175511 matches found
PT-2025-47832
Name of the Vulnerable Software and Affected Versions libpng versions 1.6.0 through 1.6.50 libpng1.6 affected versions not specified Description The libpng library contains a heap buffer overflow issue in the png image finish read function when processing 16-bit interlaced PNGs with 8-bit output...
PT-2025-47167
Name of the Vulnerable Software and Affected Versions PDFPatcher versions through 1.1.3.4663 Description The software does not properly restrict XML external entity XXE references in its XML bookmark import functionality. The application utilizes .NET’s XmlDocument class without disabling externa...
PT-2025-47086
Name of the Vulnerable Software and Affected Versions WeiYe-Jing datax-web versions up to 2.1.2 Description A flaw exists in the Job Handler component of WeiYe-Jing datax-web, specifically within the remove, update, pause, start, and triggerJob functions. This issue results in improper access...
PT-2025-46862
Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security issue exists in Keycloak where enabling debug mode with the --debug flag insecurely binds the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes th...
PT-2025-46679
Name of the Vulnerable Software and Affected Versions Splunk Enterprise versions prior to 10.0.1, 9.4.5, 9.3.7, and 9.2.9 Splunk Cloud Platform versions prior to 10.0.2503.5, 9.3.2411.111, and 9.3.2408.121 Description An unauthenticated attacker could construct a malicious URL utilizing the retur...
PT-2025-45194
Path Traversal: '.../...//' vulnerability in Mikado-Themes Wanderland wanderland allows PHP Local File Inclusion.This issue affects Wanderland: from n/a through = 1.7.1...
PT-2025-44089
Name of the Vulnerable Software and Affected Versions Softing smartLink HW-PN versions 1.02 through 1.03 Softing smartLink HW-DP version 1.31 Description A webserver crash can occur due to scanning on TCP port 80 in Softing Industrial Automation GmbH gateways and switches. The issue is triggered ...
PT-2025-44045
Name of the Vulnerable Software and Affected Versions shawon100 RUET OJ up to 18fa45b0a669fa1098a0b8fc629cf6856369d9a5 Description A SQL injection issue exists in the POST Request Handler component of shawon100 RUET OJ. The issue is located in the file /process.php and is triggered by manipulatin...
PT-2025-43694
Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...
PT-2025-43261
Name of the Vulnerable Software and Affected Versions WhatsApp Chat for WordPress and WooCommerce versions through 1.2.1 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This means that...
PT-2025-42438
Name of the Vulnerable Software and Affected Versions Apache ActiveMQ NMS AMQP versions prior to 2.4.0 Description A deserialization of untrusted data issue exists in the Apache ActiveMQ NMS AMQP Client. Malicious servers can exploit unbounded deserialization logic to craft responses that may lea...
PT-2025-41883
Name of the Vulnerable Software and Affected Versions SIMATIC CP 1542SP-1 versions prior to 2.4.24 SIMATIC CP 1542SP-1 IRC versions prior to 2.4.24 SIMATIC CP 1543SP-1 versions prior to 2.4.24 SIPLUS ET 200SP CP 1542SP-1 IRC TX RAIL versions prior to 2.4.24 SIPLUS ET 200SP CP 1543SP-1 ISEC versio...
PT-2025-41130
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.5.0-rc7-syzkaller-gfe4469582053 Description The Linux kernel contains a flaw in the net/handshake/netlink.c component, specifically within the handshake nl done doit function. This issue can lead to a null...
PT-2025-40685
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vdpa nl policy structure, used for validating netlink attributes nlattr during message parsing, lacked a necessary check for the maximum virtual queue pair VQP attribute. This missin...
PT-2025-40478
Name of the Vulnerable Software and Affected Versions Customify theme for WordPress version 0.4.11 Description The software is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation in the reset customize section function. This allows unauthenticated attackers to...
PT-2025-40471
The Backup Bolt plugin for WordPress is vulnerable to arbitrary file downloads and backup location writes in all versions up to, and including, 1.4.1 via the process backup batch function. This makes it possible for authenticated attackers, with Administrator-level access and above, to download...
PT-2025-40399
Name of the Vulnerable Software and Affected Versions YOSHOP 2.0 Description The software allows unauthorized disclosure of information through comment-list API endpoints within the Goods module. The Comment model loads the related User model without filtering specific fields. Due to the absence ...
PT-2025-40025
Name of the Vulnerable Software and Affected Versions MegaSys Telenium Online Web Application affected versions not specified Description The Telenium Online Web Application contains a critical command injection flaw stemming from an insecurely terminated regular expression check within a PHP...
PT-2025-40112
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the snd ac97 dev register function within the ALSA AC97 subsystem. If the device register function fails during the registration process, the allocated memory for...
PT-2025-39795
Name of the Vulnerable Software and Affected Versions code-projects Project Monitoring System version 1.0 Description A cross site scripting issue exists due to manipulation of the txtapplyto argument. The issue is located in the file /onlineJobSearchEngine/postjob.php within an unknown function...
PT-2025-39468
Name of the Vulnerable Software and Affected Versions yangzongzhuan RuoYi versions up to 4.8.1 Description A security flaw exists in yangzongzhuan RuoYi. The issue involves improper authorization due to manipulation of the userIds argument in the file '/system/role/authUser/selectAll'. This allow...
PT-2025-39651
Name of the Vulnerable Software and Affected Versions DOXENSE WATCHDOC versions prior to 6.1.0.5094 Description The software contains a flaw where private user PUK codes can be disclosed for Active Directory registered users due to hard-coded and predictable data. Recommendations Update to versio...
PT-2025-39687
Name of the Vulnerable Software and Affected Versions Android versions 13 through 16 Description A critical remote code execution issue exists in the Bluetooth stack of the Android operating system. The flaw, located in the bta hf client cb init function of bta hf client main.cc, is due to a...
PT-2025-49442
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.10.134-010.a1i5000.a18.x86 64 Description The Linux kernel contains a race condition within the amdgpu amdkfd device fini sw function and interrupt handling. This condition can occur if amdgpu amdkfd device fin...
PT-2025-39315
Name of the Vulnerable Software and Affected Versions csvtojson versions prior to 2.0.10 Description The csvtojson package has a flaw due to inadequate sanitization of nested header names during parsing. Processing CSV input with crafted header fields referencing prototype chains like using proto...
PT-2025-38180
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel's i2c designware driver related to the handling of device interrupts. A regression was introduced by commit c7b79a752871, causing system crashes NULL...
PT-2025-37108
Name of the Vulnerable Software and Affected Versions: danny-avila/librechat version 0.7.8 Description: Improper authorization controls in the conversation sharing feature allow unauthorized access to other users' conversations if the conversation ID is known. Conversation IDs, while generated...
PT-2025-36491
Name of the Vulnerable Software and Affected Versions Adobe Commerce versions prior to 2.4.10 Magento Open Source affected versions not specified Description An improper input validation issue, known as SessionReaper, exists in the REST API, specifically within the ServiceInputProcessor and the...
PT-2025-36366
Name of the Vulnerable Software and Affected Versions: ELEX WooCommerce Google Shopping plugin for WordPress versions up to and including 1.4.3 Description: The ELEX WooCommerce Google Shopping plugin for WordPress is susceptible to SQL Injection through the file to delete parameter. Insufficient...
PT-2025-36257
Name of the Vulnerable Software and Affected Versions: Nordic Semiconductor nRF52810 affected versions not specified Description: The On-Chip Debug and Test Interface in the nRF52810 has improper access control and insufficient protection against Electromagnetic Fault Injection EM-FI. This allows...
PT-2025-35874
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. affected versions not specified Description: An out-of-bounds write issue exists in the wl cfgscan update v3 schedscan results function within wl cfgscan.c due to an incorrect bounds check. This could le...
PT-2025-36066
Name of the Vulnerable Software and Affected Versions: AccountManagerService affected versions not specified Description: An application may access privileged APIs due to a confused deputy condition within the isSystemUid function of AccountManagerService.java. This could result in local privileg...
PT-2025-35651
Name of the Vulnerable Software and Affected Versions: ScriptAndTools Real Estate Management System version 1.0 Description: A weakness has been identified in an unknown function of the register.php file, allowing for unrestricted file upload through manipulation of the uimage argument. Remote...
PT-2025-35707
Name of the Vulnerable Software and Affected Versions: Apache DolphinScheduler versions prior to 3.2.2 Description: An incorrect default permissions issue exists in Apache DolphinScheduler. Recommendations: Upgrade to version 3.3.1...
PT-2025-35555
Name of the Vulnerable Software and Affected Versions: E3 Site Supervisor Control versions prior to 2.31F01 Description: E3 Site Supervisor Control’s floor plan feature allows an unauthenticated attacker to upload floor plan files. Uploading a specially crafted floor plan file can lead to a store...
PT-2025-35600
Name of the Vulnerable Software and Affected Versions: Dell Alienware Command Center versions prior to 5.10.2.0 Description: Dell Alienware Command Center AWCC contains an Improper Link Resolution Before File Access 'Link Following' issue. A local attacker with low privileges could potentially...
PT-2025-35202
Name of the Vulnerable Software and Affected Versions: Booster for WooCommerce versions up to and including 7.2.4 Description: The Booster for WooCommerce plugin for WordPress is susceptible to arbitrary file uploads due to the absence of file type validation within the add files to order functio...
PT-2025-35227
Name of the Vulnerable Software and Affected Versions: WhatsApp versions prior to v2.25.21.73 for iOS, versions prior to v2.25.21.78 for WhatsApp Business for iOS, and versions prior to v2.25.21.78 for WhatsApp for Mac. Description: WhatsApp was found to have an incomplete authorization flaw in...
PT-2025-34967
Name of the Vulnerable Software and Affected Versions: RingCentral Communications plugin for WordPress versions 1.5 through 1.6.8 Description: The RingCentral Communications plugin for WordPress is susceptible to authentication bypass due to insufficient validation within the ringcentral admin...
PT-2025-34931 · Gitlab · Gitlab Ce/Ee
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions prior to 18.3.1 Description: An issue exists in GitLab CE/EE that allows unauthenticated users to access sensitive manual CI/CD variables by...
PT-2025-34761
Name of the Vulnerable Software and Affected Versions Citrix NetScaler ADC and NetScaler Gateway versions prior to 14.1-47.48, 13.1-59.22, and 13.1-37.241-FIPS, and 12.1-55.330-FIPS Description Citrix NetScaler ADC and NetScaler Gateway contain a memory overflow vulnerability that allows for remo...
PT-2025-34767 · Linksys · Linksys Re6250 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250 version 1.0.013.001 Linksys RE6300 version 1.0.013.001 Linksys RE6350 version 1.0.013.001 Linksys RE6500 version 1.0.013.001 Linksys RE7000 version 1.0.013.001 Linksys RE9000 version 1.0.013.001 Linksys RE6250 version 1.0.04.00...
PT-2025-34152 · Linksys · Linksys Re9000 +5
Name of the Vulnerable Software and Affected Versions: Linksys RE6250 versions 1.0.013.001 through 1.2.07.001 Linksys RE6300 versions 1.0.013.001 through 1.2.07.001 Linksys RE6350 versions 1.0.013.001 through 1.2.07.001 Linksys RE6500 versions 1.0.013.001 through 1.2.07.001 Linksys RE7000 version...
PT-2025-34153
Name of the Vulnerable Software and Affected Versions Apache Tika versions 1.13 through 3.2.1 Apache Tika tika-core versions 1.13 through 3.2.1 Apache Tika tika-pdf-module versions 2.0.0 through 3.2.1 Apache Tika tika-parsers versions 1.13 through 1.28.5 Description A critical XML External Entity...
PT-2025-33820 · Wavlink · Wavlink Wl-Nu516U1
Name of the Vulnerable Software and Affected Versions: Wavlink WL-NU516U1 M16U1 V240425 Description: A vulnerability exists due to command injection. The issue is located in the /cgi-bin/wireless.cgi file and impacts the sub 4032E4 function. Manipulation of the Guest ssid argument can lead to...
PT-2025-33805 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue where the BPF JSET conditional jump is not correctly handled during control flow graph CFG computation. This can lead to incorrect live register and...
PT-2025-33522 · WordPress · School Management System For Wordpress
Name of the Vulnerable Software and Affected Versions: School Management System for WordPress plugin versions prior to 93.2.0 Description: The School Management System for WordPress plugin is vulnerable to arbitrary file uploads due to missing file type validation in the homework.php file. This...
PT-2025-32984
Name of the Vulnerable Software and Affected Versions AMPHP affected versions not specified Apache Tomcat affected versions not specified Eclipse Foundation affected versions not specified F5 affected versions not specified Fastly affected versions not specified gRPC affected versions not specifi...
PT-2025-32766 · Microsoft · Edge For Android
Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: The user interface performs an incorrect action, potentially allowing an unauthorized attacker to perform spoofing over a network. Recommendations: At the moment, there i...
PT-2025-32611 · Sap · Sap Business One
Name of the Vulnerable Software and Affected Versions: SAP Business One SLD affected versions not specified Description: SAP Business One SLD suffers from a broken authorization issue. An authenticated attacker can gain administrator privileges on a database by invoking the corresponding API. Thi...