2003 matches found
CVE-2025-60319
PerfreeBlog v4.0.11 is vulnerable to Server-Side Request Forgery due to a missing authorization check in the uploadAttachByUrl API endpoint AttachController.java...
EUVD-2025-37013
Byaidu PDFMathTranslate vulnerable to open redirect...
GHSA-PFRV-63W8-Q7RQ Byaidu PDFMathTranslate vulnerable to open redirect
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...
CVE-2025-50736
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...
CVE-2025-50736
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...
CVE-2025-50736
An open redirect vulnerability exists in Byaidu PDFMathTranslate v1.9.9 that allows attackers to craft URLs that cause the application to redirect users to arbitrary external websites via the file parameter to the /gradioapi endpoint. This vulnerability could be exploited for phishing attacks or ...
D-Link Nuclias Connect Directory Traversal Vulnerability
D-Link Nuclias Connect is a network management software from D-Link for centralized management of wireless access points APs, supporting multi-device remote control and reporting capabilities. A directory traversal vulnerability exists in D-Link Nuclias Connect, which stems from improper cleanup ...
CVE-2025-10545
Mattermost versions 10.5.x = 10.5.10, 10.11.x = 10.11.2 fail to properly validate guest user permissions when adding channel members which allows guest users to add any team members to their private channels via the /api/v4/channels/channelid/members endpoint...
CVE-2025-41443
Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...
WordPress SureForms plugin information disclosure vulnerability
WordPress SureForms plugin is a visual form builder plugin designed for WordPress , support drag and drop operation , no programming foundation to quickly build responsive forms . An information disclosure vulnerability exists in the WordPress SureForms plugin, which stems from improper access...
EUVD-2025-34824
A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may b...
CVE-2025-10732 SureForms – Drag and Drop Form Builder for WordPress <= 1.12.1 - Missing Authorization to Authenticated (Contributor+) Information Disclosure
The SureForms – Drag and Drop Form Builder for WordPress plugin for WordPress is vulnerable to Sensitive Information Disclosure in all versions up to, and including, 1.12.1. This is due to improper access control implementation on the '/wp-json/sureforms/v1/srfm-global-settings' REST API endpoint...
PT-2025-41848
Name of the Vulnerable Software and Affected Versions SureForms – Drag and Drop Form Builder for WordPress versions prior to 1.12.2 Description The SureForms – Drag and Drop Form Builder for WordPress plugin contains a flaw in access control. Specifically, the...
CVE-2025-11607
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...
CVE-2025-11607
A weakness has been identified in harry0703 MoneyPrinterTurbo up to 1.2.6. The impacted element is the function uploadmusic of the file app/controllers/v1/music.py of the component API Endpoint. Executing a manipulation of the argument File can lead to path traversal. The attack may be performed...
CVE-2025-11607
The CVE-2025-11607 entry affects harry0703 MoneyPrinterTurbo up to 1.2.6, specifically the upload_music function in app/controllers/v1/music.py of the API Endpoint. The vulnerability arises from path traversal via manipulation of the File argument, enabling remote exploitation. Multiple connected...
CVE-2025-11529
A security flaw has been discovered in ChurchCRM up to 5.18.0. This impacts the function AuthMiddleware of the file src/ChurchCRM/Slim/Middleware/AuthMiddleware.php of the component API Endpoint. The manipulation results in missing authentication. The attack can be executed remotely. The exploit...
PT-2025-41531
Name of the Vulnerable Software and Affected Versions SonarQube versions prior to 25.6 SonarQube 2025.3 Commercial versions prior to 2025.3 SonarQube 2025.1.3 LTA versions prior to 2025.1.3 Description Authenticated users with low privileges can access the /api/v2/users-management/users endpoint ...
CVE-2025-11442
A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be...
ChurchCRM 安全漏洞
ChurchCRM is ChurchCRM open source an open source CRM system for churches. ChurchCRM 5.18.0 and earlier versions have an authentication error vulnerability that stems from a lack of authentication in the AuthMiddleware function in the API Endpoint component, which can be exploited by an attacker ...