184484 matches found
PT-2025-31775 · Code Projects · Human Resource Integrated System
Name of the Vulnerable Software and Affected Versions: code-projects Human Resource Integrated System version 1.0 Description: A problematic vulnerability exists in code-projects Human Resource Integrated System 1.0. The issue affects an unknown function within the /insert-and-view/action.php fil...
PT-2025-31545 · Undefined · Undefined
A path traversal vulnerability exists in A10 Networks AX Loadbalancer versions 2.6.1-GR1-P5, 2.7.0, and earlier. The vulnerability resides in the handling of the filename parameter in the /xml/downloads endpoint, which fails to properly sanitize user input. An unauthenticated attacker can exploit...
PT-2025-27102 · Unknown · Smart Notification
Name of the Vulnerable Software and Affected Versions: Smart Notification versions n/a through 10.3 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, allowing Reflected XSS. This enables potential attackers to...
PT-2025-25467 · Apache · Apache Http Server
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue concerns an information disclosure problem. No specific details about the estimated number of potentially affected devices worldwide or real-world incidents where this...
PT-2025-24045 · WordPress · Developer Formatter
Name of the Vulnerable Software and Affected Versions: Developer Formatter plugin for WordPress versions up to, and including, 2015.0.2.1 Description: The issue is related to Stored Cross-Site Scripting via the Custom CSS, caused by insufficient input sanitization and output escaping. This allows...
PT-2025-23339
Name of the Vulnerable Software and Affected Versions Lenovo PC Manager affected versions not specified Description An improper default permissions issue was reported that could allow a local attacker to elevate privileges. Recommendations At the moment, there is no information about a newer...
PT-2025-21067 · Intel · Intel Server M50Fcp +1
Name of the Vulnerable Software and Affected Versions: IntelR Server D50DNP and M50FCP boards affected versions not specified Description: The issue is related to improper input validation in the UEFI firmware GenerationSetup module, which may allow a privileged user to potentially enable...
PT-2025-18495 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.1.0-rc3+ Description: The issue arises from the incorrect handling of file map count for non-leaf pmd/pud in the Linux kernel, specifically when collapsing hugepages. This triggers an unexpected BUG ON due to...
PT-2025-18539
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A connections leak issue has been resolved in the Linux kernel. The problem occurred when the tlink setup failed, causing a module reference count leak because the cifsd kthread did not...
PT-2025-16582 · Linux +3 · Linux Kernel +3
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.11 Description: A vulnerability in the Linux kernel's xhci driver has been resolved. The issue occurred when handling Stoppend and Stopped - Length Invalid events, where the driver did not skip missed...
PT-2025-16358 · Joturl · Joturl
Name of the Vulnerable Software and Affected Versions: JotUrl version 2.0 Description: The issue allows bypassing security requirements during the password change process. Recommendations: For JotUrl version 2.0, at the moment, there is no information about a newer version that contains a fix for...
PT-2025-16206 · Phpshe · Phpshe
Name of the Vulnerable Software and Affected Versions: phpshe version 1.8 Description: A critical issue has been identified, affecting the pe delete function in the /admin.php?mod=brand&act=del endpoint. The manipulation of the brand id argument leads to SQL injection. This issue can be exploited...
PT-2025-12313
Name of the Vulnerable Software and Affected Versions berriai/litellm version 1.52.1 Description An issue in the proxy server.py file causes the leakage of Langfuse API keys when an error occurs while parsing team settings. This exposes sensitive information, including langfuse secret and langfus...
PT-2025-7654 · WordPress · Accept Donations With Paypal & Stripe
Name of the Vulnerable Software and Affected Versions: Accept Donations with PayPal & Stripe plugin for WordPress versions up to, and including, 1.4.4 Description: The issue is related to Reflected Cross-Site Scripting due to insufficient input sanitization and output escaping, allowing...
PT-2025-5511 · Unknown · Hasthemes Extensions For Cf7
Name of the Vulnerable Software and Affected Versions: HasThemes Extensions For CF7 versions 3.2.0 and earlier Description: The issue is a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to perform Server Side Request Forgery. Recommendations: For versions 3.2.0 and...
PT-2025-4787 · Umbraco · Umbraco Forms
Name of the Vulnerable Software and Affected Versions: Umbraco.Forms versions prior to 8.13.16 Umbraco.Forms versions prior to 10.5.7 Umbraco.Forms versions prior to 13.2.2 Umbraco.Forms versions prior to 14.1.2 Description: The character limits configured by editors for short and long answer...
PT-2025-4561 · Brianmiyaji · Legacy Eplayer
Name of the Vulnerable Software and Affected Versions: brianmiyaji Legacy ePlayer versions 0.9.9 and earlier Description: The issue is related to improper neutralization of input during web page generation, also known as 'Cross-site Scripting', which allows Stored XSS. This means that an attacker...
PT-2024-35146 · Docusign · Docusign
Name of the Vulnerable Software and Affected Versions: DocuSign versions through 2024-12-04 Description: The issue is related to a User Interface UI Misrepresentation of Critical Information vulnerability, which allows Content Spoofing. This means that the displayed version of a document does not...
PT-2024-34684 · Unknown · Hdc Module
Name of the Vulnerable Software and Affected Versions: HDC module affected versions not specified Description: The issue is related to the lack of verification of input parameters in the HDC module. Successful exploitation of this vulnerability may affect availability. Recommendations: At the...
PT-2024-11872 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability has been resolved in the Linux kernel related to the hwmon: asus-ec-sensors module. The issue arises because the devm kcalloc function may return NULL, and without prop...
PT-2024-7388 · Mitsubishi · M800/M80/E80 Series +5
Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric M800V/M80V Series versions affected versions not specified Mitsubishi Electric M800/M80/E80 Series versions affected versions not specified Mitsubishi Electric C80 Series versions affected versions not specified Mitsubishi...
PT-2024-39774
Name of the Vulnerable Software and Affected Versions Hunk Companion plugin for WordPress versions prior to 1.9.0 WP Query Console versions affected versions not specified Description The Hunk Companion plugin for WordPress has a flaw allowing unauthorized plugin installation and activation. This...
PT-2024-7151 · Juniper Networks · Junos Evolved
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS Evolved versions prior to 21.2R3-S8-EVO Juniper Networks Junos OS Evolved versions from 21.4-EVO prior to 21.4R3-S8-EVO Juniper Networks Junos OS Evolved versions from 22.2-EVO prior to 22.2R3-S4-EVO Juniper Networks...
PT-2024-6855
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52 Description The vulnerability is related to a use-after-free issue in the smb2 set path size function. When smb2 compound op is called with a valid @cfile and returns -EINVAL, the reference to @cfile is...
PT-2024-5919 · Google +4 · Skia +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. Th...
PT-2024-37789 · Ipswitch · Whatsup Gold
Name of the Vulnerable Software and Affected Versions: WhatsUp Gold versions prior to 2024.0.0 Description: A SQL Injection issue allows an authenticated low-privileged attacker to achieve privilege escalation by modifying a privileged user's password. This can be exploited by altering a privileg...
PT-2024-6337 · Google +4 · Skia +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.113 Description: The issue is related to a heap buffer overflow in the Skia graphics library of Google Chrome, which can be exploited by a remote attacker who has compromised the renderer process. Th...
PT-2024-37812 · WordPress · Reglevel
Name of the Vulnerable Software and Affected Versions: RegLevel plugin for WordPress versions up to, and including, 1.2.1 Description: The issue allows authenticated attackers with administrator-level permissions and above to inject arbitrary web scripts in pages due to insufficient input...
PT-2024-17997 · WordPress · Wp-Stateless
Name of the Vulnerable Software and Affected Versions: WP-Stateless – Google Cloud Storage plugin for WordPress versions up to, and including, 3.4.0 Description: The issue is related to a missing capability check on the dismiss notices function, which allows authenticated attackers with...
PT-2024-23100
Name of the Vulnerable Software and Affected Versions Sentrifugo version 3.2 Description The issue is related to a SQL injection vulnerability. It affects the "/sentrifugo/index.php/reports/activitylogreport" API endpoint, specifically the sortby parameter. This could allow a remote user to send ...
PT-2024-5245 · National Instruments · Ni I/O Trace Tool
Name of the Vulnerable Software and Affected Versions: NI I/O Trace Tool affected versions not specified Description: A stack-based buffer overflow vulnerability due to a missing bounds check in the NI I/O Trace Tool may result in arbitrary code execution. Successful exploitation requires an...
PT-2024-18194
Name of the Vulnerable Software and Affected Versions Pyhtml2pdf version 0.0.6 Description The issue allows an external attacker to remotely obtain arbitrary local files. This is possible because the application does not validate the HTML content entered by the user. Recommendations For Pyhtml2pd...
PT-2024-12393 · Audio · Audio
Name of the Vulnerable Software and Affected Versions: Audio affected versions not specified Description: The issue is related to memory corruption in the Audio component when processing IIR config data from the AFE calibration block. Recommendations: At the moment, there is no information about ...
PT-2024-15732 · 10Web · The Form Maker
Name of the Vulnerable Software and Affected Versions: The Form Maker by 10Web – Mobile-Friendly Drag & Drop Contact Form Builder plugin for WordPress versions up to, and including, 1.15.21 Description: The issue is due to missing or incorrect nonce validation on the execute function, making it...
PT-2024-1597
Name of the Vulnerable Software and Affected Versions: kernel versions prior to 6.1.77-alt1 kernel-uek, kernel-uek-debug, kernel-uek-debug-devel, kernel-uek-devel, kernel-uek-doc, kernel-uek-tools versions prior to 6.1.77-alt1 kernel versions 5.10.206 through 5.10.209 Debian 10 buster kernel...
PT-2024-4877 · Solarwinds · Solarwinds Access Rights Manager
Name of the Vulnerable Software and Affected Versions: SolarWinds Access Rights Manager ARM affected versions not specified Description: The issue is related to a Directory Traversal Remote Code Execution vulnerability in the Connect method of SolarWinds Access Rights Manager ARM. This...
PT-2024-10887 · WordPress · Wp Editor
Name of the Vulnerable Software and Affected Versions: WP Editor WordPress plugin version 1.2.6 and earlier Description: The issue is related to an authenticated blind SQL injection problem. It occurs because the plugin does not properly sanitise or validate its setting fields, allowing an...
PT-2024-13983 · Unknown · Travel Website
Name of the Vulnerable Software and Affected Versions: Travel Website version 1.0 Description: The issue affects the login functionality, specifically the username parameter of the "loginAction.php" resource, which does not validate input characters. These characters are sent unfiltered to the...
PT-2023-31942 · Kantega +1 · Kantega Saml Sso Oidc Kerberos Single Sign-On +4
Name of the Vulnerable Software and Affected Versions: Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 4.4.2 through 4.14.8 Kantega SAML SSO OIDC Kerberos Single Sign-on for Jira Data Center & Server versions 5.0.0 through 5.11.4 Kantega SAML SSO OIDC Kerberos...
PT-2023-10355 · Unknown · Deis Workflow Manager
Name of the Vulnerable Software and Affected Versions: Deis Workflow Manager versions up to 2.3.2 Description: A vulnerability was found in Deis Workflow Manager, which has been classified as problematic. This issue affects an unknown part of the system and leads to a race condition. The complexi...
PT-2024-12: SQL Injection in Cacti
The vulnerability was identified in Cacti version 1.2.25 and below. It allows to execute arbitrary SQL code. The vulnerability can be exploited by an authorized user using the vulnerable component pollers.php. Vulnerability status: Confirmed by vendor Date of vulnerability detection: 22.12.2023...
PT-2023-7786
Name of the Vulnerable Software and Affected Versions OpenSSH versions prior to 9.6 libssh2 versions through 1.11.0 Maverick Synergy Java SSH API before 3.1.0-SNAPSHOT Dropbear through 2022.83 Ssh before 5.1.1 in Erlang/OTP PuTTY before 0.80 AsyncSSH before 2.14.2 golang.org/x/crypto before 0.17....
PT-2025-26009 · Linux · Linux Kernel
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A issue in the Linux kernel has been identified where adding an xattr to an inode does not ensure that the inode size is not less than EXT4 GOOD OLD INODE SIZE + extra isize + pad,...
PT-2023-27199 · WordPress · Wordpress
Name of the Vulnerable Software and Affected Versions: WordPress versions 4.1 through 4.1.38 WordPress versions 4.2 through 4.2.35 WordPress versions 4.3 through 4.3.31 WordPress versions 4.4 through 4.4.30 WordPress versions 4.5 through 4.5.29 WordPress versions 4.6 through 4.6.26 WordPress...
PT-2023-25233 · Gz Scripts · Gz E Learning Platform
Name of the Vulnerable Software and Affected Versions: GZ Scripts GZ E Learning Platform version 1.8 Description: A problem was found in the processing of the component URL Parameter Handler, which can lead to cross site scripting. The issue can be exploited remotely. Recommendations: For GZ...
PT-2023-7510 · Google +3 · Google Chrome +3
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 120.0.6099.62 Description: The issue is related to an inappropriate implementation in the Web Browser UI, allowing a remote attacker to potentially spoof the contents of an iframe dialog context menu via a...
PT-2025-40694
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw in the drm/i915 subsystem related to handling requests for GuC virtual engines. Specifically, references to i915 requests could be held indefinitely acro...
PT-2023-2733 · Linux +7 · Linux Kernel +7
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, whi...
PT-2023-2512 · Cisco · Cisco Industrial Network Director
Name of the Vulnerable Software and Affected Versions: Cisco Industrial Network Director affected versions not specified Description: A vulnerability in the Cisco Industrial Network Director could allow an authenticated, local attacker to read application data due to insufficient default file...
PT-2023-23726 · Nextcloud +1 · Nextcloud Server +1
Name of the Vulnerable Software and Affected Versions: Nextcloud server versions 24.0.0 through 24.0.10 Nextcloud server versions 25.0.0 through 25.0.4 Nextcloud server versions prior to 26.0.0 Description: The issue is related to missing brute-force protection on the WebDAV endpoints via the bas...