184462 matches found
PT-2026-7180
Name of the Vulnerable Software and Affected Versions vscode-spell-checker versions prior to 4.5.4 Description The vscode-spell-checker extension is susceptible to a workspace-trust bypass that can lead to code execution. The DocumentSettings. determineIsTrusted function incorrectly relies on the...
PT-2026-5847
Disk Sorter Enterprise 12.4.16 contains an unquoted service path vulnerability that allows local attackers to execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the service configuration to inject malicious executables that will be launched with...
PT-2026-5485
Name of the Vulnerable Software and Affected Versions Sistem Informasi Pengumuman Kelulusan Online version 1.0 Description The application contains a cross-site request forgery condition that permits attackers to add unauthorized admin users. This is achieved by exploiting the tambahuser.php...
PT-2026-4012
Name of the Vulnerable Software and Affected Versions merkulove Crumber versions through 1.0.10 Description An authorization issue exists in merkulove Crumber crumber-elementor due to incorrectly configured access control security levels. This allows for exploitation of the system. Recommendation...
PT-2026-3899
Name of the Vulnerable Software and Affected Versions HarbourJwt affected versions not specified Description A JWT authentication bypass exists in HarbourJwt due to an issue with algorithm handling. Specifically, unsupported algorithms can lead to an empty signature, allowing forged tokens to pas...
PT-2026-3510
Name of the Vulnerable Software and Affected Versions Arcane versions prior to 1.13.2 Description Arcane, an interface for managing Docker containers, images, networks, and volumes, had a flaw where unauthenticated requests could be forwarded to remote environment agents, granting access to remot...
PT-2026-2934
Name of the Vulnerable Software and Affected Versions Outray versions prior to 0.1.5 Description A flaw exists in Outray that allows a user, even those on a free plan, to obtain more subdomains than permitted due to missing database transaction locks. Specifically, the issue resides in the API...
PT-2026-2638
Name of the Vulnerable Software and Affected Versions TYPO3 versions 10.0.0 through 10.4.54 TYPO3 versions 11.0.0 through 11.5.48 TYPO3 versions 12.0.0 through 12.4.40 TYPO3 versions 13.0.0 through 13.4.22 TYPO3 versions 14.0.0 through 14.0.1 Description A flaw exists in TYPO3 that allows local...
PT-2026-2291
Name of the Vulnerable Software and Affected Versions osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 Description osTicket versions 1.17.x prior to 1.17.7 and 1.18.x prior to 1.18.3 contain an arbitrary file read issue in the ticket PDF export functionality. An attacker can...
PT-2026-45472
Name of the Vulnerable Software and Affected Versions Nextcloud versions 0.3.0 through 3.0.x Nextcloud versions 5.0.0 through 5.0.x Nextcloud versions 6.0.0 through 6.3.x Description A missing signature verification in User OIDC allows a malicious ID4me authority to identify as any user. This...
PT-2026-1213
Name of the Vulnerable Software and Affected Versions UTT 进取 520W version 1.7.7-180627 Description A security issue has been identified in the software. The strcpy function within the /goform/formUser file is susceptible to a buffer overflow when handling the passwd1 argument. This manipulation c...
PT-2026-8163
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the flexible proportions code. A lockdep splat can occur due to a race condition within the fprop new period function. Specifically, the issue arises...
PT-2026-5077
Name of the Vulnerable Software and Affected Versions Thunderbird versions prior to 147.0.1 Thunderbird versions prior to 140.7.1 Description A flaw exists that could allow for CSS-based exfiltration of content from partially encrypted emails when remote content is permitted. This could potential...
PT-2025-54120
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the DRM subsystem where the drm copy field function may attempt to copy a NULL pointer. This occurs when a driver has a bug and fails to set...
PT-2025-53946
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-00396-g81ef9e7-dirty Description The Linux kernel contains a stack-out-of-bounds write issue in the strncpy function within the zynqmp clock driver. This occurs when the clock name exceeds 15 bytes, leading...
PT-2025-53343
Name of the Vulnerable Software and Affected Versions LogicalDOC Enterprise version 7.7.4 Description The software contains multiple authenticated operating system command execution flaws. These flaws permit attackers to manipulate binary paths when altering system settings. Exploitation involves...
PT-2025-53199
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s drm/msm/dpu subsystem. Specifically, a missing check for a null pointer after a kzalloc call can lead to a null pointer dereference within the drm...
PT-2025-53034
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue within the ext4 subsystem related to inode eviction with dioread nolock. Specifically, a warning could occur when evicting an inode, potentially due to...
PT-2025-51969
Name of the Vulnerable Software and Affected Versions Revive Adserver version 5.4.1 Description Revive Adserver 5.4.1 has a cross-site scripting issue in the banner advanced configuration page. This allows attackers to inject malicious scripts. An attacker can create a malicious link to the...
PT-2025-51464
Name of the Vulnerable Software and Affected Versions Merkulove Buttoner for Elementor versions through 1.0.6 Description An incorrect access control configuration exists in Merkulove Buttoner for Elementor. This allows exploitation due to missing authorization. Recommendations Update Merkulove...
PT-2025-45507
Name of the Vulnerable Software and Affected Versions Revenera InstallShield versions 2023 R2 through 2025 R1 Description A potential Denial of Service issue exists in Revenera InstallShield. When a local administrator performs an uninstall, a symbolic link may be followed during the removal of a...
PT-2025-45026
Name of the Vulnerable Software and Affected Versions Samsung Mobile Processor Exynos 2400 Samsung Mobile Processor Exynos 1580 Samsung Mobile Processor Exynos 2500 Description A race condition exists in the HTS driver, which can lead to an out-of-bounds write. This condition results in a denial ...
PT-2025-44633
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The equipment can be initially configured using the manufacturer's application, Wi-Fi, a web server, or the manufacturer’s software. Configuration via UDP using...
PT-2025-43694
Name of the Vulnerable Software and Affected Versions eRoom – Webinar & Meeting Plugin for Zoom, Google Meet, Microsoft Teams versions through 1.5.6 Description The eRoom plugin for WordPress exposes Zoom SDK secret keys in client-side JavaScript within the meeting view template. This allows...
PT-2025-42259
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a use-after-free issue identified through syzbot reporting. The issue occurs after commit e6d5dbdd20aa, which added multi-buff support for XDP running in gener...
PT-2025-41116
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where extra debug information is output if an inline backref cannot be found during a lookup operation. This was identified through reports from Syzbot...
PT-2025-34069 · Undefined · Undefined
🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...
PT-2025-33742 · Scada-Lts · Scada-Lts
Name of the Vulnerable Software and Affected Versions: Scada-LTS version 2.7.8.1 Description: A weakness exists in Scada-LTS 2.7.8.1 related to the manipulation of the Name argument in the publisher edit.shtm file, leading to cross-site scripting. The attack can be initiated remotely, and the...
PT-2025-32252 · Akamai · Akamaighost
Name of the Vulnerable Software and Affected Versions: Akamai Ghost versions prior to 2025-03-26 Description: An issue exists in Akamai Ghost, used for the Akamai CDN platform. A client making an HTTP/1.x OPTIONS request with an "Expect: 100-continue" header, and using obsolete line folding, can...
PT-2025-31874 · Unknown · Liquidfiles
Name of the Vulnerable Software and Affected Versions: LiquidFiles versions prior to 4.1.2 Description: LiquidFiles versions prior to 4.1.2 support FTP SITE CHMOD for mode 6777 setuid and setgid. This allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature an...
PT-2025-31775 · Code Projects · Human Resource Integrated System
Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A problematic vulnerability exists in code-projects Human Resource Integrated System 1.0. The issue affects an unknown function within the /insert-and-view/action.php fil...
PT-2025-31545 · Undefined · Undefined
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit...
PT-2025-27102 · Unknown · Smart Notification
Name of the Vulnerable Software and Affected Versions: Smart Notification versions n/a through 10.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...
PT-2025-25467 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure problem. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this...
PT-2025-24045 · WordPress · Developer Formatter
Name of the Vulnerable Software and Affected Versions: Developer Formatter plugin for WordPress versions up to, and including, 2015.0.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Custom CSS, caused by insufficient input sanitization and output escaping. This allows...
PT-2025-23339
Name of the Vulnerable Software and Affected Versions Lenovo PC Manager affected versions not specified Description An improper default permissions issue was reported that could allow a local attacker to elevate privileges. Recommendations At the moment, there is no information about a newer...
PT-2025-21067 · Intel · Intel Server M50Fcp +1
Name of the Vulnerable Software and Affected Versions: IntelR Server D50DNP and M50FCP boards affected versions not specified Description: The issue is related to improper input validation in the UEFI firmware GenerationSetup module, which may allow a privileged user to potentially enable...
PT-2025-18895 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue concerns a server shutdown leak in the SUNRPC component of the Linux kernel. It involves a race condition where kthread stop may prevent threadfn from being called, resulting...
PT-2025-18539
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A connections leak issue has been resolved in the Linux kernel. The problem occurred when the tlink setup failed, causing a module reference count leak because the cifsd kthread did not...
PT-2025-16358 · Joturl · Joturl
Name of the Vulnerable Software and Affected Versions: JotUrl version 2.0 Description: The issue allows bypassing security requirements during the password change process. Recommendations: For JotUrl version 2.0, at the moment, there is no information about a newer version that contains a fix for...
PT-2025-16206 · Phpshe · Phpshe
Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A critical issue has been identified, affecting the pe delete function in the /admin.php?mod=brand&act=del endpoint. The manipulation of the brand id argument leads to SQL injection. This issue can be exploited...
PT-2025-12313
Name of the Vulnerable Software and Affected Versions berriai/litellm version 1.52.1 Description An issue in the proxy server.py file causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This exposes sensitive information, including langfuse secret and langfus...
PT-2025-7654 · WordPress · Accept Donations With Paypal & Stripe
Name of the Vulnerable Software and Affected Versions: Accept Donations with PayPal & Stripe plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing...
PT-2025-17285
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the iio component. The issue involves an out-of-bounds access in the veml6075 read int time ms function, where the...
PT-2025-5511 · Unknown · Hasthemes Extensions For Cf7
Name of the Vulnerable Software and Affected Versions: HasThemes Extensions For CF7 versions 3.2.0 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to perform Server Side Request Forgery. Recommendations: For versions 3.2.0 and...
PT-2025-4787 · Umbraco · Umbraco Forms
Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...
PT-2025-4561 · Brianmiyaji · Legacy Eplayer
Name of the Vulnerable Software and Affected Versions: brianmiyaji Legacy ePlayer versions 0.9.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker...
PT-2025-13206 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved by adding shadow buffering for deferred I/O in the drm/fbdev-dma module. This change addresses driver errors related to kernel NUL...
PT-2024-35146 · Docusign · Docusign
Name of the Vulnerable Software and Affected Versions: DocuSign versions through 2024-12-04 Description: The issue is related to a User Interface UI Misrepresentation of Critical Information vulnerability, which allows Content Spoofing. This means that the displayed version of a document does not...
PT-2024-34684 · Unknown · Hdc Module
Name of the Vulnerable Software and Affected Versions: HDC module affected versions not specified Description: The issue is related to the lack of verification of input parameters in the HDC module. Successful exploitation of this vulnerability may affect availability. Recommendations: At the...