PT-2025-27015

Name of the Vulnerable Software and Affected Versions: UTT HiPER 840G versions up to 3.1.1-190328 Description: A critical issue affects the strcpy function of the /goform/setSysAdm file in the API component. The manipulation of the passwd1 argument leads to buffer overflow, allowing remote attack...

PT-2025-26711 · Mb Connect Line +1 · Mbconnect24 +2

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: An unauthenticated remote attacker can enumerate valid user names from an unprotected "API endpoint". No information is provided about the estimated number of potentially affected devices...

FreeBSD : Navidrome -- SQL Injection via role parameter (fc2d2fb8-4c83-11f0-8deb-f8f21e52f724)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the fc2d2fb8-4c83-11f0-8deb-f8f21e52f724 advisory. Deluan reports: This vulnerability arises due to improper input validation on the role parameter within...

PT-2025-26163 · Minitcg · Minitcg

Name of the Vulnerable Software and Affected Versions: miniTCG version 1.3.1 beta Description: A cross-site scripting XSS issue allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the id parameter at the "/members/edit.php" API endpoint. Recommendations:...

CVE-2025-5964

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...

PT-2025-25511 · Realguoshuai · Open-Video-Cms

Name of the Vulnerable Software and Affected Versions: realguoshuai open-video-cms version 1.0 Description: A critical issue affects the processing of the file "/v1/video/list" API endpoint. The manipulation of the sort argument leads to SQL injection. This issue can be exploited remotely...

PT-2025-25508 · Utt · Utt 进取 750W

Name of the Vulnerable Software and Affected Versions: UTT 进取 750W versions up to 5.0 Description: A critical issue affects the strcpy function of the /goform/setSysAdm component API. The manipulation of the passwd1 argument leads to a buffer overflow. This issue can be exploited remotely...

PT-2025-25543 · Unknown · Parking Management System

Name of the Vulnerable Software and Affected Versions: Das Parking Management System versions 6.2.0 Description: A critical issue affects the /vehicle/search API endpoint of the component, where manipulation of the vehicleTypeCode argument leads to SQL injection. The attack can be initiated...

PT-2025-25542 · Unknown · Parking Management System

Name of the Vulnerable Software and Affected Versions: Das Parking Management System version 6.2.0 Description: A critical issue was found in the API component of the system, specifically affecting the /Reservations/Search file. The manipulation of the Value argument leads to SQL injection. This...

PT-2025-25541 · Unknown · Parking Management System

Name of the Vulnerable Software and Affected Versions: Das Parking Management System version 6.2.0 Description: A critical issue was found in the API component, specifically affecting an unknown part of the /IntraFieldVehicle/Search file. The manipulation of the Value argument leads to SQL...

CVE-2025-5964

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...

CVE-2025-5964

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to 6.1.0 that stems from the /script-api/scripts/ endpoint being vulnerable to directory traversal attacks...

CVE-2025-49181

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service atta...

CVE-2025-49181

CVE-2025-49181 involves missing authorization of an API endpoint, allowing unauthorized GET requests to disclose information and POST requests to modify the log root path and the service TCP ports, potentially enabling information disclosure and Denial of Service. The issue is associated with SIC...

CVE-2025-49181 Configurations endpoint does not require authorization

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service atta...

PT-2025-24642 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...

PT-2025-24638 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: A SQL injection issue has been found, allowing an attacker to retrieve, create, update, and delete databases. This is achieved through the name and cod parameters in the...

PT-2025-24643 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...

PT-2025-24641 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: A SQL injection issue has been found, allowing an attacker to retrieve, create, update, and delete databases. This is achieved through the codform parameter in the...