PT-2024-19161 · WordPress · Wordpress Quiz Maker Plugin

Name of the Vulnerable Software and Affected Versions: WordPress Quiz Maker Plugin versions prior to 6.5.0.6 Description: The issue is related to improper input validation, allowing a remote authenticated attacker to perform a Denial of Service DoS attack against external services. Recommendation...

PT-2024-15125 · 10Web · The Photo Gallery By 10Web

Name of the Vulnerable Software and Affected Versions: The Photo Gallery by 10Web plugin for WordPress versions up to, and including, 1.8.18 Description: The issue is related to Stored Cross-Site Scripting via widgets due to insufficient input sanitization and output escaping on user-supplied...

PT-2024-10238 · Ibm · Ibm Devops Velocity +1

Name of the Vulnerable Software and Affected Versions: IBM DevOps Velocity version 5.0.0 IBM UrbanCode Velocity versions 4.0.0 through 4.0.25 Description: The issue is related to the use of weaker than expected cryptographic algorithms, which could allow an attacker to decrypt highly sensitive...

PT-2024-18984 · Rubygems · Omniauth-Microsoft Graph

Name of the Vulnerable Software and Affected Versions: omniauth-microsoft graph versions prior to 2.0.0 Description: The implementation did not validate the legitimacy of the email attribute of the user nor did it give or document an option to do so, making it susceptible to nOAuth misconfigurati...

PT-2023-31838 · Pixelemu · Terraclassifieds – Simple Classifieds Plugin

Name of the Vulnerable Software and Affected Versions: TerraClassifieds – Simple Classifieds Plugin versions 2.0.3 and earlier Description: The issue is related to an Unrestricted Upload of File with Dangerous Type vulnerability in the Pixelemu TerraClassifieds – Simple Classifieds Plugin. This...

PT-2023-31662 · Villatheme · Villatheme Curcy – Multi Currency For Woocommerce

Name of the Vulnerable Software and Affected Versions: VillaTheme CURCY – Multi Currency for WooCommerce versions 2.2.0 and earlier Description: The issue is related to improper neutralization of input during web page generation, which allows for stored cross-site scripting XSS. This means that a...

PT-2023-31613 · Efacec · Bcu 500 +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: The issue allows an attacker to send custom requests to cause a denial-of-service condition on the device through the exploitation of active user...

PT-2024-14671

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue occurs when switching to another HDMI mode, causing unnecessary disabling/enabling of FIFO, which leads to both HPO and DIG registers being set at the same time. This can resul...

PT-2023-7216 · Microsoft +6 · Net +8

Name of the Vulnerable Software and Affected Versions: .NET, .NET Framework, and Visual Studio affected versions not specified Description: The issue is related to insufficient access restrictions in the Microsoft .NET Framework and Visual Studio, allowing a remote attacker to elevate their...

PT-2025-25864 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the SMB2 negotiate function. This issue occurs in cases of failure, such as dialect mismatches, where the...

PT-2025-18853 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to the fixed version Description: A hung task problem was reported in the Linux kernel, specifically in the ext4 file system. The issue occurs when an inode contains an xattr entry with an ea inum of 15 while...

PT-2023-6662 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 119.0.6045.105 Description: The issue is related to incorrect security UI in the Picture-in-Picture PiP feature of Google Chrome, allowing a remote attacker to perform domain spoofing via a crafted local HTML...

PT-2023-7847 · Adobe · Experience Manager

Name of the Vulnerable Software and Affected Versions: Adobe Experience Manager versions 6.5.18 and earlier Description: The issue is related to a stored Cross-Site Scripting XSS vulnerability that could be exploited by a low-privileged attacker to inject malicious scripts into vulnerable form...

PT-2023-25586 · Eclipse +6 · Eclipse Jetty +8

Name of the Vulnerable Software and Affected Versions: Eclipse Jetty versions 9.0.0 through 9.4.52 Eclipse Jetty versions 10.0.0 through 10.0.15 Eclipse Jetty versions 11.0.0 through 11.0.15 Description: The issue is caused by an integer overflow in MetaDataBuilder.checkSize, allowing HTTP/2 HPAC...

PT-2023-28807 · Searchor · Searchor

Name of the Vulnerable Software and Affected Versions: Searchor versions prior to 2.4.2 Description: The issue allows an attacker to execute arbitrary code via a crafted script to the eval function in Searchor's main.py file, affecting the search feature in Searchor's Command Line Interface. This...

PT-2023-7025 · Node.Js +6 · Node.Js +6

Name of the Vulnerable Software and Affected Versions: Node.js versions prior to the fixed version Description: Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module...

PT-2023-4318 · Linux +6 · Linux Kernel +6

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability in the Linux kernel's netfilter: nf tables component can be exploited to achieve local privilege escalation. On an error when building a nftables rule,...

PT-2023-3704 · Amd +9 · Amd Ryzen +10

Name of the Vulnerable Software and Affected Versions: AMD Zen 2 processors affected versions not specified Description: The issue in AMD Zen 2 processors, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. This is due to a...

PT-2023-3974 · Linux +10 · Linux Kernel +10

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A use-after-free vulnerability in the Linux kernel's net/sched: cls fw component can be exploited to achieve local privilege escalation. If tcf change indev fails, fw set parms will...

PT-2023-25462 · Zzcms · Zzcms

Name of the Vulnerable Software and Affected Versions: ZZCMS versions 2023 and earlier Description: The issue allows a remote attacker to gain privileges via the add function in adminlist.php. This is a Cross Site Request Forgery vulnerability. Recommendations: For ZZCMS versions 2023 and earlier...

PT-2023-4180 · Google +3 · Google Chrome +3

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 115.0.5790.170 Description: The issue is related to a use after free in the Cast component of Google Chrome, which could allow a remote attacker to potentially exploit heap corruption via a crafted HTML page...

PT-2023-15091 · WordPress · Marty Thornley Import External Images Plugin

Name of the Vulnerable Software and Affected Versions: Marty Thornley Import External Images plugin versions 1.4 and earlier Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability. This type of vulnerability allows an attacker to trick a user into performing unintend...

PT-2025-26012 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, related to the block layer and the blk-rq-qos framework. The issue occurs when the io.cost.qos file is written by two CPUs...

PT-2023-12360 · Apache · Apache Ranger Hive Plugin

Name of the Vulnerable Software and Affected Versions: Apache Ranger Hive Plugin versions 2.0.0 through 2.3.0 Description: An Incorrect Permission Assignment for Critical Resource issue was found in the Apache Ranger Hive Plugin. Any user with SELECT privilege on a database can alter the ownershi...

PT-2023-22996 · Unknown +1 · Baremetal Operator +2

Name of the Vulnerable Software and Affected Versions: Baremetal Operator versions prior to 0.3.0 Description: The issue arises from the storage of .htpasswd files as ConfigMaps instead of Secrets by ironic and ironic-inspector deployed within Baremetal Operator using the included deploy.sh. This...

PT-2023-06: Unauth Information Exposure leads to Priviledge Escalation in Zyxel products

An issue was identified in Zyxel products affecting: ATP ZLD V4.32V5.35; USG FLEX ZLD V4.50V5.35; USG FLEX 50W/ USG20W-VPN ZLD V4.16V5.35; VPN ZLD V4.30V5.35. The discovered vulnerability can be exploited by an authenticated attacker to escalate privileges by obtaining encrypted administrator...

PT-2023-01: Post-auth Command Injection in account_operator.cgi in Zyxel products

An issue was identified in Zyxel products affecting: USG FLEX ZLD V4.50-V5.35 and VPN ZLD V4.30-V5.35. Discovered vulnerability in accountoperator.cgi can be exploited by an authenticated attacker to inject commands and modify device configuration data, which could result in a denial of service D...

PT-2023-16665 · WordPress · Stylish-Cost-Calculator-Premium

Name of the Vulnerable Software and Affected Versions: stylish-cost-calculator-premium WordPress plugin versions prior to 7.9.0 Description: The issue is related to a Stored Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted ba...

PT-2023-10278 · Unknown · Cp Appointment Calendar Plugin

Name of the Vulnerable Software and Affected Versions: CP Appointment Calendar Plugin version 1.1.5 and earlier Description: A critical vulnerability has been found in the CP Appointment Calendar Plugin. This issue affects the dex process ready to go appointment function of the dex appointments.p...

PT-2023-22079 · Sveltekit · Sveltekit

Name of the Vulnerable Software and Affected Versions: SvelteKit versions prior to 1.15.1 Description: The SvelteKit framework provides out-of-the-box cross-site request forgery CSRF protection. However, prior to version 1.15.1, this protection can be bypassed by specifying a different Content-Ty...

PT-2023-17171 · Sourcecodester · Earnings/Expense Tracker App

Name of the Vulnerable Software and Affected Versions: SourceCodester Earnings and Expense Tracker App version 1.0 Description: A problematic vulnerability has been found in the software, affecting an unknown part of the file, specifically the "Master.php?a=save expense" endpoint. The manipulatio...

PT-2023-17038 · Sourcecodester · Sourcecodester Alphaware Simple E-Commerce System

Name of the Vulnerable Software and Affected Versions: SourceCodester Alphaware Simple E-Commerce System version 1.0 Description: A critical issue affects some unknown functionality of the file function/edit customer.php. The manipulation of the argument firstname/mi/lastname with the input a'...

PT-2023-16580

Name of the Vulnerable Software and Affected Versions: WP Meta SEO WordPress plugin versions prior to 4.5.3 Description: The issue allows low-privilege users to make updates to certain data due to a lack of authorization for several ajax actions, leading to an arbitrary redirect. Recommendations:...

PT-2023-16806 · Ecshop · Ecshop

Name of the Vulnerable Software and Affected Versions: ECshop versions up to 4.1.8 Description: A problematic issue has been found in the Backup Database Handler component of the file admin/database.php, leading to unrestricted upload. The attack can be launched remotely. The issue affects some...

PT-2023-19522 · Unknown · Judging Management System

Name of the Vulnerable Software and Affected Versions: Judging Management System version 1.0 Description: The issue is related to an arbitrary file upload vulnerability. This vulnerability is present in the component edit organizer.php. Recommendations: For Judging Management System version 1.0,...

PT-2023-12706 · Dell Emc · Dell Emc Unity

Name of the Vulnerable Software and Affected Versions: Dell EMC Unity versions before 5.2.0.0.5.173 Description: The issue is related to the use of a broken cryptographic algorithm. A remote unauthenticated attacker could potentially exploit this by performing Man-in-the-Middle MitM attacks,...

PT-2023-19788 · Owncloud · Owncloud Android App

Name of the Vulnerable Software and Affected Versions: ownCloud Android app versions prior to 3.0 Description: The ownCloud Android app has an incomplete fix for a path traversal issue and is vulnerable to two bypass methods. These bypasses may lead to information disclosure when uploading the...

PT-2023-16376 · Yugabyte · Yugabytedb

Name of the Vulnerable Software and Affected Versions: Yugabyte DB versions prior to 2.2.0.0 Description: The issue is related to External Control of Critical State Data and Improper Control of Generation of Code, also known as 'Code Injection' vulnerability. This vulnerability affects YugaByte,...

PT-2023-12376 · Unknown · Openmage Lts

Name of the Vulnerable Software and Affected Versions: OpenMage LTS versions prior to 19.4.22 OpenMage LTS versions prior to 20.0.19 Description: The issue allows an administrator with the permissions to upload files via DataFlow and to create products to execute arbitrary code via the convert...

PT-2023-10812

Name of the Vulnerable Software and Affected Versions roxlukas LMeve versions up to 0.1.58 Description A critical issue affects the function insert log of the file wwwroot/ccpwgl/proxy.php. The manipulation of the argument fetch leads to SQL injection. Recommendations For versions up to 0.1.58,...

PT-2022-17940 · Pax Technology · Paydroid +1

Name of the Vulnerable Software and Affected Versions: PAX A930 device with PayDroid versions 7.1.1 Virgo V04.3.26T1 20210419 through 7.1.1 Virgo V04.4.02 20211201 Description: The issue allows an unauthorized attacker to perform privileged actions through the execution of specific binaries liste...

PT-2022-23252 · Unknown · School Management System

Name of the Vulnerable Software and Affected Versions: School Management System version 1.0 Description: The issue allows remote attackers to modify or delete data, causing persistent changes to the application's content or behavior by using malicious SQL queries. Recommendations: For School...

PT-2022-7681

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a use-after-free vulnerability in the Linux kernel, specifically in the amdgpu module. This vulnerability may allow an attacker to impact the confidentiality,...

PT-2022-26790 · Xxl-Job · Xxl-Job

Name of the Vulnerable Software and Affected Versions: XXL-Job versions prior to 2.3.1 Description: The issue is related to a Server-Side Request Forgery SSRF in the component /admin/controller/JobLogController.java. This allows for potential exploitation. Recommendations: For versions prior to...

PT-2022-21788 · Unknown · Smart Slider 3

Name of the Vulnerable Software and Affected Versions: Smart Slider 3 versions prior to 3.5.1.11 Description: The issue arises from the unserialization of the content of an imported file, potentially leading to PHP object injection issues if a malicious file is imported and a suitable gadget chai...

PT-2022-26260 · Liferay · Liferay Portal

Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.4 through 7.4.3.36 Description: A cross-site scripting issue exists in the Object module's edit object details page, allowing remote attackers to inject arbitrary web script or HTML via a crafted payload injected...

PT-2022-25470 · WordPress · Cpo Shortcodes

Name of the Vulnerable Software and Affected Versions: CPO Shortcodes plugin versions prior to 1.5.0 Description: The issue is related to an Authenticated Stored Cross-Site Scripting XSS vulnerability. This means that an attacker with admin or higher privileges can inject malicious scripts into t...

PT-2022-5132 · Arr-Pm · Arr-Pm

Name of the Vulnerable Software and Affected Versions: Arr-pm versions prior to 0.0.12 Description: The issue is related to OS command injection, which can result in shell execution if an RPM contains a malicious payload compressor field. This impacts the extract and files methods of the RPM::Fil...

PT-2022-33242 · Unknown · Openvswitch

Name of the Vulnerable Software and Affected Versions: openvswitch versions prior to v5.19.8 Description: A memory leak issue was discovered in openvswitch, related to failed datapath creation. The actual impact and attack plausibility have not yet been proven. Recommendations: For versions prior...

PT-2023-5883

Name of the Vulnerable Software and Affected Versions curl versions 7.82.0 through 8.4.0 libcurl versions 7.82.0 through 8.4.0 MySQL versions 5.7.43 and earlier, 8.0.34 and earlier, 8.1.0 and earlier Description curl and libcurl are vulnerable to a heap buffer overflow in the SOCKS5 proxy...