PT-2025-24640 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: A SQL injection issue has been found, allowing an attacker to retrieve, create, update, and delete databases. This is achieved through the cod parameter in the...

PT-2025-24544 · Unknown · Anchor Cms

Name of the Vulnerable Software and Affected Versions: Anchor CMS version 0.12.7 Description: A stored cross-site scripting XSS issue allows attackers to inject malicious JavaScript via the page description field in the page creation interface, specifically the "/admin/pages/add" API endpoint...

PT-2025-24576 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 version 4.1.8cu.5207 Description: A critical vulnerability has been found in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file, which is part of the POST Request Handler component. The manipulation of the File...

CVE-2025-20130

A vulnerability in the API of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy...

CVE-2025-5552

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been...

PT-2025-24397 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the list argument leads to a buffer overflow. The attack may be initiated remotely...

PT-2025-24015 · Sourcecodester · Sourcecodester Student Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Student Result Management System version 1.0 Description: A vulnerability was found in the Subjects Page component, specifically in an unknown function of the file /script/academic/subjects. The manipulation of the Subject...

PT-2025-24383 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 multi Description: A critical vulnerability was found in the Tenda AC15 router, specifically affecting the formSetPPTPUserList function of the /goform/setPptpUserList file in the HTTP POST Request Handler...

Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

Summary An unauthenticated information disclosure vulnerability exists in the PSU deployment of HAX CMS via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrieve a full list of PSU websites hosted on HAX CMS. When chained with other authorization issues e.g., HAX-3...

CVE-2025-5552

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been...

CVE-2025-5552

CVE-2025-5552 affects ChestnutCMS up to version 15.1, targeting the API Endpoint’s file /dev-api/groovy/exec. The issue is a deserialization vulnerability that can be exploited remotely; exploitation details have been publicly disclosed. Several connected sources confirm this, including Red Hat a...

CVE-2025-5552 ChestnutCMS API Endpoint exec deserialization

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been...

PT-2025-23733 · Unknown · Chestnutcms

Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions up to 15.1 Description: A critical issue has been found in the API Endpoint component, specifically affecting the /dev-api/groovy/exec file. This issue leads to deserialization and can be exploited remotely. The exploit h...

PT-2025-23642 · Audiocodes · Audiocodes Mediapack Mp-11X

Name of the Vulnerable Software and Affected Versions: Audiocodes Mediapack MP-11x versions 6.60A.369.002 and earlier Description: The issue allows an unauthenticated remote user to execute unauthorized code by sending a crafted POST request. This can result in the execution of unauthorized code...

PT-2025-23650 · Unknown · Quequnlong Shiyi-Blog

Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A vulnerability has been found in quequnlong shiyi-blog, affecting an unknown functionality of the file "/dev-api/api/comment/add". The manipulation of the content argument leads to...

CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint

HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...

PT-2025-23555 · Hax · Hax Cms +1

Name of the Vulnerable Software and Affected Versions: HAX open-apis versions up to and including 10.0.2 Description: An unauthenticated information disclosure issue exists in the HAX content management system via the haxPsuUsage API endpoint. This allows any remote unauthenticated user to retrie...

CVE-2025-48949

Navidrome is an open source web-based music collection server and streamer. Versions 0.55.0 through 0.55.2 have a vulnerability due to improper input validation on the role parameter within the API endpoint /api/artist. Attackers can exploit this flaw to inject arbitrary SQL queries, potentially...