PT-2025-12828

Name of the Vulnerable Software and Affected Versions NASA cFS Core Flight System Aquila affected versions not specified Description The issue concerns a segmentation fault that can occur in the Memory Management Module of NASA cFS Core Flight System Aquila when a malicious telecommand is sent...

PT-2025-11689 · Dell · Dell Secure Connect Gateway

Name of the Vulnerable Software and Affected Versions: Dell Secure Connect Gateway SCG 5.0 Appliance - SRS version 5.26 Description: The issue allows a high privileged attacker with remote access to potentially exploit it, leading to exposure of sensitive system information. Recommendations: For...

PT-2025-7684 · Unknown · Phpgurukul Online Nurse Hiring System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Nurse Hiring System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Online Nurse Hiring System. This issue affects unknown code of the file /admin/manage-nurse.php. The manipulation of the...

PT-2025-17285

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the iio component. The issue involves an out-of-bounds access in the veml6075 read int time ms function, where the...

PT-2025-6666 · Intel · Fpga Support Package For The Intel Oneapi Dpc++/C++ Compiler

Name of the Vulnerable Software and Affected Versions: FPGA Support Package for the IntelR oneAPI DPC++/C++ Compiler software for Windows versions prior to 2024.2 Description: The issue is related to an uncontrolled search path in the FPGA Support Package for the IntelR oneAPI DPC++/C++ Compiler...

PT-2025-6215 · Coinbase · Coinbase Wallet Sdk

Name of the Vulnerable Software and Affected Versions: Coinbase Wallet SDK versions prior to 4.3.0 Description: There is a security issue in outdated versions of the software. This issue does not directly affect users' keys, smart contracts, or funds. Recommendations: Update to version 4.3.0 or...

PT-2025-5470 · Unknown · Xml For Avito

Name of the Vulnerable Software and Affected Versions: XML for Avito versions prior to 2.5.2 Description: The issue is related to improper neutralization of input during web page generation, which allows for Cross-site Scripting XSS attacks, specifically Reflected XSS. This means that an attacker...

PT-2025-2936

Name of the Vulnerable Software and Affected Versions HL7 FHIR IG publisher versions prior to 1.7.4 Description The HL7 FHIR IG publisher is vulnerable to XML external entity injections due to XSLT transforms performed by various components. This issue can be exploited by submitting a malicious X...

PT-2025-6474 · Microsoft +4 · Edge +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 133.0.6943.98 Microsoft Edge affected versions not specified Description: The issue is related to a use after free vulnerability in the Navigation function of Google Chrome and Microsoft Edge browsers. This...

PT-2025-2842 · Arprice · Arprice

Name of the Vulnerable Software and Affected Versions: ARPrice versions n/a through 4.0.3 Description: The issue is related to the deserialization of untrusted data, which allows object injection in NotFound ARPrice. Recommendations: For versions n/a through 4.0.3, at the moment, there is no...

PT-2025-3729 · WordPress · Post Grid/Gutenberg Blocks

Name of the Vulnerable Software and Affected Versions: Post Grid and Gutenberg Blocks plugin for WordPress versions 2.2.85 through 2.3.3 Description: The issue arises from the plugin not properly restricting what user meta can be updated during profile registration, making it possible for...

PT-2025-1541 · Learningtimes · Badgeos

Name of the Vulnerable Software and Affected Versions: BadgeOS versions 3.7.1.6 and earlier Description: The issue is related to a Missing Authorization vulnerability in LearningTimes BadgeOS, which allows exploiting incorrectly configured access control security levels. Recommendations: For...

PT-2025-34363

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A race condition exists in the packet set ring and packet notifier functions within the net/packet module. This occurs when packet set ring releases po-bind lock, allowing another thre...

PT-2024-17132 · WordPress · Wp-Publications

Name of the Vulnerable Software and Affected Versions: wp-publications WordPress plugin versions 1.2 and earlier Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example i...

PT-2024-66: Unauthorized Reflected XSS in PhpSpreadsheet (Currency.php)

The vulnerability was identified in PhpSpreadsheet, versions = 3.0.0, = 2.0.0, = 2.2.0, = 3.0.0, = 2.0.0, = 2.2.0, = 2.3.4 to 2.3.5 or higher Additional information: Researcher: Aleksey Solovev Positive Technologies...

PT-2024-63: Unauthorized Reflected XSS in PhpSpreadsheet (Downloader class)

The vulnerability was identified in PhpSpreadsheet, versions = 3.0.0, = 2.0.0, = 2.2.0, = 3.0.0, = 2.0.0, = 2.2.0, = 2.3.4 to 2.3.5 or higher Additional information: Researcher: Aleksey Solovev Positive Technologies...

PT-2024-37: Local Privilege Escalation (LPE) vulnerability in Windows DWM Core Library

The Local Privilege Escalation LPE vulnerability was discovered in the Microsoft Windows DWM Core library. The vulnerability allows an attacker to gain SYSTEM privileges. The affected products: Windows Server 2025. Versions: from 10.0.0 before 10.0.26100.2314 and from 10.0.0 before 10.0.26100.224...

PT-2024-9223 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 130.0.6723.116 Microsoft Edge affected versions not specified Description: The issue is related to a use-after-free bug in the Family Experiences component, which could allow a remote attacker to potentially...

PT-2024-31: Reflected Cross-Site Scripting (Reflected XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. An attacker can inject a malicious script into the request parameters and conduct social engineering attack on...

PT-2024-7433 · Draytek · Draytek Vigor310

Name of the Vulnerable Software and Affected Versions: DrayTek Vigor310 versions up to 4.3.2.6 Description: The issue is related to a buffer overflow vulnerability in the web interface of DrayTek Vigor routers, caused by a lack of size checking on input data. This can be exploited by a remote...

PT-2024-41128 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent affected versions not specified Description: The issue is related to incorrect link resolution before accessing a file, which can be exploited to potentially allow an attacker to escalate their privileges...

PT-2024-5810 · Google +4 · Google Chrome +4

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in Custom Tabs, allowing a remote attacker to perform UI spoofing via a crafted...

PT-2024-6164 · Google +4 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Description: The vulnerability is an inappropriate implementation bug in the V8 JavaScript and WebAssembly engine, which could allow a remote attacker to potentially exploit heap corruption via a...

PT-2024-6337 · Google +4 · Skia +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. Th...

PT-2024-27027 · Mattermost · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.5.x through 9.5.6 Mattermost versions 9.7.x through 9.7.5 Mattermost versions 9.8.x through 9.8.1 Mattermost versions 9.9.x through 9.9.0 Description: The issue allows a malicious remote user to overwrite an existing loc...

PT-2024-38274 · Unknown · Weave Server

Name of the Vulnerable Software and Affected Versions: Weave server affected versions not specified Description: The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. ...

PT-2024-37468 · Quivr · Quivr

Name of the Vulnerable Software and Affected Versions: stangirard/quivr version latest Description: A stored cross-site scripting XSS vulnerability exists in the 'Upload Knowledge' feature. Users can upload files via URL, which allows the insertion of malicious JavaScript payloads. These payloads...

PT-2024-4245 · Google +5 · Google Chrome +5

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 126.0.6478.54 Description: The issue is related to an inappropriate implementation in DevTools, which can be exploited by an attacker to execute arbitrary code via a crafted Chrome Extension. This can happen if...

PT-2024-37117 · Itsourcecode · Itsourcecode Bakery Online Ordering System

Name of the Vulnerable Software and Affected Versions: itsourcecode Bakery Online Ordering System version 1.0 Description: A critical issue has been found in the itsourcecode Bakery Online Ordering System, affecting an unknown function of the file /admin/modules/product/controller.php?action=add...

PT-2024-5351 · Argo Cd · Argo Cd

Name of the Vulnerable Software and Affected Versions: Argo CD versions prior to 2.11.3 Argo CD versions prior to 2.10.12 Argo CD versions prior to 2.9.17 Description: The issue is related to insufficient authentication procedures when handling the "/api/v1/settings" endpoint, allowing unauthoriz...

PT-2024-30731 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.9.0-rc1+ 29 Description: A null pointer dereference vulnerability has been resolved in the Linux kernel. The issue is induced by DEBUG TEST DRIVER REMOVE and occurs when the psp device or sev device structs ar...

PT-2024-40785 · Git +1 · Libultrahdr

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, which occurs in the ultrahdr::getYuv420Pixel function. This function is called by...

PT-2024-10351

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the incomplete cleanup of temporary or auxiliary resources in the Linux kernel, specifically in the s390/pkey component. This could allow an attacker to cause a...

PT-2024-25561 · Codebard · Patron Button/Widgets For Patreon

Name of the Vulnerable Software and Affected Versions: CodeBard's Patron Button and Widgets for Patreon versions n/a through 2.2.0 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS...

PT-2024-23166 · Brocade · Brocade Sannav

Name of the Vulnerable Software and Affected Versions: Brocade SANnav versions prior to 2.3.1 Brocade SANnav version 2.3.0a Description: A vulnerability could allow an authenticated user to print the Auth, Priv, and SSL key store passwords in unencrypted logs by manipulating command variables...

PT-2024-22943 · WordPress · Pocket News Generator

Name of the Vulnerable Software and Affected Versions: The Pocket News Generator plugin for WordPress versions up to, and including, 0.2.0 Description: The issue is related to Stored Cross-Site Scripting via admin settings, specifically Consumer Key and Access Token, due to insufficient input...

PT-2024-13618 · Dell · Dell Platform Bios

Name of the Vulnerable Software and Affected Versions: Dell Platform BIOS affected versions not specified Description: The issue is related to an Improper Null Termination, which could allow a high privilege user with network access to send malicious data and cause some services to cease...

PT-2024-12393 · Audio · Audio

Name of the Vulnerable Software and Affected Versions: Audio affected versions not specified Description: The issue is related to memory corruption in the Audio component when processing IIR config data from the AFE calibration block. Recommendations: At the moment, there is no information about ...

PT-2024-19161 · WordPress · Wordpress Quiz Maker Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Quiz Maker Plugin versions prior to 6.5.0.6 Description: The issue is related to improper input validation, allowing a remote authenticated attacker to perform a Denial of Service DoS attack against external services. Recommendation...

PT-2024-15125 · 10Web · The Photo Gallery By 10Web

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web plugin for WordPress versions up to, and including, 1.8.18 Description: The issue is related to Stored Cross-Site Scripting via widgets due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-10238 · Ibm · Ibm Devops Velocity +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Velocity version 5.0.0 IBM UrbanCode Velocity versions 4.0.0 through 4.0.25 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive...

PT-2024-18984 · Rubygems · Omniauth-Microsoft Graph

Name of the Vulnerable Software and Affected Versions: omniauth-microsoft graph versions prior to 2.0.0 Description: The implementation did not validate the legitimacy of the email attribute of the user nor did it give or document an option to do so, making it susceptible to nOAuth misconfigurati...

PT-2023-31838 · Pixelemu · Terraclassifieds – Simple Classifieds Plugin

Name of the Vulnerable Software and Affected Versions: TerraClassifieds – Simple Classifieds Plugin versions 2.0.3 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in the Pixelemu TerraClassifieds – Simple Classifieds Plugin. This...

PT-2023-31662 · Villatheme · Villatheme Curcy – Multi Currency For Woocommerce

Name of the Vulnerable Software and Affected Versions: VillaTheme CURCY – Multi Currency for WooCommerce versions 2.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that a...

PT-2023-31613 · Efacec · Bcu 500 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an attacker to send custom requests to cause a denial-of-service condition on the device through the exploitation of active user...

PT-2024-14671

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue occurs when switching to another HDMI mode, causing unnecessary disabling/enabling of FIFO, which leads to both HPO and DIG registers being set at the same time. This can resul...

PT-2023-7216 · Microsoft +6 · Net +8

Name of the Vulnerable Software and Affected Versions: .NET, .NET Framework, and Visual Studio affected versions not specified Description: The issue is related to insufficient access restrictions in the Microsoft .NET Framework and Visual Studio, allowing a remote attacker to elevate their...

PT-2025-25864 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the SMB2 negotiate function. This issue occurs in cases of failure, such as dialect mismatches, where the...

PT-2025-18853 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A hung task problem was reported in the Linux kernel, specifically in the ext4 file system. The issue occurs when an inode contains an xattr entry with an ea inum of 15 while...

PT-2023-6662 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 119.0.6045.105 Description: The issue is related to incorrect security UI in the Picture-in-Picture PiP feature of Google Chrome, allowing a remote attacker to perform domain spoofing via a crafted local HTML...