175418 matches found
PT-2025-13197
Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 136.0.4 Mozilla Firefox ESR versions prior to 128.8.1 Mozilla Firefox ESR versions prior to 115.21.1 Description A critical vulnerability exists in Mozilla Firefox on Windows systems, allowing for a sandbox...
PT-2025-12803
Name of the Vulnerable Software and Affected Versions VMware Tools for Windows versions 11.x.x through 12.x.x Description VMware Tools for Windows contains an authentication bypass vulnerability due to improper access control. A malicious actor with non-administrative privileges on a guest VM may...
PT-2025-12752 · WordPress · Simple Banner
Name of the Vulnerable Software and Affected Versions: The Simple Banner WordPress plugin versions prior to 3.0.4 Description: The issue allows high privilege users, such as admin, to perform Stored Cross-Site Scripting attacks even when the unfiltered html capability is disallowed, for example i...
PT-2025-12667
Name of the Vulnerable Software and Affected Versions: Vite versions prior to 6.2.3, 6.1.2, 6.0.12, 5.4.15, and 4.5.10. Description: Vite is susceptible to a file access bypass vulnerability. When the development server is exposed to the network using the --host or server.host configuration optio...
PT-2025-12311 · Ollama · Ollama
Name of the Vulnerable Software and Affected Versions: ollama/ollama versions 0.3.14 and earlier Description: A malicious user can create a customized GGUF model file, upload it to the Ollama server, and create it, causing the server to allocate unlimited memory. This leads to a Denial of Service...
PT-2025-10848
Name of the Vulnerable Software and Affected Versions Microsoft Windows versions prior to the patch released in March 2025. Description A security feature bypass vulnerability exists in Microsoft Management Console MMC. This vulnerability, also known as MSC EvilTwin CVE-2025-26633, allows an...
PT-2025-7659 · Sourcecodester · Sourcecodester Best Church Management
Name of the Vulnerable Software and Affected Versions: SourceCodester Best Church Management Software version 1.0 Description: The issue concerns a cross-site scripting problem. It involves the "/admin/redirect.php" API endpoint. Recommendations: For SourceCodester Best Church Management Software...
PT-2025-7272 · Apple · Device
Name of the Vulnerable Software and Affected Versions: Apple devices affected versions not specified Description: A security issue in the SecureROM of certain Apple devices allows an unauthenticated local attacker to execute arbitrary code on the device upon booting. This requires physical access...
PT-2025-7043 · Unknown · Spid.Aspnetcore.Authentication
Name of the Vulnerable Software and Affected Versions: SPID.AspNetCore.Authentication versions prior to 3.4.0 Description: The issue is related to the validation logic of SAML assertions in the SPID.AspNetCore.Authentication library. An attacker could create an arbitrary SAML response that would ...
PT-2025-16771
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A vulnerability in the Linux kernel has been resolved. The issue is related to the dlm component, where writing a positive value to event done could lead to a NULL pointer dereference...
PT-2025-5839 · Phpjabbers · Phpjabbers Cinema Booking System
Name of the Vulnerable Software and Affected Versions: PHPJabbers Cinema Booking System version 2.0 Description: An SQL injection vulnerability in the pjActionGetUser function allows attackers to manipulate database queries via the column parameter. This can lead to unauthorized information...
PT-2025-4614 · Unknown · Survey Maker
Name of the Vulnerable Software and Affected Versions: Survey Maker versions prior to 5.1.3.5 Description: The issue is related to improper neutralization of input during web page generation, which allows for stored Cross-site Scripting XSS. This means that an attacker can inject malicious script...
PT-2025-6475 · Microsoft +4 · Edge +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 133.0.6943.98 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in the Browser UI, allowing a remote attacker to spoof the contents of the Omnib...
PT-2025-5335 · Unknown +1 · Writefreely +1
Name of the Vulnerable Software and Affected Versions: WriteFreely versions 0.15.1 and earlier Description: The issue allows local users to discover credentials by reading the config.ini file when MySQL is used. This is due to insecure default configuration access. Recommendations: For versions...
PT-2025-4847 · Boltdb +2 · Boltdb +2
Name of the Vulnerable Software and Affected Versions: zot versions prior to 2.1.2 Description: The issue arises from the way group data is stored for users in the boltdb database, specifically as an append-list. This leads to group revocations or removals being ignored in the API. When a user lo...
PT-2025-2609 · Ibm · Ibm Cics Tx Advanced +1
Name of the Vulnerable Software and Affected Versions: IBM CICS TX Advanced versions 10.1 through 11.1 IBM CICS TX Standard version 11.1 Description: The issue allows users to embed arbitrary JavaScript code in the Web UI, altering the intended functionality and potentially leading to credentials...
PT-2025-2689
Name of the Vulnerable Software and Affected Versions Google Go versions prior to 1.22.10 and 1.23.4 Description The HTTP client drops sensitive headers after following a cross-domain redirect. For example, a request to a.com/ containing an Authorization header which is redirected to b.com/ will...
PT-2025-1258
Name of the Vulnerable Software and Affected Versions Kubernetes versions prior to 1.29.14 Kubernetes versions prior to 1.30.10 Kubernetes versions prior to 1.31.6 Description This issue is a command injection affecting Windows nodes via the /logs query API. An attacker with the ability to query ...
PT-2025-2516 · Wavlink +1 · Wavlink Ac3000 +1
Name of the Vulnerable Software and Affected Versions: Wavlink AC3000 version M33A8.V5030.210505 Description: A vulnerability exists in the openvpn client setup function of the openvpn.cgi functionality, allowing for arbitrary command execution through a specially crafted HTTP request. An attacke...
PT-2025-1267 · Microsoft +5 · Edge +5
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 132.0.6834.83 Microsoft Edge affected versions not specified Description: The issue is related to an out of bounds read in the Metrics component, which could allow a remote attacker to potentially exploit heap...
PT-2025-1934 · WordPress · Shopping Cart & Ecommerce Store
Name of the Vulnerable Software and Affected Versions: The Shopping Cart & eCommerce Store plugin for WordPress versions up to, and including, 5.7.8 Description: The issue is related to a missing capability check on the webhook function, allowing unauthenticated attackers to modify order statuses...
PT-2025-4363
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The issue is related to a null pointer dereference in the Linux kernel's bnxt driver. This occurs when the XDP eXpress Data Path is detached, and the features are not recalculated, leadi...
PT-2025-1320 · Givewp · Givewp
The software that is vulnerable is the GiveWP WordPress Plugin, specifically versions from n/a through 3.19.3. The vulnerability is a Deserialization of Untrusted Data vulnerability, also known as an Unauthenticated PHP Object Injection, which allows attackers to take control of websites. This...
PT-2025-30775
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the virtio-net module. Specifically, a missing check in the xdp linearize page function allows for an out-of-bound read when processing buffers fr...
PT-2025-21255
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 136.0.7103.113 Microsoft Edge Chromium-based versions prior to 136.0.7103.113 Chromium versions prior to 136.0.7103.113 Description A security issue exists in the Mojo IPC system within Google Chrome and Microso...
PT-2025-23989
Name of the Vulnerable Software and Affected Versions: golang versions 1.15 through 1.19 Description: The issue affects golang packages in Debian Linux. No further details are available due to the lack of information from high-priority sources. Recommendations: For golang version 1.15, update to ...
PT-2024-36826 · Unknown · Free-One-Api
Name of the Vulnerable Software and Affected Versions: free-one-api versions up to and including 1.0.1 Description: The issue concerns the use of MD5, a cryptographically broken hashing algorithm, to hash passwords before sending them to the backend. This makes it vulnerable to collision attacks...
PT-2024-65: Unauthorized Reflected XSS in PhpSpreadsheet (Accounting.php)
The vulnerability was identified in PhpSpreadsheet, versions = 3.0.0, = 2.0.0, = 2.2.0, = 3.0.0, = 2.0.0, = 2.2.0, = 2.3.4 to 2.3.5 or higher Additional information: Security advisory Researcher: Aleksey Solovev Positive Technologies...
PT-2025-3576
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.12.0-rc3-syzkaller-00399-g9197b73fd7bb Description A slab-use-after-free issue has been identified in the Linux kernel, specifically in the RDMA/rxe component. This problem occurs when the event ib cache event...
PT-2024-17655 · WordPress · Button Block
Name of the Vulnerable Software and Affected Versions: Button Block plugin for WordPress versions up to, and including, 1.1.5 Description: The issue allows authenticated attackers with Contributor-level access and above to extract potentially sensitive data from draft, scheduled, private, and...
PT-2025-26186
Name of the Vulnerable Software and Affected Versions Pterodactyl versions prior to 1.11.11 Description An unauthenticated malicious actor can execute arbitrary code by using the '/locales/locale.json' endpoint with the locale and namespace query parameters. This flaw allows for complete server...
PT-2024-35410 · Hkcms · Hkcms
Name of the Vulnerable Software and Affected Versions: HkCms versions prior to 2.3.2.240702 Description: The issue concerns a file upload vulnerability in the getFileName method located in /app/common/library/Upload.php. Recommendations: For versions prior to 2.3.2.240702, consider disabling the...
PT-2024-34661
Name of the Vulnerable Software and Affected Versions LibreNMS versions prior to 24.10.0 Description A Stored Cross-Site Scripting XSS vulnerability in the "Custom OID" tab of a device allows authenticated users to inject arbitrary JavaScript through the unit parameter when creating a new OID. Th...
PT-2024-19190 · Sound Research · Secomn64
Name of the Vulnerable Software and Affected Versions: HP PC products using the Sound Research SECOMN64 driver affected versions not specified Description: The issue concerns potential vulnerabilities in the audio package of certain HP PC products that use the Sound Research SECOMN64 driver. Thes...
PT-2024-33617 · Unknown · Web Bricks Addons For Elementor
Name of the Vulnerable Software and Affected Versions: Web Bricks Addons for Elementor versions 1.1.1 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. This allows for Stored XSS attacks...
PT-2024-21324 · Liferay · Liferay Dxp +1
Name of the Vulnerable Software and Affected Versions: Liferay Portal versions 7.4.3.75 through 7.4.3.111 Liferay DXP versions 2023.Q4.0 through 2023.Q4.2 Liferay DXP versions 2023.Q3.1 through 2023.Q3.5 Liferay Portal 7.4 update 75 through update 92 Liferay Portal 7.3 update 32 through update 36...
PT-2024-30: Stored DOM-Based Cross-Site Scripting (stored DOM XSS) in Passwork
The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. Exploitation of the vulnerability is possible for an authorized user and leads to the possibility of executing...
PT-2024-30912 · WordPress · Kevon Adonis Wp Abstracts
Name of the Vulnerable Software and Affected Versions: Kevon Adonis WP Abstracts versions 2.6.5 and earlier Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS, which allows Stored XSS. This means that an attacke...
PT-2024-39603 · Captcha Bank · Wordpress Captcha Plugin
Name of the Vulnerable Software and Affected Versions: WordPress Captcha Plugin by Captcha Bank versions up to, and including, 4.0.36 Description: The issue is related to Reflected Cross-Site Scripting due to the use of add query arg without appropriate escaping on the URL. This allows...
PT-2024-39545 · WordPress · Wordpress & Woocommerce Affiliate Program
Name of the Vulnerable Software and Affected Versions: WordPress & WooCommerce Affiliate Program plugin versions up to, and including, 8.4.1 Description: The WordPress & WooCommerce Affiliate Program plugin for WordPress is vulnerable to authentication bypass due to the rtwwwap login request...
PT-2024-32335 · Mattermost +1 · Mattermost +1
Name of the Vulnerable Software and Affected Versions: Mattermost versions 9.11.x through 9.11.0 Mattermost versions 9.5.x through 9.5.8 Description: The issue arises from the failure to validate that the message of a permalink post is a string, allowing an attacker to send a non-string value as...
PT-2024-35: Automatic explicit deep link assignment in Android Jetpack Navigation Library
The vulnerability was identified in Android Jetpack Navigation Library in versions 2.8.1. The discovered vulnerability allows an attacker, using automatically assigned explicit deep links, to open arbitrary screens in the application and pass them arbitrary parameters Vulnerability status:...
PT-2024-29050 · Apple · Apple Macos
Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15 Description: A permissions issue was addressed with additional restrictions. A malicious app may be able to change network settings. Recommendations: For versions prior to 15, update to macOS Sequoia 15 to resolve t...
PT-2024-6855
Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.6.52 Description The vulnerability is related to a use-after-free issue in the smb2 set path size function. When smb2 compound op is called with a valid @cfile and returns -EINVAL, the reference to @cfile is...
PT-2024-5809 · Google +4 · Google Chrome +4
Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 128.0.6613.84 Microsoft Edge affected versions not specified Description: The issue is related to an inappropriate implementation in WebApp Installs, allowing an attacker to perform UI spoofing via a crafted HT...
PT-2024-6590 · Rockwell Automation · Compactlogix +2
Name of the Vulnerable Software and Affected Versions: Rockwell Automation CompactLogix versions affected versions not specified Rockwell Automation ControlLogix versions affected versions not specified Rockwell Automation GuardLogix versions affected versions not specified Description: A...
PT-2024-38319 · Chargepoint · Chargepoint Home Flex
Name of the Vulnerable Software and Affected Versions: ChargePoint Home Flex affected versions not specified Description: This issue allows network-adjacent attackers to disclose sensitive information on affected installations of ChargePoint Home Flex charging devices. The specific flaw exists...
PT-2024-38101 · WordPress · Tainacan
Name of the Vulnerable Software and Affected Versions: Tainacan plugin for WordPress versions up to, and including, 0.21.7 Description: The issue is related to a missing capability check on the get file function, which is also vulnerable to directory traversal. This allows authenticated attackers...
PT-2024-4844
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.62 Description: The issue is related to a Server-side Request Forgery SSRF vulnerability in the mod rewrite module of the Apache HTTP Server on Windows. This vulnerability can be exploited by a remote...
PT-2024-37453 · WordPress · Duplicator
Name of the Vulnerable Software and Affected Versions: Duplicator plugin for WordPress versions up to, and including, 1.5.9 Description: The issue allows unauthenticated attackers to obtain the full path to instances, which may be used in combination with other vulnerabilities or to simplify...