PT-2026-20643

Name of the Vulnerable Software and Affected Versions Open Babel versions prior to 3.1.2 Description A security issue exists in Open Babel up to version 3.1.1. The issue involves an out-of-bounds read within the OpenBabel::transform3d::DescribeAsString function located in the...

PT-2026-8197

Name of the Vulnerable Software and Affected Versions Linux kernel versions 6.18-rc1 and later Description The CephFS kernel client contains a flaw in the ceph mds auth match function where a NULL pointer dereference can occur if fs name is NULL. This issue arises during authorization checks with...

PT-2025-54463

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Server versions prior to 11.4 Description A stored cross site scripting issue exists in Esri ArcGIS Server. In certain configurations, a remote, unauthenticated attacker can store files containing malicious code that may execute...

PT-2025-53946

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.4.0-00396-g81ef9e7-dirty Description The Linux kernel contains a stack-out-of-bounds write issue in the strncpy function within the zynqmp clock driver. This occurs when the clock name exceeds 15 bytes, leading...

PT-2025-52932

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a potential memory leak within the vdpa sim module, specifically in the vdpasim net init and vdpasim blk init functions. The issue arises when a device...

PT-2025-53066

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the f2fs compression functionality. A bug in the handling of page writebacks in f2fs write raw pages can lead to a kernel panic BUG ON when files...

PT-2025-53028

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a resource leak within the regulator register function. During fault injection testing, resource leak reports were observed, specifically related to unreference...

PT-2025-52686

Name of the Vulnerable Software and Affected Versions Xiongmai XM530 IP cameras version V5.00.R02.000807D8.10010.346624.S.ONVIF 21.06 Description An authentication bypass issue exists in Xiongmai XM530 IP cameras. This allows unauthenticated remote attackers to access sensitive device information...

PT-2025-52440

Name of the Vulnerable Software and Affected Versions MongoDB versions 3.6 through 8.2.3 Description MongoDB is vulnerable to a critical remote code execution RCE vulnerability CVE-2025-14847, dubbed "MongoBleed." This flaw stems from improper handling of zlib-compressed protocol headers, allowin...

PT-2025-51446

Name of the Vulnerable Software and Affected Versions Themefic Hydra Booking versions through 1.1.32 Description The software contains a flaw due to improper neutralization of special elements within SQL commands, leading to a SQL Injection issue. This allows for potential manipulation of databas...

PT-2025-50887

CVE-2025-67497 - Adobe Flash Player Cross-Site Scripting CVE ID : CVE-2025-67497 Published : Dec. 9, 2025, 11:16 p.m. | 1 hour, 48 minutes ago Description : Rejected reason: Further research determined the issue is not a vulnerability. Severity: 0.0 | NA Visit the link for more details, such as...

PT-2025-49692

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contained a flaw in the seccomp implementation where memory leaks occurred in the do seccomp function. A syzbot instance identified unreferenced objects, including secco...

PT-2025-49458

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the power state initialization function within the DRM/amdgpu/powerplay/psm module of the Linux kernel. A commit 902bc65de0b3 intended to improve error handling...

PT-2025-49204

The Omnipress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.6.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Author-level access and above, to...

PT-2025-49292

Name of the Vulnerable Software and Affected Versions Nextcloud Tables versions prior to 0.8.7 Nextcloud Tables versions prior to 0.9.4 Description Authenticated users could view metadata of columns in other tables within the Tables app by manipulating the numeric ID in a request. This allowed...

PT-2025-48795

Advanced Custom Fields: Extended and Affected Versions Advanced Custom Fields: Extended versions 0.9.0.5 through 0.9.1.1 Description The Advanced Custom Fields: Extended plugin for WordPress has a flaw that allows for Remote Code Execution RCE. This is due to the prepare form function accepting...

PT-2025-48384

HTCondor Access Point before 25.3.1 allows an authenticated user to impersonate other users on the local machine by submitting a batch job. This is fixed in 24.12.14, 25.0.3, and 25.3.1. The earliest affected version is 24.7.3...

PT-2025-48121

Name of the Vulnerable Software and Affected Versions Valibot versions 0.31.0 through 1.1.0 Description Valibot is a data validation library that utilizes schemas. Versions from 0.31.0 to 1.1.0 contain a Regular Expression Denial of Service ReDoS issue within the EMOJI REGEX used in the emoji...

PT-2025-48094

Name of the Vulnerable Software and Affected Versions AI Feeds plugin for WordPress versions through 1.0.11 Description The AI Feeds plugin for WordPress is susceptible to arbitrary file uploads because of a missing capability check in the actualizador git.php file. This allows unauthenticated...

PT-2025-47981

Name of the Vulnerable Software and Affected Versions Sneeit Framework plugin for WordPress versions prior to 8.4 Sneeit Framework versions 8.3 and earlier Description The Sneeit Framework plugin for WordPress contains a Remote Code Execution RCE issue due to the sneeit articles pagination callba...

PT-2025-48003

The Just Highlight plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'Highlight Color' setting in all versions up to, and including, 1.0.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-lev...

PT-2025-48023

Incorrect default permissions issue exists in Security Point Windows of MaLion prior to Ver.5.3.4. If this vulnerability is exploited, an arbitrary file could be placed in the specific folder by a user who can log in to the system where the product's Windows client is installed. If the file is a...

PT-2025-48075

Name of the Vulnerable Software and Affected Versions node-forge versions 1.3.1 and earlier Description An interpretation-conflict issue exists in node-forge. Unauthenticated attackers can create specific ASN.1 structures that disrupt schema validations. This can lead to a difference in how data ...

PT-2025-47832

Name of the Vulnerable Software and Affected Versions libpng versions 1.6.0 through 1.6.50 libpng1.6 affected versions not specified Description The libpng library contains a heap buffer overflow issue in the png image finish read function when processing 16-bit interlaced PNGs with 8-bit output...

PT-2025-47827

The Appointment Booking Calendar plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 1.3.96. This is due to the plugin exposing an unauthenticated booking processing endpoint cpabc appointments check IPN verification that trusts attacker-supplied...

PT-2025-47674

Name of the Vulnerable Software and Affected Versions ELEX WordPress HelpDesk & Customer Ticketing System versions up to and including 3.3.1 Description The ELEX WordPress HelpDesk & Customer Ticketing System plugin for WordPress is susceptible to arbitrary file uploads. This is due to a lack of...

PT-2025-47748

Missing Authorization vulnerability in wpWax Legal Pages legal-pages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Legal Pages: from n/a through = 1.4.6...

PT-2025-47329

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.11 Mattermost versions 10.11.x through 10.11.3 Description The Mattermost application does not properly enforce access permissions within the Agents plugin. This allows other users to determine when user...

PT-2025-46800

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Aman Popup addon for Ninja Forms popup-addon-for-ninja-forms allows Stored XSS.This issue affects Popup addon for Ninja Forms: from n/a through = 3.5.1...

PT-2025-46862

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A security issue exists in Keycloak where enabling debug mode with the --debug flag insecurely binds the Java Debug Wire Protocol JDWP port to all network interfaces 0.0.0.0. This exposes th...

PT-2025-46781

Name of the Vulnerable Software and Affected Versions Survey Maker plugin for WordPress versions up to and including 5.1.9.4 Description The software is susceptible to unauthorized data modification. This is due to a missing capability check within the deactivate plugin option function. This allo...

PT-2025-46146

Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5...

PT-2025-45414

Name of the Vulnerable Software and Affected Versions BUFFALO Wi-Fi router WSR-1800AX4 series affected versions not specified Description A weakness exists related to the use of a password hash with insufficient computational effort in BUFFALO Wi-Fi router 'WSR-1800AX4 series'. When Wi-Fi Protect...

PT-2025-45174

Name of the Vulnerable Software and Affected Versions Easy Digital Downloads versions up to and including 3.5.2 Description The Easy Digital Downloads plugin for WordPress has a flaw that allows manipulation of orders. This is due to a bypass in order verification, which occurs when the...

PT-2025-45202

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Rainbow-Themes Education WordPress Theme | HiStudy histudy allows SQL Injection.This issue affects Education WordPress Theme | HiStudy: from n/a through 3.1.0...

PT-2025-45071

Name of the Vulnerable Software and Affected Versions AI Engine plugin for WordPress versions prior to 3.1.4 AI Engine versions 2.8.x and 2.9.x prior to 2.9.5 Description The AI Engine plugin for WordPress has a Sensitive Information Exposure issue via the /mcp/v1/ REST API endpoint. When the...

PT-2025-43973

Name of the Vulnerable Software and Affected Versions indieka900 online-shopping-system-php version 1.0 Description The online-shopping-system-php software version 1.0 contains a SQL Injection issue in the password parameter of the 'login.php' file. This allows for potential unauthorized access o...

PT-2025-43261

Name of the Vulnerable Software and Affected Versions WhatsApp Chat for WordPress and WooCommerce versions through 1.2.1 Description The software contains a flaw related to improper input handling during web page generation, which allows for Reflected Cross-site Scripting XSS. This means that...

PT-2025-40974

Name of the Vulnerable Software and Affected Versions Simple Banking System version 1.0 Description A security issue exists in Simple Banking System 1.0 related to SQL injection. The issue is located in the /transfermoney.php file, specifically through manipulation of the ID argument. Remote...

PT-2025-41105

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the bnxt driver, specifically in the bnxt get nvram directory function. An arithmetic expression’s value is susceptible to overflow because operan...

PT-2025-40680

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 5.12.0-0 fbk13 clang 7455 gb24de3bdb045 Description The Linux kernel contains a flaw within the btrfs subsystem related to tree mod log handling. Specifically, a race condition exists during tree mod log rewind,...

PT-2025-40685

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The vdpa nl policy structure, used for validating netlink attributes nlattr during message parsing, lacked a necessary check for the maximum virtual queue pair VQP attribute. This missin...

PT-2025-39821

Name of the Vulnerable Software and Affected Versions Apt-Cacher-NG version 3.2.1 Description A reflected cross-site scripting XSS issue exists in Apt-Cacher-NG. This allows the execution of malicious scripts within the “/html/.html” path. The vulnerability enables attackers to inject and execute...

PT-2025-39878

Name of the Vulnerable Software and Affected Versions Vasion Print versions prior to 22.0.1049 Vasion Print Application versions prior to 20.0.2786 Description The Vasion Print Virtual Appliance Host and Application are configured with insecure SSH client settings within Docker instances...

PT-2025-39620

Name of the Vulnerable Software and Affected Versions Alex Moss Google+ Comments versions through 1.0 Description The software contains a flaw related to improper input handling during web page generation, specifically a Cross-site Scripting issue. This allows for Stored XSS attacks. The issue...

PT-2025-38742

Name of the Vulnerable Software and Affected Versions CubeCart versions prior to 6.5.11 Description CubeCart is an ecommerce software solution. Prior to version 6.5.11, user sessions do not automatically expire after a password change. This allows an attacker who has already compromised an accoun...

PT-2025-38510

Name of the Vulnerable Software and Affected Versions Service Finder SMS System plugin for WordPress versions prior to 2.1.0 Description The Service Finder SMS System plugin for WordPress does not verify a user's phone number before logging them in, leading to authentication bypass. This allows...

PT-2025-38398

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak exists in the USB subsystem related to the isp1362 driver when using the debugfs lookup function. Failing to call dput on the result of debugfs lookup leads to a memory lea...

PT-2025-37473

Name of the Vulnerable Software and Affected Versions Chaos Mesh versions prior to 2.7.3 Description The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster. This server provides an API that allows attackers to kill...

PT-2025-37184

Name of the Vulnerable Software and Affected Versions: Neo4j Cypher MCP server affected versions not specified Description: A DNS rebinding issue exists in the Neo4j Cypher MCP server. This allows malicious websites to circumvent Same-Origin Policy protections and execute unauthorized tool...