175403 matches found
PT-2022-23489 · Tenda · Tenda G3
Name of the Vulnerable Software and Affected Versions: Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE Description: The issue is caused by a buffer overflow in the addDhcpRule function due to sscanf in the httpd binary. Recommendations: For Tenda G3 version US G3V3.0br V15.11.0.67663 EN TDE, a...
PT-2022-16697 · WordPress · The Visualizer: Tables/Charts Manager For Wordpress
Name of the Vulnerable Software and Affected Versions: The Visualizer: Tables and Charts Manager for WordPress versions up to, and including 3.7.9 Description: The issue concerns deserialization of untrusted input via the remote data parameter. This allows authenticated attackers with contributor...
PT-2022-11526 · Suse · Suse Rancher
Name of the Vulnerable Software and Affected Versions: SUSE Rancher versions prior to 2.5.13 SUSE Rancher versions prior to 2.6.4 Description: A vulnerability in SUSE Rancher allows write access to the Catalog for any user when the restricted-admin role is enabled. This issue affects customers...
PT-2019-17791 · Rapid7 · Insightappsec
Name of the Vulnerable Software and Affected Versions: Rapid7 InsightAppSec versions 2019.06.24 and prior Description: The issue is related to a DLL injection vulnerability in the 'prunsrv.exe' component. A local user who is already authenticated to the operating system can exploit this to elevat...
PT-2009-2954 · Tftputil · Tftputil Gui
Name of the Vulnerable Software and Affected Versions: TFTPUtil GUI versions 1.2.0 through 1.3.0 Description: A directory traversal issue allows remote attackers to read arbitrary files outside the TFTP root directory via directory traversal sequences in a GET request, such as "/../" or "/../../"...
PT-1988-1001 · Sendmail · Sendmail
Name of the Vulnerable Software and Affected Versions: Sendmail affected versions not specified Description: The issue concerns the debug command in Sendmail, which is enabled, allowing attackers to execute commands as root. Recommendations: At the moment, there is no information about a newer...
PT-2026-46303
Name of the Vulnerable Software and Affected Versions Axios versions prior to 0.32.0 Axios versions prior to 1.16.0 Description Axios constructs a regular expression from the configured XSRF cookie name without escaping regex metacharacters. In standard browser environments, an attacker who can...
PT-2026-44498
Name of the Vulnerable Software and Affected Versions Charging controller affected versions not specified Description A firmware update mechanism fails to validate the authenticity of firmware packages delivered through the device's management interface. Due to the lack of cryptographic signature...
PT-2026-42535
Name of the Vulnerable Software and Affected Versions Concrete CMS versions prior to 9.5.1 Description Concrete CMS fails to sanitize path traversal sequences in the ptComposerFormLayoutSetControlCustomTemplate field during the process of saving page type composer form layouts. An authenticated...
PT-2026-39572
A weakness has been identified in D-Link DNS-320 2.06B01. This impacts the function cgi set host/cgi set ntp/cgi fan control/cgi merge user of the file /cgi-bin/system mgr.cgi. This manipulation causes os command injection. It is possible to initiate the attack remotely...
PT-2026-38594
Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.21 Description A server-side request forgery SSRF issue exists in the notebook viewer. This occurs due to URL parser confusion between the validation layer and the HTTP request library, where the...
PT-2026-38350
Improper restriction of excessive authentication attempts vulnerability in Hitachi Virtual Storage Platform G130, G150, G350, G370, G700, G900, F350, F370, F700, F900, Hitachi Virtual Storage Platform E390, E590, E790, E990, E1090, E390H, E590H, E790H, E1090H, Hitachi Virtual Storage Platform One...
PT-2026-38379
Name of the Vulnerable Software and Affected Versions Netty versions prior to 4.1.133.Final Netty versions prior to 4.2.13.Final Description HttpContentDecompressor and DelegatingDecompressorFrameListener used for HTTP/2 connections utilize a maxAllocation parameter to limit decompression buffer...
PT-2026-38272
Name of the Vulnerable Software and Affected Versions Flight versions prior to 3.18.1 Description The SimplePdo::insert, SimplePdo::update, and SimplePdo::delete functions build SQL statements by concatenating the $table argument and the keys of the $data array directly into the query without...
PT-2026-35273
Name of the Vulnerable Software and Affected Versions choieastsea simple-openstack-mcp versions prior to 767b2f4a8154cca344344b9725537a58399e6036 Description An OS command injection flaw exists that allows remote attackers to execute arbitrary commands. The issue is located within the exec...
PT-2026-2109
Name of the Vulnerable Software and Affected Versions llama.cpp versions prior to commit 55d4206c9 Description llama.cpp is an inference engine for several Large Language Models LLMs implemented in C/C++. The software parses the n discard parameter directly from JSON input in its completion...
PT-2025-50332
Hi All, Looking at the Action1 reports, and unable to see anything which would be useful to for reporting from for the vulnerability of devices. I'm looking for an export with the data similar to the below DeviceName, CveId, Severity, CVSS, PatchAvailable, Product, OS, LastSeen PC-001,...
PT-2025-49988
Name of the Vulnerable Software and Affected Versions adata Software GmbH Mitarbeiter Portal version 2.15.2.0 Description A stored Cross Site Scripting XSS issue exists in the bulletin board SchwarzeBrett component. This allows a remote authenticated user to execute arbitrary JavaScript code with...
PT-2025-39731
Name of the Vulnerable Software and Affected Versions westboy CicadasCMS version 1.0 Description A cross site scripting issue exists in an unknown functionality of the file /system/cms/category/save. The manipulation of the categoryName argument can lead to the execution of remote scripts. The...
PT-2025-37814
Name of the Vulnerable Software and Affected Versions: macOS versions prior to Tahoe 26 Description: An application may be able to access sensitive user data due to insufficient checks preventing unauthorized actions. Recommendations: Update to macOS Tahoe 26...
PT-2025-37267
Name of the Vulnerable Software and Affected Versions: erjinzhi 10OA version 1.0 Description: A vulnerability exists in erjinzhi 10OA version 1.0. The issue involves cross site scripting caused by manipulation of the Name argument in an unknown function of the /trial/mvc/catalogue file. This...
PT-2025-32423 · Bun +4 · Bun +4
Name of the Vulnerable Software and Affected Versions: oak versions 17.1.5 and below Description: oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. Specially crafted values in the x-forwarded-proto or x-forwarded-for...
PT-2025-28895 · Ibm · Ibm Openpages With Watson
Name of the Vulnerable Software and Affected Versions: IBM OpenPages with Watson versions 8.3 and 9.0 Description: An authenticated user may be able to obtain sensitive information that should only be accessible to privileged users. Recommendations: Apply appropriate access controls to restrict...
PT-2025-27781 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The configuration of the Apache httpd webserver is partly insecure due to unnecessary activated modules. These modules pose a risk to the webserver, enabling directory listing...
PT-2025-20377 · Checkmk · Checkmk
Name of the Vulnerable Software and Affected Versions: Checkmk versions 2.1.0 through 2.3.0 Checkmk version 2.4.0b6 and earlier Description: The issue allows files to be deployed with agents to be accessible without authentication. This could enable an attacker to access files that may contain...
PT-2025-20128
Name of the Vulnerable Software and Affected Versions Custom Checkout Fields for WooCommerce versions 1.8.3 and earlier Description The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Stored XSS. This means that an...
PT-2025-20154 · Wedevs · Webmail
Name of the Vulnerable Software and Affected Versions: weDevs weMail versions 1.14.13 and earlier Description: The issue allows exposure of sensitive system information to an unauthorized control sphere, enabling the retrieval of embedded sensitive data. Recommendations: For weDevs weMail version...
PT-2025-18762 · WordPress · Wpml
Name of the Vulnerable Software and Affected Versions: WPML plugin for WordPress versions 3.6.0 through 4.7.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's wpml language switcher shortcode due to insufficient input sanitization and output escaping on...
PT-2025-18175 · Bookgy · Bookgy
Name of the Vulnerable Software and Affected Versions: Bookgy affected versions not specified Description: The issue is related to a SQL injection vulnerability. This could allow an attacker to retrieve, create, update, and delete databases by sending an HTTP request through the IDTIPO, IDPISTA,...
PT-2025-18655 · Totolink · Totolink Cpe Cp900
Name of the Vulnerable Software and Affected Versions: TOTOLINK CPE CP900 version 6.3c.1144 B20190715 Description: A command injection issue was found in the setApRebootScheCfg function through the hour or minute parameters. This allows attackers to execute arbitrary commands via a manipulated...
PT-2025-7475 · WordPress · Modal Window
Name of the Vulnerable Software and Affected Versions: The Modal Window plugin for WordPress versions up to, and including, 6.1.5 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'iframeBox' shortcode due to insufficient input sanitization and output escaping on...
PT-2025-4460 · Learndash · Faizaan Gagan Course Migration For Learndash
Name of the Vulnerable Software and Affected Versions: Faizaan Gagan Course Migration for LearnDash versions 1.0.2 through n/a Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability, which allows for Server Side Request Forgery. This means an attacker can potentiall...
PT-2024-41036 · Stalker · Communigate Pro
Name of the Vulnerable Software and Affected Versions: CommuniGate Pro affected versions not specified Description: The issue is related to a buffer overflow on the stack in the CommuniGate Pro mail server. Exploitation of this issue may allow a remote attacker to execute arbitrary code...
PT-2024-28540 · Dell · Dell Powerscale Insightiq
Name of the Vulnerable Software and Affected Versions: Dell PowerScale InsightIQ version 5.0 Description: The issue is related to the use of hard-coded credentials in Dell PowerScale InsightIQ. A high-privileged attacker with local access could potentially exploit this, leading to information...
PT-2024-27929 · Alcasar · Alcasar
Name of the Vulnerable Software and Affected Versions: ALCASAR versions prior to 3.6.1 Description: The issue allows for CSRF and remote code execution in the activity.php file. Recommendations: For versions prior to 3.6.1, update to version 3.6.1 or later to resolve the issue...
PT-2024-23015 · Bizprint · Bizprint
Name of the Vulnerable Software and Affected Versions: BizPrint versions through 4.5.5 Description: The issue is related to a Cross-Site Request Forgery CSRF vulnerability that also allows Cross-Site Scripting XSS in BizPrint. Recommendations: For versions through 4.5.5, update to a version that...
PT-2024-21269 · Google · Android
Name of the Vulnerable Software and Affected Versions: TBD affected versions not specified Description: The issue is related to a missing bounds check in the tmu reset tmu trip counter function, which could lead to a possible out of bounds write. This could result in local escalation of privilege...
PT-2024-18042
Name of the Vulnerable Software and Affected Versions DeepFaceLab pretrained DF.wf.288res.384.92.72.22 Description A vulnerability was found in DeepFaceLab pretrained and classified as problematic. This issue affects the function apply xseg of the file main.py. The manipulation leads to...
PT-2023-18475 · Qualcomm · Qualcomm Chipsets
Name of the Vulnerable Software and Affected Versions: Qualcomm Chipsets affected versions not specified Description: The issue is related to memory corruption in the camera while installing a file descriptor for a particular DMA buffer. This can potentially lead to code execution. Recommendation...
PT-2023-15305 · Unknown · Wpdevart Booking Calendar
Name of the Vulnerable Software and Affected Versions: WpDevArt Booking calendar, Appointment Booking System versions 3.2.7 and earlier Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQ...
PT-2023-27993 · WordPress · Woocommerce Pdf Invoice Builder
Name of the Vulnerable Software and Affected Versions: WooCommerce PDF Invoice Builder plugin for WordPress versions up to, and including, 1.2.90 Description: The issue is related to Stored Cross-Site Scripting via admin settings due to insufficient input sanitization and output escaping. This...
PT-2023-25407 · Logitech · Logitec Lan-Wh300An/Dgp +3
Name of the Vulnerable Software and Affected Versions: LOGITEC LAN-W300N/DR all versions LOGITEC LAN-WH300N/DR all versions LOGITEC LAN-W300N/P all versions LOGITEC LAN-WH450N/GP all versions LOGITEC LAN-WH300AN/DGP all versions LOGITEC LAN-WH300N/DGP all versions LOGITEC LAN-WH300ANDGPE all...
PT-2023-23081 · Foundry · The Foundry Magritte Plugin Rest-Source
Name of the Vulnerable Software and Affected Versions: The Foundry Magritte plugin rest-source affected versions not specified Description: The issue is related to an XML external Entity attack XXE in the rest-source plugin. This type of attack allows an attacker to access local or remote content...
PT-2023-16821 · WordPress · Http Headers
Name of the Vulnerable Software and Affected Versions: HTTP Headers WordPress plugin versions prior to 1.18.11 Description: The issue allows arbitrary data to be written to arbitrary files, leading to a Remote Code Execution. Recommendations: For versions prior to 1.18.11, update to version 1.18....
PT-2023-3634 · Jenkins · Jenkins Checkmarx Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.4.3 and earlier Description: The issue is related to errors in SSL/TLS certificate validation. It may allow a remote attacker to perform a "man-in-the-middle" attack. The plugin disables SSL/TLS validati...
PT-2023-13012 · Intel · Intel Processors
Name of the Vulnerable Software and Affected Versions: IntelR Processors affected versions not specified Description: The issue is related to a use after free in the BIOS firmware for some IntelR Processors, which may allow a privileged user to potentially enable escalation of privilege via local...
PT-2022-27270 · WordPress · 4Ecps Web Forms
Name of the Vulnerable Software and Affected Versions: 4ECPS Web Forms plugin versions 0.2.17 and earlier Description: The issue is related to a Stored Cross-Site Scripting XSS vulnerability that requires authentication with admin+ privileges. It affects the 4ECPS Web Forms plugin on WordPress...
PT-2022-25834 · Pypi · D8S-Archives +1
Name of the Vulnerable Software and Affected Versions: d8s-archives version 0.1.0 Description: The d8s-archives package for Python, as distributed on PyPI, included a potential code-execution backdoor inserted by a third party. The backdoor is the democritus-file-system package. Recommendations:...
PT-2022-3476 · Omron · Sysmac Studio +4
Name of the Vulnerable Software and Affected Versions: Machine automation controller NJ series versions 1.48 and earlier Machine automation controller NX7 series versions 1.28 and earlier Machine automation controller NX1 series versions 1.48 and earlier Automation software 'Sysmac Studio' versio...
PT-2021-2654 · D Link · D-Link Dsl-320B-D1
Name of the Vulnerable Software and Affected Versions: D-Link DSL-320B-D1 devices through EU 1.25 Description: The issue is related to a buffer overflow in the device's firmware, allowing a remote attacker to gain unauthorized access to the device with user login.xgi privileges. The vulnerability...