Pentest Advisories

Our latest advisories

Take a look at the latest advisories from the cybersecurity consultants at Pentest.

CVE

Impact

Researcher

Date

Product

Additional info

CVE-2025-62297

Stored XSS

Łukasz Jaworski

Nov 2025

SOPlanning

CVE-2025-62731

Stored XSS

Łukasz Jaworski

Nov 2025

SOPlanning

CVE-2025-62730

Privilege Escalation via Incorrect Authorisation

Łukasz Jaworski

Nov 2025

SOPlanning

CVE-2025-62729

Stored XSS

Łukasz Jaworski

Nov 2025

SOPlanning

CVE-2025-62297

Stored XSS

Łukasz Jaworski

Nov 2025

SOPlanning

CVE-2025-62296

Stored XSS

Łukasz Jaworski

Nov 2025

SOPlanning

CVE-2025-62295

Stored XSS

Łukasz Jaworski

Mov 2025

SOPlanning

CVE-2025-62294

Predictable Generation of Password Recovery Token

Łukasz Jaworski

Nov 2025

SOPlanning

CVE-2025-62293

Broken Access Control

Łukasz Jaworski

Nov 2025

SOPlanning

CVE-2025-8449

Denial of Service

Scott Laurie

Aug 2025

Schneider Electric – EcoStruxureTM Building Operation Enterprise Server, EcoStruxureTM Enterprise Server, EcoStruxureTM Workstation

CVE-2025-8448

Unauthorized access to sensitive credential data

Scott Laurie

August 2025

Schneider Electric – EcoStruxureTM Building Operation Enterprise Server, EcoStruxureTM Enterprise Server, EcoStruxureTM Workstation

CVE-2023-21516

RCE

Sam Thomas

June 2023

Samsung Galaxy S22

CVE-2022-29842

RCE

Sam Thomas

June 2023

Western Digital MyCloud PR4100

CVE-2022-29840

Server-Side Request Forgery

Sam Thomas

June 2023

Western Digital MyCloud PR4100

CVE-2022-36326

Denial of Service

Sam Thomas

June 2023

Western Digital MyCloud PR4100

CVE-2022-1517

Execution with unnecessary privileges

Scott Laurie

June 2022

Illumina

CVE-2022-1518

Path traversal

Scott Laurie

June 2022

Illumina

CVE-2022-1519

Unrestricted upload of file

Scott Laurie

June 2022

Illumina

CVE-2022-1521

Improper access controls

Scott Laurie

June 2022

Illumina

CVE-2022-1524

Cleartext transmission of sensitive info

Scott Laurie

June 2022

Illumina

CVE-2021-37168

XSS

Nour Alomary

May 2022

SoPlanning

CVE-2021-37169

SQLi

Nour Alomary

May 2022

SoPlanning

CVE-2021-37170

SQLi

Nour Alomary

May 2022

SoPlanning

CVE-2021-37171

XSS

Nour Alomary

May 2022

SoPlanning

CVE-2022-44082

XSS to RCE

Paul Ritchie

March 2022

Textpattern CMS

CVE-2021-42215

XSS

Sam Moore

October 2021

OpenCMS

CVE-2021-42214

Denial of Service

Paul Ritchie

October 2021

OpenCMS

CVE-2021-42213

XSS

Paul Ritchie

October 2021

OpenCMS

CVE-2021-42212

XSS

Paul Ritchie

October 2021

OpenCMS

CVE-2021-42211

XSS

Paul Ritchie

October 2021

OpenCMS

CVE-2021-42210

XSS

Paul Ritchie

October 2021

OpenCMS

CVE-2021-42209

XSS

Paul Ritchie

October 2021

OpenCMS

CVE-2021-42208

Unvalidated Redirect

Paul Ritchie

October 2021

OpenCMS

CVE-2021-42207

Unvalidated Redirect

Sam Moore

October 2021

OpenCMS

CVE-2021-42206

Clickjacking

Paul Ritchie

October 2021

OpenCMS

CVE-2021-27980

Authentication Bypass

Paul Ritchie

May 2021