9.6.0-alpha.15 and 8.6.41, an attacker who is allowed to upload files can bypass the file extension filter by appending a MIME parameter e.g. ;charset=utf-8 to the Content-Type header...
PT-2026-6612
Name of the Vulnerable Software and Affected Versions Tanium Deploy affected versions not specified Description Tanium Deploy suffers from an improper access controls issue. Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability...
PT-2026-2455
Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...
PT-2025-52212
Name of the Vulnerable Software and Affected Versions Bitrix24 versions prior to 25.100.301 Description Remote Code Execution is possible because an actor with SOURCE/WRITE permissions for the Translate Module can upload and execute code by sending a PHP file and a .htaccess file. The supplier...
PT-2025-50299
SAML hmmmm. SimpleSAML LightSAML OneLogin Libxml2 Canonicalization error can bypass Digest/Signature validation https://t.co/qAsVqMjoVJ SAML PHP Toolkit Vulnerability on xmlseclibs CVE-2025-66475 https://t.co/MTWxV2o0u7 https://t.co/6KxF25cZFr...
PT-2025-47536
Name of the Vulnerable Software and Affected Versions Campcodes Online Hospital Management System version 1.0 Description The Campcodes Online Hospital Management System version 1.0 is susceptible to SQL Injection. This issue affects the admin panel and specifically occurs through the username...
PT-2025-41822
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.5.0 Description WeGIA is a Web Manager for Institutions focused on Portuguese language users. A flaw exists that allows redirection to arbitrary external domains via the nextPage parameter in the ''control.php''...
PT-2025-41638
Name of the Vulnerable Software and Affected Versions CodeAstro Gym Management System version 1.0 Description A security issue exists in CodeAstro Gym Management System 1.0. The issue involves the manipulation of the ID argument in the file /admin/actions/delete-member.php, leading to a SQL...
PT-2025-33666 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.2.4 Description: NamelessMC is a website software for Minecraft servers. A cross-site scripting XSS issue exists in NamelessMC before version 2.2.4, allowing authenticated attackers to inject arbitrary web scrip...
PT-2025-33518 · WordPress · Ithemes Serverbuddy
Name of the Vulnerable Software and Affected Versions: iThemes ServerBuddy versions n/a through 1.0.5 Description: A Cross-Site Request Forgery CSRF vulnerability exists in iThemes ServerBuddy by PluginBuddy.Com, allowing Object Injection. Recommendations: At the moment, there is no information...
PT-2025-33487 · Autodesk · Autocad
Name of the Vulnerable Software and Affected Versions: Autodesk AutoCAD affected versions not specified Description: A maliciously crafted DGN file, when parsed through Autodesk AutoCAD, can trigger an uninitialized variable issue. A malicious actor can leverage this to cause a crash, read...
PT-2025-32635 · Nssm.Exe · Nssm.Exe
Name of the Vulnerable Software and Affected Versions: nssm.exe affected versions not specified Description: A local attacker with limited privileges can exploit improper permissions on nssm.exe to escalate privileges and gain administrative access. Recommendations: At the moment, there is no...
PT-2025-29698 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache Apache HTTP Server affected versions not specified Description: The reported issue concerns an authentication bypass. The reason for rejection is stated as 'Not used'. Recommendations: At the moment, there is no information about a new...
PT-2025-25517 · Unknown · Wukongopensource Wukongcrm
Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 9.0 Description: A vulnerability was found in the processing of the file AdminRoleController.java, leading to cross-site request forgery. The attack may be initiated remotely. Recommendations: For version 9....
PT-2025-25348 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue affects the Citizen MediaWiki skin, where system messages in menu headings using the Menu.mustache template are inserted as raw HTML. This allows users with the editinterface right to...
PT-2025-22871 · H3C · H3C Seccenter Smp-E1114P02
Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A vulnerability was found in the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely...
PT-2025-20383
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.5, 16.9, 15.13, 14.18, and 13.21 Description The vulnerability is related to a buffer over-read in PostgreSQL's GB18030 encoding validation. This issue allows a database input provider to achieve temporary denia...
PT-2025-11031 · Bitdefender · Bitdefender Box
Name of the Vulnerable Software and Affected Versions: Bitdefender Box 1 versions 1.3.52.928 and below Description: An improper access control issue exists that allows an unauthenticated attacker to downgrade the device's firmware to an older, potentially vulnerable version of a Bitdefender-signe...
PT-2025-6546 · WordPress · Team Members Showcase Plugin
Name of the Vulnerable Software and Affected Versions: The Team – Team Members Showcase Plugin plugin for WordPress versions up to, and including, 4.4.9 Description: The issue is related to unauthorized access due to a missing capability check on the response function. This allows authenticated...
PT-2025-3986 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Apache HTTPD affected versions not specified Description: The issue concerns a rejected reason related to the Apache HTTPD DNS. No further details are provided about the nature of the issue or its potential impact. There is no information...
PT-2024-10184 · D Link · Dir-816A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816A2 version 1.10CNB05 R1B011D88210 Description: The issue is related to an access control problem in the form2PortriggerRule.cgi component, allowing unauthenticated attackers to set the port trigger of the device via a crafted PO...
PT-2025-3793 · Iobit · Iobit Protected Folder
Name of the Vulnerable Software and Affected Versions: IObit Protected Folder versions up to 13.6.0.5 Description: A vulnerability was found in the function 0x8001E000/0x8001E00C/0x8001E004/0x8001E010 in the library IURegistryFilter.sys of the component IOCTL Handler. The manipulation leads to nu...
PT-2024-16347 · Kognetiks · Kognetiks Chatbot For Wordpress
Name of the Vulnerable Software and Affected Versions: Kognetiks Chatbot for WordPress plugin versions up to, and including, 2.1.7 Description: The Kognetiks Chatbot for WordPress plugin has a vulnerability that lets users change data without permission due to a missing capability check on the ad...
PT-2024-31041 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15 Description: The issue allows an app to bypass certain Privacy preferences due to inadequate state management. This has been addressed through improved state management. Recommendations: For versions prior to 15,...
PT-2024-29366
Name of the Vulnerable Software and Affected Versions openflights version 5234b5b Description The issue is related to a Cross-Site Scripting XSS vulnerability. It affects the php/alsearch.php file. No information is provided about the estimated number of potentially affected devices or real-world...
PT-2024-38700 · Unknown · Itsourcecode Project Expense Monitoring System
Name of the Vulnerable Software and Affected Versions: itsourcecode Project Expense Monitoring System version 1.0 Description: A critical issue affects some unknown functionality of the file print.php. The manipulation of the map id argument leads to SQL injection. This issue can be exploited...
PT-2024-40259 · Passbolt · Passbolt
Name of the Vulnerable Software and Affected Versions: Passbolt affected versions not specified Description: The issue concerns the /auth/verify.json endpoint, which returns a JSON containing the cookies sent in the request. This could allow an attacker who exploits an XSS vulnerability to retrie...
PT-2024-25830 · Hamid Alinia · Idehweb Login With Phone Number
Name of the Vulnerable Software and Affected Versions: Hamid Alinia – idehweb Login with phone number versions 1.7.18 and earlier Description: The issue is related to a Missing Authorization vulnerability in the Login with phone number feature. This vulnerability allows unauthorized access,...
PT-2024-23494 · Jnt Telecom · Jnt Liftcom Ums
Name of the Vulnerable Software and Affected Versions: JNT Telecom JNT Liftcom UMS V1.J Core Version JM-V15 Description: An issue in the software allows a remote attacker to execute arbitrary code via the Network Troubleshooting functionality. Recommendations: For JNT Telecom JNT Liftcom UMS V1.J...
PT-2024-22141
Name of the Vulnerable Software and Affected Versions RSSHub versions 1.0.0-master.cbbd829 through 1.0.0-master.d8ca915 Description RSSHub is an open source RSS feed generator. When a specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS...
PT-2023-17473 · Amd · Amd Epyc™ Embedded 7003 +77
Name of the Vulnerable Software and Affected Versions: Insufficient information is provided to determine the specific software and versions affected. Description: The issue involves improper initialization of variables in the DXE driver, which may allow a privileged user to leak sensitive...
PT-2023-26311 · Softing · Softing Edgeaggregator
Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this issue. The specif...
PT-2023-18874 · WordPress · Cf7 Google Sheets Connector
Name of the Vulnerable Software and Affected Versions: CF7 Google Sheets Connector WordPress plugin versions prior to 5.0.2 cf7-google-sheets-connector-pro WordPress plugin versions prior to 5.0.2 Description: The issue is related to a Reflected Cross-Site Scripting that could be used against hig...
PT-2023-18367 · Unknown · Campcodes Retro Basketball Shoes Online Store
Name of the Vulnerable Software and Affected Versions: Campcodes Retro Basketball Shoes Online Store version 1.0 Description: A critical vulnerability was found in the software, affecting the file contactus1.php. The manipulation of the email argument leads to SQL injection. The attack can be...
PT-2023-13500 · Libslic3R +1 · Libslic3R +1
Name of the Vulnerable Software and Affected Versions: libslic3r version 1.3.0 libslic3r Master Commit b1a5500 Description: A heap-based buffer overflow issue exists in the TriangleMesh clone functionality. This can be triggered by a specially-crafted STL file, leading to a heap buffer overflow. ...
PT-2023-17326 · Avira · Avira Endpoint Security
Name of the Vulnerable Software and Affected Versions: Avira Endpointprotection.exe versions prior to 1.0.2303.633 Description: A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap...
PT-2023-14581 · Apache · Apache Sling Engine
Name of the Vulnerable Software and Affected Versions: Apache Sling Engine versions prior to 2.14.0 Description: The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API, resulting in include-based cross-site scripting issues on the Apache Sling level. An attacker who can...
PT-2023-10767 · Undefined · Undefined
Name of the Vulnerable Software and Affected Versions: No information is available about the vulnerable software and its affected versions. Description: The provided information does not contain details about a specific vulnerability. It appears to be a rejection notice for a candidate number,...
PT-2023-20329 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Mod gnutls versions 0.9.0 through 0.12.0 Description: Mod gnutls is a TLS module for Apache HTTPD based on GnuTLS. It did not properly fail blocking read operations on TLS connections when the transport hit timeouts, entering an endless loop...
PT-2023-15661 · Mongodb · Mongodb .Net/C# Driver
Name of the Vulnerable Software and Affected Versions: MongoDB .NET/C Driver versions prior to and including v2.18.0 Description: Under very specific circumstances, a privileged user is able to cause arbitrary code to be executed, which may cause further disruption to services. This issue is...
PT-2022-16430 · WordPress · Popup Builder
Name of the Vulnerable Software and Affected Versions: WP Popup Builder versions prior to 1.2.9 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page...