CVE-2024-42352

Nuxt is a free and open-source framework to create full-stack web applications and websites with Vue.js. nuxt/icon provides an API to allow client side icon lookup. This endpoint is at /api/nuxticon/name. The proxied request path is improperly parsed, allowing an attacker to change the scheme and...

CVE-2024-39937

supOS 5.0 allows api/image/download?fileName=../ directory traversal for reading files...

CVE-2024-0869

The Instant Images – One Click Image Uploads from Unsplash, Openverse, Pixabay and Pexels plugin for WordPress is vulnerable to unauthorized arbitrary options update due to an insufficient check that neglects to verify whether the updated option belongs to the plugin on the instant-images/license...

CVE-2024-8522

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'conlyfields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-8529

The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'cfields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on the user supplied parameter and lack of...

CVE-2024-8484

The REST API TO MiniProgram plugin for WordPress is vulnerable to SQL Injection via the 'order' parameter of the /wp-json/watch-life-net/v1/comment/getcomments REST API endpoint in all versions up to, and including, 4.7.1 due to insufficient escaping on the user supplied parameter and lack of...

PT-2025-5596 · Rengine · Rengine

Name of the Vulnerable Software and Affected Versions: reNgine versions prior to 2.2.0 Description: A vulnerability was discovered in reNgine, where an insider attacker with any role can extract sensitive information from other reNgine users. After running a scan and obtaining vulnerabilities fro...

PT-2025-3444 · Ruoyi · Ruoyi

Name of the Vulnerable Software and Affected Versions: RuoYi version 4.8.0 Description: A SQL injection issue was found in RuoYi via the orderby parameter at the "/monitor/online/list" API endpoint. Recommendations: For RuoYi version 4.8.0, as a temporary workaround, consider restricting access t...

CVE-2025-0783

A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use...

CVE-2025-0783 pankajindevops scale API Endpoint access control

A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use...

CVE-2025-0783

CVE-2025-0783 affects pankajindevops Scale API Endpoint. Multiple connected sources describe a vulnerability in the API Endpoint component causing improper access controls, with remote initiation possible and no versioning/affected releases information available. The exact vulnerable versions are...

CVE-2025-0783 pankajindevops scale API Endpoint access control

A vulnerability, which was classified as problematic, was found in pankajindevops scale up to 20241113. This affects an unknown part of the component API Endpoint. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use...

PT-2025-1313 · Cacti +1 · Cacti +1

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 1.2.29 Description: Cacti is an open source performance and fault management framework. It has a SQL injection vulnerability in the get discovery results function of automation devices.php using the network parameter...

Path Traversal

Ray is vulnerable to Path Traversal. The vulnerability is due to improper validation or sanitization of user input in the log API endpoint, allowing attackers to specify arbitrary file paths and access unauthorized files on the server...

PT-2025-4740

Name of the Vulnerable Software and Affected Versions RE11S version 1.11 Description RE11S version 1.11 contains a command injection issue through the command parameter at the ''/goform/mp'' API endpoint. This allows for potential unauthorized command execution. Recommendations RE11S version 1.11...

PT-2025-4741 · Re11S · Re11S

Name of the Vulnerable Software and Affected Versions: RE11S version 1.11 Description: A command injection issue was discovered via the L2TPUserName parameter at the "/goform/setWAN" API endpoint. This allows for potential command injection attacks. Recommendations: For RE11S version 1.11, as a...

CVE-2024-46310

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint...

CVE-2024-46310

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint...

CVE-2024-46310

Incorrect Access Control in Cfx.re FXServer v9601 and earlier allows unauthenticated users to modify and read arbitrary user data via exposed API endpoint...

PT-2025-4748 · Tenda · Tenda Ac9

Name of the Vulnerable Software and Affected Versions: Tenda ac9 version 1.0 v15.03.05.19 Description: The issue concerns a stack overflow vulnerability in the /goform/SetOnlineDevName API endpoint, which may lead to remote arbitrary code execution. Recommendations: For Tenda ac9 version 1.0...