184481 matches found
PT-2026-1580
Name of the Vulnerable Software and Affected Versions Key Figures plugin for WordPress versions prior to 1.2 Description The Key Figures plugin for WordPress is susceptible to Stored Cross-Site Scripting through the kf field figure default color render function. Insufficient input sanitization an...
PT-2026-8168
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.18.0 156 Description The Linux kernel contained a flaw in the net/mlx5e module related to Traffic Control TC steering flows. Specifically, the issue occurred during the deletion of TC steering flows, where the...
PT-2025-53946
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-00396-g81ef9e7-dirty Description The Linux kernel contains a stack-out-of-bounds write issue in the strncpy function within the zynqmp clock driver. This occurs when the clock name exceeds 15 bytes, leading...
PT-2025-53111
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to improper handling of device nodes in the tegra-video driver. Specifically, a use-after-free condition can occur during device removal. The iss...
PT-2025-49632
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.0.0-rc7 Description The Linux kernel contains a flaw in the 'uio dmem genirq' component related to interrupt handling. A missing unlock within the interrupt configuration process can lead to a...
PT-2025-49123
A vulnerability has been identified in Genexis Platinum P4410 router Firmware P4410-V2–1.41 that allows a local network attacker to achieve Remote Code Execution RCE with root privileges. The issue occurs due to improper session invalidation after administrator logout. When an administrator logs...
PT-2025-42259
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a use-after-free issue identified through syzbot reporting. The issue occurs after commit e6d5dbdd20aa, which added multi-buff support for XDP running in gener...
PT-2025-41116
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where extra debug information is output if an inline backref cannot be found during a lookup operation. This was identified through reports from Syzbot...
PT-2025-41062
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to the BTRFS file system. Specifically, the issue involves the handling of reloc trees, which are used for managing shared tree blocks between...
PT-2025-37814
Name of the Vulnerable Software and Affected Versions: macOS versions prior to Tahoe 26 Description: An application may be able to access sensitive user data due to insufficient checks preventing unauthorized actions. Recommendations: Update to macOS Tahoe 26...
PT-2025-36150
Name of the Vulnerable Software and Affected Versions: WP CodeUs Ultimate Client Dash versions through 4.6 Description: The software contains an Improper Neutralization of Input During Web Page Generation issue, which allows for Stored Cross-site Scripting XSS. Recommendations: Update WP CodeUs...
PT-2025-33666 · Unknown · Namelessmc
Name of the Vulnerable Software and Affected Versions: NamelessMC versions prior to 2.2.4 Description: NamelessMC is a website software for Minecraft servers. A cross-site scripting XSS issue exists in NamelessMC before version 2.2.4, allowing authenticated attackers to inject arbitrary web scrip...
PT-2025-33522 · WordPress · School Management System For Wordpress
Name of the Vulnerable Software and Affected Versions: School Management System for WordPress plugin versions prior to 93.2.0 Description: The School Management System for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file. This...
PT-2025-33497
Name of the Vulnerable Software and Affected Versions: Wulkano KAP version 3.6.0 Description: Improper Control of Generation of Code 'Code Injection' in Wulkano KAP on MacOS allows TCC Bypass. Recommendations: At the moment, there is no information about a newer version that contains a fix for th...
PT-2025-25938 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved. The issue is related to the initialization of jump labels on 64-bit systems. Specifically, calling jump label init in setup featu...
PT-2025-25966
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A buffer overflow issue has been identified in the Linux kernel, specifically in the sja1105 setup devlink regions function. This occurs when an error happens in dsa devlink region creat...
PT-2025-25348 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: Citizen versions prior to 3.3.1 Description: The issue affects the Citizen MediaWiki skin, where system messages in menu headings using the Menu.mustache template are inserted as raw HTML. This allows users with the editinterface right to...
PT-2025-22871 · H3C · H3C Seccenter Smp-E1114P02
Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A vulnerability was found in the function Download of the file /cfgFile/1/download. The manipulation of the argument Name leads to path traversal. The attack may be initiated remotely...
PT-2025-20383
Name of the Vulnerable Software and Affected Versions PostgreSQL versions prior to 17.5, 16.9, 15.13, 14.18, and 13.21 Description The vulnerability is related to a buffer over-read in PostgreSQL's GB18030 encoding validation. This issue allows a database input provider to achieve temporary denia...
PT-2025-20154 · Wedevs · Webmail
Name of the Vulnerable Software and Affected Versions: weDevs weMail versions 1.14.13 and earlier Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For weDevs weMail version...
PT-2025-18895 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns a server shutdown leak in the SUNRPC component of the Linux kernel. It involves a race condition where kthread stop may prevent threadfn from being called, resulting...
PT-2025-18905 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A vulnerability in the Linux kernel has been resolved, where the ila xlat nl cmd get mapping function generates an empty message, triggering a sanity check. This issue is resolved ...
PT-2025-15134 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.2 Description: The issue allows a local attacker to cause a denial of service DOS through an out-of-bounds write. Recommendations: For versions prior to 5.0.2, update to a version that contains a fix for this...
PT-2025-12385 · Microsoft · Dataverse
Name of the Vulnerable Software and Affected Versions: Microsoft Dataverse affected versions not specified Description: Deserialization of untrusted data in Microsoft Dataverse allows an authorized attacker to execute code over a network. Recommendations: At the moment, there is no information...
PT-2025-11143 · Pagelayer · Pagelayer
Name of the Vulnerable Software and Affected Versions: The Page Builder: Pagelayer versions up to, and including, 1.9.8 Description: The issue is related to insufficient validation on the pagelayer save content function, allowing authenticated attackers with Contributor-level access and above to...
PT-2025-12: Deserialization of Untrusted Data in HTML2PDF
The vulnerability was identified in HTML2PD, version 5.3.0. The discovered vulnerability allows an attacker to create objects of arbitrary classes, fully controlling their properties, thus modify the logic of the web application. Vulnerability status: Confirmed by vendor Date of vulnerability...
PT-2025-17285
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the iio component. The issue involves an out-of-bounds access in the veml6075 read int time ms function, where the...
PT-2026-3230
Name of the Vulnerable Software and Affected Versions versions prior to TLS 1.3 Description A flaw exists in the TLS 1.3 handshake process where messages spanning encryption level boundaries can be processed prematurely. This can lead to minor information disclosure if a network-local attacker...
PT-2024-10184 · D Link · Dir-816A2
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816A2 version 1.10CNB05 R1B011D88210 Description: The issue is related to an access control problem in the form2PortriggerRule.cgi component, allowing unauthenticated attackers to set the port trigger of the device via a crafted PO...
PT-2025-13206 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved by adding shadow buffering for deferred I/O in the drm/fbdev-dma module. This change addresses driver errors related to kernel NUL...
PT-2024-36017 · Undefined · Undefined
MS-ISAC CYBERSECURITY ADVISORYMS-ISAC CYBERSECURITY ADVISORY MS-ISAC ADVISORY NUMBER: 2024-134 DATES ISSUED: 12/10/2024 SUBJECT: Multiple Vulnerabilities in Adobe Products Could Allow for Arbitrary Code Execution OVERVIEW: Multiple vulnerabilities have been discovered in Adobe products, the most...
PT-2024-31041 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15 Description: The issue allows an app to bypass certain Privacy preferences due to inadequate state management. This has been addressed through improved state management. Recommendations: For versions prior to 15,...
PT-2024-39038 · Unknown · Job Portal
Name of the Vulnerable Software and Affected Versions: Job Portal versions affected versions not specified Description: A Cross-Site Scripting XSS issue exists due to insufficient encryption of user-controlled input. This could allow an attacker to retrieve the session details of an authenticated...
PT-2024-29366
Name of the Vulnerable Software and Affected Versions openflights version 5234b5b Description The issue is related to a Cross-Site Scripting XSS vulnerability. It affects the php/alsearch.php file. No information is provided about the estimated number of potentially affected devices or real-world...
PT-2024-27929 · Alcasar · Alcasar
Name of the Vulnerable Software and Affected Versions: ALCASAR versions prior to 3.6.1 Description: The issue allows for CSRF and remote code execution in the activity.php file. Recommendations: For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue...
PT-2024-6083
Name of the Vulnerable Software and Affected Versions OpenSSL versions prior to the next release exact version not specified CPython version 3.9 and earlier Description The issue is related to the OpenSSL API function SSL select next proto which can cause a crash or memory contents to be sent to...
PT-2024-23015 · Bizprint · Bizprint
Name of the Vulnerable Software and Affected Versions: BizPrint versions through 4.5.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS in BizPrint. Recommendations: For versions through 4.5.5, update to a version that...
PT-2024-19962 · National Instruments · Labview
Name of the Vulnerable Software and Affected Versions: LabVIEW versions prior to 2024 Q1 Description: An out of bounds write due to a missing bounds check in LabVIEW may result in remote code execution. Successful exploitation requires an attacker to provide a user with a specially crafted VI...
PT-2024-21269 · Google · Android
Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to a missing bounds check in the tmu reset tmu trip counter function, which could lead to a possible out of bounds write. This could result in local escalation of privilege...
PT-2024-22141
Name of the Vulnerable Software and Affected Versions RSSHub versions 1.0.0-master.cbbd829 through 1.0.0-master.d8ca915 Description RSSHub is an open source RSS feed generator. When a specially crafted image is supplied to the internal media proxy, it proxies the image without handling XSS...
PT-2024-1613 · Zhicms · Zhicms
Name of the Vulnerable Software and Affected Versions: ZhiCms versions up to 4.0 Description: A critical vulnerability has been found in ZhiCms, affecting an unknown part of the file app/plug/controller/giftcontroller.php. The manipulation of the mylike argument leads to deserialization. It is...
PT-2023-18475 · Qualcomm · Qualcomm Chipsets
Name of the Vulnerable Software and Affected Versions: Qualcomm Chipsets affected versions not specified Description: The issue is related to memory corruption in the camera while installing a file descriptor for a particular DMA buffer. This can potentially lead to code execution. Recommendation...
PT-2023-15305 · Unknown · Wpdevart Booking Calendar
Name of the Vulnerable Software and Affected Versions: WpDevArt Booking calendar, Appointment Booking System versions 3.2.7 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQ...
PT-2023-27993 · WordPress · Woocommerce Pdf Invoice Builder
Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoice Builder plugin for WordPress versions up to, and including, 1.2.90 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This...
PT-2023-25407 · Logitech · Logitec Lan-Wh300An/Dgp +3
Name of the Vulnerable Software and Affected Versions: LOGITEC LAN-W300N/DR all versions LOGITEC LAN-WH300N/DR all versions LOGITEC LAN-W300N/P all versions LOGITEC LAN-WH450N/GP all versions LOGITEC LAN-WH300AN/DGP all versions LOGITEC LAN-WH300N/DGP all versions LOGITEC LAN-WH300ANDGPE all...
PT-2023-26311 · Softing · Softing Edgeaggregator
Name of the Vulnerable Software and Affected Versions: Softing edgeAggregator affected versions not specified Description: This issue allows remote attackers to execute arbitrary code on affected installations of Softing edgeAggregator. Authentication is required to exploit this issue. The specif...
PT-2025-8523 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A data-race issue exists around the sysctl igmp llm reports variable in the Linux kernel. This occurs because the variable can be changed concurrently while being read, potentially...
PT-2023-17326 · Avira · Avira Endpoint Security
Name of the Vulnerable Software and Affected Versions: Avira Endpointprotection.exe versions prior to 1.0.2303.633 Description: A vulnerability within the Avira network protection feature allowed an attacker with local execution rights to cause an overflow. This could corrupt the data on the heap...
PT-2023-14581 · Apache · Apache Sling Engine
Name of the Vulnerable Software and Affected Versions: Apache Sling Engine versions prior to 2.14.0 Description: The SlingRequestDispatcher doesn't correctly implement the RequestDispatcher API, resulting in include-based cross-site scripting issues on the Apache Sling level. An attacker who can...
PT-2023-3345 · Linux +6 · Linux Kernel +6
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.3.2 Description: A use-after-free issue was found in the renesas usb3 remove function in the drivers/usb/gadget/udc/renesas usb3.c module of the Linux kernel's USB device driver. This issue is related to a rac...