175418 matches found
PT-2025-31965 · Undefined · Undefined
Hi, I run a following script for a vulnerability test for my home network; nmap 192.168.1.1/24 -n -sP |rg -o "192." scan.txt nmap -sV --script vulners --script-args mincvss=7.0 -iL scan.txt Then I get this Vulner output in port 80; Nmap scan report for 192.168.1.5 Host is up 0.00021s latency. Not...
PT-2025-31728 · WordPress · Custom Word Cloud
Name of the Vulnerable Software and Affected Versions: Custom Word Cloud plugin for WordPress versions prior to 0.4 Description: The Custom Word Cloud plugin for WordPress is susceptible to Stored Cross-Site Scripting via the angle parameter. Insufficient input sanitization and output escaping...
PT-2025-31648 · Unknown · Saurus Cms Community Edition
Name of the Vulnerable Software and Affected Versions: Saurus CMS Community Edition versions since commit d886e5b0 2010-04-23 Description: Saurus CMS Community Edition is susceptible to a SQL Injection issue due to the direct concatenation of user-supplied input $search word into SQL queries with...
PT-2025-31879
Name of the Vulnerable Software and Affected Versions Android versions prior to security patch level 2025-08-05 Android 16 versions prior to the August 2025 update Pixel 3a, S10, and OnePlus 7 affected versions not specified Description A critical remote code execution RCE flaw exists in the...
PT-2025-30944 · Skops · Skops
Name of the Vulnerable Software and Affected Versions: skops versions 0.11.0 and below skops versions prior to 12.0.0 Description: skops is a Python library used for sharing and shipping scikit-learn based models. A vulnerability exists due to an inconsistency in the MethodNode component, allowin...
PT-2025-30603 · Undefined · Undefined
ParsedReport CompletenessLow 22-07-2025 CVE-202553770/TOOLSHELL: HUNTING DOWN THE ATTACKER TECHNIQUES &VICTIMS https://theravenfile.com/2025/07/22/cve-2025-53770-toolshell-hunting-down-the-attacker-techniques-victims/ Report completeness: Low Actors/Campaigns: Arcanedoor Threats: Toolshell vuln...
PT-2025-30376 · Totolink · Totolink T6
Name of the Vulnerable Software and Affected Versions: TOTOLINK T6 version 4.1.5cu.748 Description: A critical issue exists in the MQTT Packet Handler component of the software. Specifically, the checkKeepAlive function within the wireless.so file is susceptible to command injection. This allows...
PT-2025-29930 · Apple +1 · Safari +1
Name of the Vulnerable Software and Affected Versions: AdGuard versions prior to 1.11.22 Description: The AdGuard plugin for Safari on MacOS excessively logged URLs accessed by Safari when the plugin was active. These logs were written to the MacOS general logs, accessible to any unsandboxed...
PT-2025-29784 · WordPress · Medical Prescription Attachment Plugin For Woocommerce
Name of the Vulnerable Software and Affected Versions: Medical Prescription Attachment Plugin for WooCommerce versions n/a through 1.2.3 Description: The Medical Prescription Attachment Plugin for WooCommerce contains a flaw that permits the upload of arbitrary files, potentially including web...
PT-2025-29405 · Unknown · Phpgurukul Online Fire Reporting System
Name of the Vulnerable Software and Affected Versions: PHPGurukul Online Fire Reporting System version 1.2 Description: A critical issue exists in PHPGurukul Online Fire Reporting System 1.2. The vulnerability is a SQL injection that can be initiated remotely through manipulation of the...
PT-2025-29234
Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RB firmware versions 8.54 Description: A hidden remote support feature, protected by a static secret, allows an authenticated attacker to execute arbitrary OS commands with root privileges. Recommendations: At the moment, there i...
PT-2025-29267 · Letseeqiji · Gorobbs
Name of the Vulnerable Software and Affected Versions: letseeqiji gorobbs versions up to 1.0.8 Description: A critical issue exists in letseeqiji gorobbs. The ResetUserAvatar function within the controller/api/v1/user.go file is susceptible to path traversal due to manipulation of the filename...
PT-2025-29160 · Unknown · Code-Projects Library System
Name of the Vulnerable Software and Affected Versions: code-projects Library System version 1.0 Description: A critical vulnerability exists in code-projects Library System 1.0, allowing for unrestricted file upload. The issue is located in the /user/teacher/profile.php file, where manipulation o...
PT-2025-29057
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains a flaw related to the handling of interrupts within the gpio-keys driver when the PREEMPT RT patch is enabled. Specifically, the gpio keys irq timer callback...
PT-2025-28922 · Jenkins · Jenkins Nouvola Divecloud Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Nouvola DiveCloud Plugin versions prior to 1.09 Description: The Jenkins Nouvola DiveCloud Plugin stores DiveCloud API Keys and Credentials Encryption Keys unencrypted in config.xml files on the Jenkins controller. Users with...
PT-2025-31084
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free condition exists in the SMB client within the Linux kernel's crypt message function when asynchronous cryptography is utilized. The initial fix for CVE-2024-50047 remove...
PT-2025-27255
Name of the Vulnerable Software and Affected Versions: xiaoyunjie openvpn-cms-flask versions 1.2.7 and earlier Description: A critical issue has been found in the User Creation Endpoint component, specifically affecting the create user function in the /app/api/v1/openvpn.py file. The manipulation...
PT-2025-26757
Name of the Vulnerable Software and Affected Versions CWP aka Control Web Panel or CentOS Web Panel versions prior to 0.9.8.1205 Description CWP Control Web Panel is susceptible to an unauthenticated remote code execution vulnerability. An attacker with knowledge of a valid, non-root username can...
PT-2025-26615 · Ncr · Ncr Terminal Handler
Name of the Vulnerable Software and Affected Versions: NCR Terminal Handler version 1.5.1 Description: The issue allows a remote attacker to escalate privileges via a crafted POST request to the "grantRolesToUsers", "grantRolesToGroups", and "grantRolesToOrganization" SOAP API component...
PT-2025-26241 · Ubiquiti · Unifi Network Application
Name of the Vulnerable Software and Affected Versions: UniFi Network versions 9.1.120 and earlier Description: A misconfigured query in UniFi Network could allow users to authenticate to Enterprise WiFi or VPN Server l2tp and OpenVPN using a device’s MAC address from 802.1X or MAC Authentication,...
PT-2025-25855
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to the Linux kernel, specifically the spi-rockchip component. It involves fixing a register out of bounds access. The problem arises because GPIOs can be numbered mu...
PT-2025-25987
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A refcount leak issue has been identified in the Linux kernel, specifically in the pinctrl: nomadik component. The of parse phandle function returns a node pointer with an incremented...
PT-2025-25642
Name of the Vulnerable Software and Affected Versions Drag and Drop Multiple File Upload for Contact Form 7 versions 1.3.8.9 and earlier Description The issue is related to insufficient file type validation, allowing unauthenticated attackers to bypass the plugin's blacklist and upload dangerous...
PT-2025-24051 · Totolink · Totolink X15
Name of the Vulnerable Software and Affected Versions: TOTOLINK X15 version 1.0.0-B20230714.1105 Description: A critical vulnerability has been found in the HTTP POST Request Handler component of TOTOLINK X15, affecting the file /boafrm/formWlanRedirect. The manipulation of the redirect-url...
PT-2025-23874 · D Link · D-Link Dir-816
Name of the Vulnerable Software and Affected Versions: D-Link DIR-816 version 1.10CNB05 Description: A critical issue affects the function wirelessApcli 5g of the file /goform/wirelessApcli 5g. The manipulation of the arguments apcli mode 5g, apcli enc 5g, and apcli default key 5g leads to a...
PT-2025-23241 · Unknown · Project Ai
Name of the Vulnerable Software and Affected Versions: Project AI versions prior to pre-beta Description: The issue concerns a hardcoded API key present in the source code of Project AI, a platform for creating AI agents. This problem has been resolved in the pre-beta version. Recommendations: Fo...
PT-2025-23994 · Git +1 · Checkstyle
Name of the Vulnerable Software and Affected Versions: Checkstyle affected versions not specified Description: The software experiences a security exception during the getInnerBopAst function within the com.puppycrawl.tools.checkstyle.JavaAstVisitor class. This issue is triggered during stream...
PT-2025-21282
Name of the Vulnerable Software and Affected Versions: CPython affected versions not specified Description: The issue arises when using bytes.decode with the "unicode escape" encoding and an error handler set to "ignore" or "replace". Users not utilizing this specific encoding or error handler ar...
PT-2025-21238 · Cloudbees +1 · Jenkins Health Advisor By Cloudbees Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Health Advisor by CloudBees Plugin versions 374.v194b d4f0c8c8 and earlier Description: The issue results in a stored cross-site scripting XSS vulnerability. This occurs because the plugin does not escape responses from the Jenkins...
PT-2025-21148 · Zohocorp · Zoho Manageengine Adaudit Plus
Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADAudit Plus versions 8510 and prior Description: The issue concerns an authenticated SQL injection in the OU History report. This allows for potential exploitation where an attacker could manipulate database queries...
PT-2025-20661 · Hainan · Hainan Todesk
Name of the Vulnerable Software and Affected Versions: Hainan ToDesk version 4.7.6.3 Description: A critical vulnerability was found in Hainan ToDesk, affecting unknown code in the library profapi.dll of the component DLL File Parser. The manipulation leads to an uncontrolled search path, making ...
PT-2025-20664 · Unknown · Freeebird Hotel
Name of the Vulnerable Software and Affected Versions: Freeebird Hotel 酒店管理系统 API versions up to 1.2 Description: A problematic issue has been found in the API, affecting some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. This leads to a permissi...
PT-2025-20340
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved, specifically in the usb: chipidea: ci hdrc imx module, related to the handling of the usbmisc property. The issue arises because...
PT-2025-20380 · Unknown · Wp Page Builder
Name of the Vulnerable Software and Affected Versions: AP Page Builder versions prior to 4.0.0 Description: The issue is an Absolute Path Traversal vulnerability that could allow an unauthenticated remote user to modify the product item path within the config JSON file, allowing them to read any...
PT-2025-20070 · Undefined · Undefined
@SPoint The latest CVE as of May 7, 2025, appears to be CVE-2025-47233, published on May 6, but it has little discussion on X. However, a recent CVE with significant engagement is CVE-2025-3776, a critical WordPress plugin vulnerability. A post about CVE-2025-3776 by @DarkWebInformer on...
PT-2025-21205
Name of the Vulnerable Software and Affected Versions Chromium versions prior to 136.0.7103.113 Description A high-severity vulnerability in Chromium allows remote attackers to leak cross-origin data via crafted HTML pages, potentially leading to full account takeover. The vulnerability is caused...
PT-2025-18846 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 5.14.0-252.el9.x86 64 Description: A vulnerability in the Linux kernel has been resolved, which was causing a kernel panic when unplugging the vp vdpa device. The root cause of the issue is a use-after-free erro...
PT-2025-18524 · Linux +1 · Linux Kernel +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A memory leak issue has been identified in the Linux kernel, specifically in the nvmet auth set key function. This issue occurs when changing dhchap secrets, and it fails to release th...
PT-2025-17953 · WordPress · Order Delivery Date
Name of the Vulnerable Software and Affected Versions: Order Delivery Date WordPress plugin versions prior to 12.3.1 Description: The issue concerns a lack of authorization and CSRF checks when importing settings in the Order Delivery Date WordPress plugin. This allows attackers to modify sensiti...
PT-2025-17719 · WordPress · Verification Sms With Targetsms Plugin
Name of the Vulnerable Software and Affected Versions: Verification SMS with TargetSMS plugin for WordPress versions up to, and including, 1.5 Description: The issue is related to limited Remote Code Execution in the Verification SMS with TargetSMS plugin for WordPress. This vulnerability is due ...
PT-2025-17717
Name of the Vulnerable Software and Affected Versions Flynax Bridge plugin for WordPress versions up to, and including, 2.2.0 Description The issue is related to privilege escalation via account takeover due to the plugin not properly validating a user's identity prior to updating their details,...
PT-2025-17321 · Hewlett Packard · Hp Touchpoint Analytics Service
Name of the Vulnerable Software and Affected Versions: HP Touchpoint Analytics Service versions prior to 4.2.2439 Description: A potential security issue has been identified that could allow a local attacker to escalate privileges. Recommendations: For versions prior to 4.2.2439, update to versio...
PT-2025-17003 · Unknown · Aidraw I Draw
Name of the Vulnerable Software and Affected Versions: aidraw I Draw versions n/a through 1.0 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the use of malicious files. Recommendations: For versions n/a through 1.0, consider restricting file...
PT-2025-17168 · Unknown · Mapsvg Lite
Name of the Vulnerable Software and Affected Versions: MapSVG Lite versions prior to 8.5.35 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to further exploitation and potential...
PT-2025-16984 · WordPress · Eslam Mahmoud Redirect
Name of the Vulnerable Software and Affected Versions: Eslam Mahmoud Redirect wordpress to welcome or landing page versions n/a through 2.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Stored XSS. This means an attacker can trick a user into performing...
PT-2025-16546 · Espocrm · Espocrm
Name of the Vulnerable Software and Affected Versions: EspoCRM versions prior to 9.0.5 Description: The issue concerns the Iframe dashlet in EspoCRM, which allows users to display iframes with arbitrary URLs. Since the sandbox attribute is not included in the iframe, a remote page can open popups...
PT-2025-15877 · Sonos +1 · Sonos Era 300 Speaker +1
Name of the Vulnerable Software and Affected Versions: Sonos Era 300 Speaker affected versions not specified Description: The issue is related to a Use-After-Free Remote Code Execution Vulnerability in the libsmb2 component. This vulnerability was discovered by dungdm @ piers2 with Viettel Cyber...
PT-2025-15647 · Adobe · Commerce
Name of the Vulnerable Software and Affected Versions: Adobe Commerce versions 2.4.7-p4 through 2.4.8-beta2 and earlier Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that could be exploited to cause a denial-of-service condition. An attacker could trick a logged-in use...
PT-2025-07: Path Traversal in TCPDF
The vulnerability was identified in TCPDF, version 6.8.2. The application performs insufficient validation of user input data. Decoding user input allows an attacker to form a path to an arbitrary image on the server, access to which is not provided by the logic of the application, with subsequen...
PT-2025-14039 · Unknown · Quick Localization
Name of the Vulnerable Software and Affected Versions: Quick Localization versions 0.1.0 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting. This allows for Reflected XSS attacks. Recommendations: For...