175419 matches found
PT-2025-45406
Name of the Vulnerable Software and Affected Versions IDonate – Blood Donation, Request And Donor Management System plugin for WordPress versions 2.0.0 through 2.1.9 Description The IDonate plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. Attackers with...
PT-2025-45177
Name of the Vulnerable Software and Affected Versions AsIO3.sys affected versions not specified Description An improper restriction of operations within the bounds of a memory buffer exists in the AsIO3.sys driver. This can be triggered by manually executing a specially crafted process, potential...
PT-2025-41514
Name of the Vulnerable Software and Affected Versions libpadm.so versions prior to SMR Oct-2025 Release 1 Description An out-of-bounds write exists in the parsing header for JPEG decoding. This issue can lead to memory corruption for local attackers. The vulnerable component is libpadm.so...
PT-2025-41116
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where extra debug information is output if an inline backref cannot be found during a lookup operation. This was identified through reports from Syzbot...
PT-2025-41058
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.1.0-rc8+ Description The Linux kernel tracing subsystem contained a flaw in the tracing/hist component. Specifically, an out-of-bounds write could occur on the action data.var ref idx array when generating a...
PT-2025-40514
Name of the Vulnerable Software and Affected Versions Zabbix Agent versions 6.0.0 through 6.0.40 Zabbix Agent versions 7.0.0 through 7.0.17 Zabbix Agent versions 7.2.0 through 7.2.11 Zabbix Agent versions 7.4.0 through 7.4.1 Zabbix Agent 2 versions 6.0.0 through 7.4.1 Description The Zabbix Agent...
PT-2025-39148
Name of the Vulnerable Software and Affected Versions Portabilis i-Educar versions prior to 2.11 Description A flaw exists in Portabilis i-Educar that allows for remote code execution. The issue stems from a SQL injection vulnerability within the /module/ComponenteCurricular/view file. Manipulati...
PT-2025-39082
Name of the Vulnerable Software and Affected Versions Jinher OA version 2.0 Description A security flaw exists in Jinher OA 2.0 related to the XML Handler component. Manipulation of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl=add can lead to xml external entity...
PT-2025-37390
Name of the Vulnerable Software and Affected Versions: eCharge Hardy Barth Salia PLCC version 2.2.0 Description: A security flaw exists in eCharge Hardy Barth Salia PLCC 2.2.0 related to unrestricted upload. The issue affects processing of the file /api.php. Manipulation of the setrfidlist argume...
PT-2025-36462
CVE ID: CVE-2025-0005 Published: 2025-05-20T00:00:00.000Z Severity: HIGH 7.5/10 Description Information disclosure vulnerability in the API Gateway v7.2.0 allows unauthenticated remote attackers to access sensitive information via a crafted HTTP request. Root Cause Improper access control in API...
PT-2025-35458
Name of the Vulnerable Software and Affected Versions: itsourcecode Sports Management System version 1.0 Description: A flaw exists in itsourcecode Sports Management System version 1.0, specifically within an unknown function of the file /Admin/resultdetails.php. Manipulation of the ID argument c...
PT-2025-34070 · Undefined · Undefined
🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...
PT-2025-34177
Name of the Vulnerable Software and Affected Versions: Apple iOS, iPadOS, and macOS versions 15.6.1, 15.7, 15.8.5, 16.7.12, 17.7.10, and 18.6.2 are affected. Description: Apple has addressed a zero-day vulnerability CVE-2025-43300 in the ImageIO framework. This is an out-of-bounds write issue tha...
PT-2025-33709
Name of the Vulnerable Software and Affected Versions: Real Spaces - WordPress Properties Directory Theme versions prior to 3.7 Description: The Real Spaces - WordPress Properties Directory Theme for WordPress is susceptible to privilege escalation through the imic agent register function. This...
PT-2026-45417
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A segmentation violation occurs in the gf isom apple set tag ex function located in /isomedia/isom write.c. This issue allows attackers to cause a Denial of Service DoS, which is a...
PT-2025-33680 · Komari · Komari
Name of the Vulnerable Software and Affected Versions: Komari versions prior to 1.0.4-fix1 Description: Komari is a server monitoring tool. A Cross-Site WebSocket Hijacking CSWSH issue exists in the WebSocket upgrader due to disabled origin checking, potentially allowing remote code execution...
PT-2025-32488 · Unknown · Atjiu Pybbs
Name of the Vulnerable Software and Affected Versions: atjiu pybbs versions up to 6.0.0 Description: A vulnerability exists in atjiu pybbs versions up to 6.0.0 related to an open redirect. The issue is located in the changeLanguage function within the file...
PT-2025-32334
Name of the Vulnerable Software and Affected Versions jwe versions 1.1.0 and below Description The authentication tag of encrypted JWEs can be brute forced, potentially leading to a loss of confidentiality and the ability to craft arbitrary JWEs. This allows modification of JWEs to decrypt to an...
PT-2025-32201 · Unknown · Skyworkai Deepresearchagent
Name of the Vulnerable Software and Affected Versions: SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2 Description: A critical vulnerability exists in SkyworkAI DeepResearchAgent. The issue is an OS command injection within the from code, from dict, and from mcp functio...
PT-2025-32127 · Ese · Ese
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: An information disclosure issue exists due to the logging of eSE debug messages during log capture. Recommendations: At the moment, there is no information about a newer version that contains a fix...
PT-2025-31863 · Unknown · Unisite Cms
Name of the Vulnerable Software and Affected Versions: Unisite CMS version 5.0 Description: Unisite CMS version 5.0 contains a stored Cross-Site Scripting XSS vulnerability in the "Report" functionality. A malicious script submitted by an attacker is rendered in the admin panel when viewed by an...
PT-2025-32410
Name of the Vulnerable Software and Affected Versions 7-Zip versions prior to 25.01 Description An issue exists in 7-Zip where symbolic links are not always properly handled during the extraction of archives. This flaw allows a remote attacker to use a specially crafted archive to perform arbitra...
PT-2025-31724 · WordPress · Shortpixel Adaptive Images
Name of the Vulnerable Software and Affected Versions: ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress versions through 3.10.3 Description: The ShortPixel Adaptive Images – WebP, AVIF, CDN, Image Optimization plugin for WordPress is susceptible to Stored...
PT-2025-31099 · Malwarebytes · Malwarebytes Windows Firewall Control
Name of the Vulnerable Software and Affected Versions: Malwarebytes Binisoft Windows Firewall Control versions prior to 6.16.0.0 Description: The installer is susceptible to local privilege escalation. Recommendations: Update Malwarebytes Binisoft Windows Firewall Control to version 6.16.0.0 or...
PT-2025-31150 · Copyparty · Copyparty
Name of the Vulnerable Software and Affected Versions: copyparty versions up to and including 1.18.4 Description: copyparty is a portable file server susceptible to cross-site scripting XSS. An unauthenticated attacker can execute arbitrary JavaScript code in a victim’s browser due to improper...
PT-2025-30486
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 140.1 Description Setting a nameless cookie with an equals sign in the value shadowed other cookies. This occurre...
PT-2025-30228 · WordPress +1 · Wordpress +1
Name of the Vulnerable Software and Affected Versions: WordPress versions 3.5 through 6.8.2 Description: WordPress versions 3.5 through 6.8.2 are susceptible to a flaw that allows remote attackers to determine the titles of private and draft posts through pingback.ping XML-RPC requests...
PT-2026-45415
Name of the Vulnerable Software and Affected Versions GPAC Project/MP4Box versions prior to 26.02.0 Description A NULL pointer dereference exists in the gf odf ac4 cfg dsi v1 function within the /odf/descriptors.c file. This issue allows an attacker to cause a Denial of Service DoS, which is a...
PT-2025-28534 · Microsoft · Windows Bitlocker +1
Name of the Vulnerable Software and Affected Versions: Windows BitLocker affected versions not specified Description: A protection mechanism failure in Windows BitLocker allows an unauthorized attacker to bypass a security feature with a physical attack. Recommendations: At the moment, there is n...
PT-2025-27663 · Ns3000 +1 · Ns3000 +1
Name of the Vulnerable Software and Affected Versions: NS3000 versions 7.x through 8.1.1.125110 NS2000 version 7.02.08 Description: The issue is related to missing authentication checks in the "query.fcgi" endpoint, which allows attackers to execute a session hijacking attack. Recommendations: Fo...
PT-2025-26883 · Mikrotik · Mikrotik Routeros
Name of the Vulnerable Software and Affected Versions: Mikrotik RouterOS affected versions not specified Description: This issue allows remote attackers to bypass access restrictions on affected installations of Mikrotik RouterOS. Authentication is not required to exploit this issue. The specific...
PT-2025-26880 · Unknown +1 · Berkeley-Abc +1
Name of the Vulnerable Software and Affected Versions: berkeley-abc version 1.1 Description: The issue is related to a Null Pointer Dereference NPD vulnerability in the Abc NtkCecFraigPart function of the data processing module. This leads to unpredictable program behavior, causing segmentation...
PT-2025-26129 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak bug has been identified in the Linux kernel, specifically in the omapdss init fbdev function. The issue arises when of find node by name returns a node pointer with an...
PT-2025-26159 · WordPress · Ultimate Addons For Contact Form 7
Name of the Vulnerable Software and Affected Versions: Ultra Addons for Contact Form 7 versions up to and including 3.5.12 Description: The Ultra Addons for Contact Form 7 plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the save...
PT-2025-24413 · Rt-Thread · Rt-Thread
Name of the Vulnerable Software and Affected Versions: RT-Thread version 5.1.0 Description: A critical issue has been found in the function sys thread sigprocmask of the file rt-thread/components/lwp/lwp syscall.c. The manipulation of the argument how leads to improper validation of array index...
PT-2025-29118
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.26 through 2.4.63 Description: In specific proxy setups, an untrusted client can trigger a denial of service against Apache HTTP Server. This occurs due to an assertion within the mod proxy http2 module when...
PT-2025-21464 · WordPress · Podlove Podcast Publisher
Name of the Vulnerable Software and Affected Versions: Podlove Podcast Publisher WordPress plugin versions prior to 4.2.1 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks. This can occur even when the unfiltered html capability is...
PT-2025-21210
Name of the Vulnerable Software and Affected Versions Palo Alto Networks PAN-OS GlobalProtect versions affected versions not specified Description A reflected cross-site scripting XSS flaw exists in the GlobalProtect gateway and portal features of Palo Alto Networks PAN-OS software. This allows t...
PT-2025-15: Kiosk restriction bypass in RED OS
The vulnerability was identified in RedOS, versions 7.3.5-20241106.3. The discovered vulnerability in the RedOS kiosk utility due to incorrect restrictions. Exploitation of the vulnerability may allow an attacker to execute arbitrary commands on the system outside the imposed restrictions...
PT-2025-14: Local privilege escalation in RED OS
The vulnerability was identified in RedOS, versions MUROM 7.3.5. The discovered vulnerability of the application for publishing directories in the sharedirectory domain is related to the lack of verification of the user privilege accessing the D-Bus service. Exploitation of the vulnerability may...
PT-2025-20618 · Code Projects · Simple Banking System
Name of the Vulnerable Software and Affected Versions: code-projects Simple Banking System version 1.0 Description: A critical issue affects some unknown processing of the component "Sign In". The manipulation of the argument password2 leads to buffer overflow. Attacking locally is a requirement...
PT-2025-18530 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns error handling in the ena init function. Specifically, when pci register driver fails, ena init does not destroy the workqueue created by create singlethread...
PT-2025-28 · Ооо '1С Битрикс' · Модуль Iblock
Уязвимость модуля iblock системы управления содержимым сайтов CMS 1С-Битрикс: Управление сайтом связана с неверным управлением генерацией кода. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путём его внедрения в произвольный PHP-сценарий,...
PT-2025-16985 · Unknown · Ajayver Rss Manager
Name of the Vulnerable Software and Affected Versions: ajayver RSS Manager versions 0.06 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions 0.06 and earlier, update to a version that fixes this issue, as no...
PT-2025-15467 · Elastic · Elasticsearch
Name of the Vulnerable Software and Affected Versions: Elasticsearch affected versions not specified Description: A flaw was discovered in Elasticsearch, where a large recursion using the innerForbidCircularReferences function of the PatternBank class could cause the Elasticsearch node to crash. ...
PT-2025-15134 · Unknown · Openharmony
Name of the Vulnerable Software and Affected Versions: OpenHarmony versions prior to 5.0.2 Description: The issue allows a local attacker to cause a denial of service DOS through an out-of-bounds write. Recommendations: For versions prior to 5.0.2, update to a version that contains a fix for this...
PT-2025-13783
Name of the Vulnerable Software and Affected Versions JumpServer versions prior to 4.8.0 JumpServer versions prior to 3.10.18 Description The issue allows an attacker with a low-privileged account to access the Kubernetes session feature and manipulate the kubeconfig file. This manipulation enabl...
PT-2025-12828
Name of the Vulnerable Software and Affected Versions NASA cFS Core Flight System Aquila affected versions not specified Description The issue concerns a segmentation fault that can occur in the Memory Management Module of NASA cFS Core Flight System Aquila when a malicious telecommand is sent...
PT-2025-11689 · Dell · Dell Secure Connect Gateway
Name of the Vulnerable Software and Affected Versions: Dell Secure Connect Gateway SCG 5.0 Appliance - SRS version 5.26 Description: The issue allows a high privileged attacker with remote access to potentially exploit it, leading to exposure of sensitive system information. Recommendations: For...
PT-2025-7684 · Unknown · Phpgurukul Online Nurse Hiring System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Nurse Hiring System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Online Nurse Hiring System. This issue affects unknown code of the file /admin/manage-nurse.php. The manipulation of the...