CVE-2024-13174

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in E1 Informatics Web Application allows SQL Injection. This issue affects Web Application: through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within the...

CVE-2024-13174

CVE-2024-13174 is an SQL Injection in the E1 Informatics Web Application caused by improper neutralization of special elements in SQL commands. Affected versions are through 20250916. The CVSS 3.1 base score is 8.6 (High) with NETWORK attack vector, no privileges required, no user interaction. Im...

CVE-2024-13149

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection', CWE - 200 - Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Arma Store Armalife allows SQL Injection. This issue affects Armalife: through 20250916. NOTE: The vendor did not inform abou...

CVE-2025-2404

CVE-2025-2404 : XSS in Ubit Information Technologies’ STOYS student information system. Affected versions: STOYS 2 through 20250916. Root cause: improper neutralization of input during web page generation. Impact: potential cross-site scripting exposure; no exploitation details or in-the-wild dat...

CVE-2024-12367 Information Disclosure in Vegagrup Software's Vega Master

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing. This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within...

CVE-2024-12367 Information Disclosure in Vegagrup Software's Vega Master

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing.This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within th...

CVE-2024-12367

CVE-2024-12367 reflects an information-disclosure issue in Vegagrup Software Vega Master, caused by directory indexing that exposes sensitive system information. Affected versions are Vega Master 1.12.35 through 20250916. The issue’s impact is described as disclosure of sensitive information, wit...

PT-2025-37867

Name of the Vulnerable Software and Affected Versions: Vegagrup Software Vega Master versions 1.12.35 through 20250916 Description: A vulnerability exists in Vegagrup Software Vega Master that allows directory indexing, potentially leading to exposure of sensitive system information to an...

E1 Informatics Web Application SQL注入漏洞

E1 Informatics Web Application is a web application from E1 Informatics Turkey. A SQL injection vulnerability exists in E1 Informatics Web Application 20250916 and earlier versions, which stems from improper neutralization of special elements in SQL commands, which can lead to SQL injection attac...

PT-2025-37922

Name of the Vulnerable Software and Affected Versions: Megatek Communication System Azora Wireless Network Management versions through 20250916 Description: The software contains an SQL injection flaw due to improper neutralization of special elements used in an SQL command. This allows for SQL...

Azora Wireless Network Management SQL注入漏洞

Azora Wireless Network Management is a wireless network management platform from Azora Turkey. An SQL injection vulnerability exists in Azora Wireless Network Management 20250916 and prior versions, which stems from improper neutralization of special elements and could lead to an SQL injection...

Armalife SQL注入漏洞

Armalife is an online fashion retail software from Armalife Turkey. A SQL injection vulnerability exists in Armalife 20250916 and earlier versions, which stems from improper neutralization of special elements in SQL commands, and could lead to SQL injection and disclosure of sensitive information...

Ubit STOYS 跨站脚本漏洞

Ubit STOYS is a student information system from Ubit Turkey. A cross-site scripting vulnerability exists in Ubit STOYS versions 2 through 20250916, which stems from improper input neutralization during web page generation and could lead to cross-site scripting attacks...