PT-2025-32390 · WordPress · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin versions through 4.0.34 Description: The Eventin plugin for WordPress is susceptible to privilege escalation, potentially leading to account takeover. This occurs because the plugin does not adequately validate a user’s identity or...

PT-2025-32132

Name of the Vulnerable Software and Affected Versions versions prior to 2025-27066 Description The software experiences a temporary denial of service DoS when processing an ANQP message. Recommendations At the moment, there is no information about a newer version that contains a fix for this...

PT-2025-31880 · Espocrm · Espocrm

Name of the Vulnerable Software and Affected Versions: EspoCRM versions 9.1.6 and below Description: EspoCRM is a web application featuring a single-page application frontend and a PHP-based REST API backend. If a user accesses EspoCRM in a browser with double slashes e.g., https://domain//Admin...

PT-2025-31881 · Ratpanel · Ratpanel

Name of the Vulnerable Software and Affected Versions: RatPanel versions 2.3.19 through 2.5.5 Description: RatPanel is susceptible to remote code execution RCE and unauthorized access. An attacker who obtains the backend login path of RatPanel can execute system commands or take over hosts manage...

PT-2025-31619 · Code Projects · Wazifa System

Name of the Vulnerable Software and Affected Versions: code-projects Wazifa System version 1.0 Description: A critical vulnerability exists in code-projects Wazifa System 1.0, specifically within the /controllers/postpublish.php file. Manipulation of the post argument leads to a SQL injection. Th...

PT-2025-31634 · Unknown · Gandia Integra Total

Name of the Vulnerable Software and Affected Versions: Gandia Integra Total versions 2.1.2217.3 through 4.4.2236.1 Description: A SQL injection vulnerability exists in Gandia Integra Total. The vulnerability allows an authenticated attacker to retrieve, create, update, and delete databases throug...

PT-2025-31650 · Unknown · Microweber Cms2.0

Name of the Vulnerable Software and Affected Versions: Microweber CMS2.0 Description: Reflected Cross-Site Scripting XSS in the id parameter of the /live edit.module settings API endpoint allows execution of arbitrary JavaScript. Recommendations: At the moment, there is no information about a new...

PT-2025-31647 · Unknown +1 · Ak-Nord Usb-Server-Lxl +1

Name of the Vulnerable Software and Affected Versions: AK-Nord USB-Server-LXL Firmware version 0.0.16 Build 2023-03-13 Description: Insecure permissions within the /etc/init.d/lighttpd script allow a locally authenticated low-privilege user to execute arbitrary commands with root privileges. This...

PT-2025-32515 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists in Linksys range extenders due to a flaw in the um inspect cross band function within the /goform/RP setBasicAuto file...

PT-2025-31458 · Sielox · Sielox Anyware

Name of the Vulnerable Software and Affected Versions: Sielox AnyWare version 2.1.2 Description: An open redirect exists in Sielox AnyWare, potentially allowing attackers to perform a man-in-the-middle attack using a specially crafted URL. Recommendations: At the moment, there is no information...

PT-2025-31044 · Code Projects · Exam Form Submission

Name of the Vulnerable Software and Affected Versions: code-projects Exam Form Submission version 1.0 Description: A vulnerability exists in code-projects Exam Form Submission 1.0 related to unrestricted file upload. The issue affects the processing of the /register.php file. Manipulation of the...

PT-2025-31562 · D Link · Di 8200

Name of the Vulnerable Software and Affected Versions: D-LINK DI-8200 version 16.07.26A1 Description: The D-LINK DI-8200 router is vulnerable to a buffer overflow in the ipsec road asp function through the host ip parameter. Recommendations: D-LINK DI-8200 version 16.07.26A1: At the moment, there...

PT-2025-31675 · Unknown · Webfinger.Js

Name of the Vulnerable Software and Affected Versions: webfinger.js versions 2.8.0 and below Description: webfinger.js is a TypeScript-based WebFinger client used in browser and Node.js environments. The lookup function does not prevent access to localhost services, only checking for hosts that...

PT-2025-30943 · Skops +1 · Skops +1

Vulnerability Summary Name of the Vulnerable Software and Affected Versions: skops versions 0.11.0 and below Description: skops is a Python library used for sharing and shipping scikit-learn based models. An inconsistency in the OperatorFuncNode allows exploitation to hide the execution of...

PT-2025-30385 · WordPress · Birth Chart Compatibility

Name of the Vulnerable Software and Affected Versions: Birth Chart Compatibility plugin for WordPress versions prior to 2.1 Description: The Birth Chart Compatibility plugin for WordPress is susceptible to full path disclosure due to insufficient protection against direct access to the plugin's...

PT-2025-30479

Name of the Vulnerable Software and Affected Versions Firefox versions prior to 141 Firefox ESR versions prior to 128.13 Firefox ESR versions prior to 140.1 Thunderbird versions prior to 141 Thunderbird versions prior to 128.13 Thunderbird versions prior to 140.1 Description Insufficient escaping...

PT-2025-30167

Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0 Description A vulnerability exists in thinkgem JeeSite up to version 5.12.0 related to cross-site scripting. The issue resides in the xssFilter function within the...

PT-2025-30160

Name of the Vulnerable Software and Affected Versions Microsoft SharePoint Enterprise Server 2016 Microsoft SharePoint Server affected versions not specified Description Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code ov...

PT-2025-29972 · Unknown · Code-Projects Online Ordering System

Name of the Vulnerable Software and Affected Versions: code-projects Online Ordering System version 1.0 Description: A critical issue exists in the processing of the /admin/edit product.php file. Manipulation of the image argument allows for unrestricted file upload. This issue may be initiated...

PT-2025-29791 · WordPress +1 · Html5 Audio Player +1

Name of the Vulnerable Software and Affected Versions: HTML5 Radio Player - WPBakery Page Builder Addon versions through 2.5 Description: The HTML5 Radio Player - WPBakery Page Builder Addon is susceptible to a path traversal issue. This allows an attacker to access files outside of the intended...

PT-2025-29271 · Unknown · Kone-Net Go-Chat

Name of the Vulnerable Software and Affected Versions: kone-net go-chat affected versions not specified Description: A critical issue exists in the Endpoint component of kone-net go-chat. The GetFile function within go-chat/api/v1/file controller.go is susceptible to path traversal due to...

PT-2025-31084

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free condition exists in the SMB client within the Linux kernel's crypt message function when asynchronous cryptography is utilized. The initial fix for CVE-2024-50047 remove...

PT-2025-27848 · Unknown · Download Plugin

Name of the Vulnerable Software and Affected Versions: Download Plugin versions up to, and including, 2.2.8 Description: The issue is related to missing file type validation in the dpwap plugin locInstall function, allowing authenticated attackers with Administrator-level access and above to uplo...

PT-2025-27040

Name of the Vulnerable Software and Affected Versions: Flock Safety LPR devices versions through 2.2 Description: The issue concerns an on-chip debug interface with improper access control. Recommendations: For versions through 2.2, consider disabling the on-chip debug interface until a patch is...

PT-2025-26960 · Drupal · Glightbox

Name of the Vulnerable Software and Affected Versions: GLightbox versions 0.0.0 through 1.0.15 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, in Drupal GLightbox. This allows for Cross-Site Scripting XSS...

PT-2025-26833 · Unknown · Student Record System Using Php/Mysql

Name of the Vulnerable Software and Affected Versions: Student Record system Using PHP and MySQL version 3.20 Description: The issue allows a remote attacker to obtain sensitive information via a crafted payload to the cshortname, cfullname, and cdate variables. This is a SQL Injection...

PT-2025-26463 · Unknown · Code-Projects Simple Pizza Ordering System

Name of the Vulnerable Software and Affected Versions: code-projects Simple Pizza Ordering System version 1.0 Description: A critical issue affects some unknown functionality of the file /cashconfirm.php, where the manipulation of the transactioncode argument leads to SQL injection. This issue ca...

PT-2025-26125 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A refcount leak issue has been identified in the Linux kernel, specifically in the omapdss init of function for ARM: OMAP2+ systems. The omapdss find dss of node function calls of find...

PT-2025-25569 · Unknown · Privileged Remote Access +1

Name of the Vulnerable Software and Affected Versions: BeyondTrust Remote Support versions affected versions not specified BeyondTrust Privileged Remote Access versions affected versions not specified Description: The chat feature within Remote Support and Privileged Remote Access is vulnerable t...

PT-2025-25367 · WordPress · Rest Api | Custom Api Generator For Cross Platform/Import Export In Wp

Name of the Vulnerable Software and Affected Versions: REST API | Custom API Generator For Cross Platform And Import Export In WP plugin for WordPress versions 1.0.0 through 2.0.3 Description: The issue is related to a missing capability check on the process handler function, allowing...

PT-2025-23594 · WordPress · Woocommerce Ultimate Gift Card

Name of the Vulnerable Software and Affected Versions: Ultimate Gift Cards for WooCommerce plugin for WordPress versions prior to 3.1.5 Description: The issue is related to boolean-based SQL Injection via the default price and product id parameters. This is due to insufficient escaping of...

PT-2025-23395 · Unknown · Phpgurukul Online Birth Certificate System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Birth Certificate System version 2.0 Description: A critical vulnerability has been found in the PHPGurukul Online Birth Certificate System, affecting unknown code of the file /admin/users-applications.php. The manipulation ...

PT-2025-28937 · Ип Кривочуров Дмитрий Анатольевич · Экспорт/Импорт Товаров В Excel

Уязвимость плагина «Экспорт/Импорт товаров в Excel» существует из-за непринятием мер по защите структуры веб-страницы. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, провести атаку межсайтового скриптинга XSS...

PT-2025-22122 · WordPress · Motors

Name of the Vulnerable Software and Affected Versions: Motors WordPress theme versions prior to 5.6.68 Description: The Motors theme for WordPress is vulnerable to privilege escalation via account takeover. This is due to the theme not properly validating a user's identity prior to updating their...

PT-2025-21346 · Unknown · Campcodes Sales/Inventory System

Name of the Vulnerable Software and Affected Versions: Campcodes Sales and Inventory System version 1.0 Description: A critical issue has been found, affecting some unknown functionality of the file /pages/transaction.php. The manipulation of the cid argument leads to SQL injection. The attack ma...

PT-2025-26085 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been identified where the ima get kexec buffer function does not check if the previous kernel's ima-kexec-buffer lies outside the addressable...

PT-2025-20664 · Unknown · Freeebird Hotel

Name of the Vulnerable Software and Affected Versions: Freeebird Hotel 酒店管理系统 API versions up to 1.2 Description: A problematic issue has been found in the API, affecting some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. This leads to a permissi...

PT-2025-19955

Name of the Vulnerable Software and Affected Versions GLib affected versions not specified Description A flaw was found in GLib, which is vulnerable to an integer overflow in the g string insert unichar function. When the position at which to insert the character is large, the position will...

PT-2025-18381

Name of the Vulnerable Software and Affected Versions Brainstorm Force SureTriggers versions 1.0.0 through 1.0.82 Description The issue is related to an incorrect privilege assignment vulnerability in Brainstorm Force SureTriggers, allowing privilege escalation. This vulnerability can be exploite...

PT-2025-18606 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel's tracing subsystem has been resolved. The issue arises when the number of listed CPUs exceeds the actual number of existing CPUs. The tracing...

PT-2025-17321 · Hewlett Packard · Hp Touchpoint Analytics Service

Name of the Vulnerable Software and Affected Versions: HP Touchpoint Analytics Service versions prior to 4.2.2439 Description: A potential security issue has been identified that could allow a local attacker to escalate privileges. Recommendations: For versions prior to 4.2.2439, update to versio...

PT-2025-16984 · WordPress · Eslam Mahmoud Redirect

Name of the Vulnerable Software and Affected Versions: Eslam Mahmoud Redirect wordpress to welcome or landing page versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing...

PT-2025-16983 · Unknown · Ichi Translit It!

Name of the Vulnerable Software and Affected Versions: Ichi translit it! versions n/a through 1.6 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. Recommendations: For versions n/a through 1.6, update to a version that includes a fix for this issue...

PT-2025-17168 · Unknown · Mapsvg Lite

Name of the Vulnerable Software and Affected Versions: MapSVG Lite versions prior to 8.5.35 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...

PT-2025-16206 · Phpshe · Phpshe

Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A critical issue has been identified, affecting the pe delete function in the /admin.php?mod=brand&act=del endpoint. The manipulation of the brand id argument leads to SQL injection. This issue can be exploited...

PT-2025-15910

Name of the Vulnerable Software and Affected Versions OttoKit formerly SureTriggers versions 1.0.0 through 1.0.78 Description The vulnerability is related to an authentication bypass issue in the OttoKit WordPress plugin, which allows unauthenticated attackers to create administrator accounts on...

PT-2025-15113 · Unknown · Codeprojects Online Restaurant Management System

Name of the Vulnerable Software and Affected Versions: codeprojects Online Restaurant Management System version 1.0 Description: A critical issue affects the processing of the file /admin/reservation update.php. The manipulation of the ID argument leads to SQL injection. The attack may be initiat...

PT-2025-13197

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 136.0.4 Mozilla Firefox ESR versions prior to 128.8.1 Mozilla Firefox ESR versions prior to 115.21.1 Description A critical vulnerability exists in Mozilla Firefox on Windows systems, allowing for a sandbox...

PT-2025-12664 · Kyverno · Kyverno

Name of the Vulnerable Software and Affected Versions: Kyverno versions prior to 1.14.0-alpha.1 Description: Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores the subjectRegExp and issuerRegExp fields when verifying...

PT-2025-12088 · Hotreload +2 · Hotreload +2

Name of the Vulnerable Software and Affected Versions: GPT Academic version 3.83 Description: The issue is related to a Server-Side Request Forgery SSRF vulnerability. It occurs through the HotReload plugin function, which calls the crazy utils.get files from everything API without proper...