PT-2025-25542 · Unknown · Parking Management System

Name of the Vulnerable Software and Affected Versions: Das Parking Management System version 6.2.0 Description: A critical issue was found in the API component of the system, specifically affecting the /Reservations/Search file. The manipulation of the Value argument leads to SQL injection. This...

PT-2025-25543 · Unknown · Parking Management System

Name of the Vulnerable Software and Affected Versions: Das Parking Management System versions 6.2.0 Description: A critical issue affects the /vehicle/search API endpoint of the component, where manipulation of the vehicleTypeCode argument leads to SQL injection. The attack can be initiated...

PT-2025-25511 · Realguoshuai · Open-Video-Cms

Name of the Vulnerable Software and Affected Versions: realguoshuai open-video-cms version 1.0 Description: A critical issue affects the processing of the file "/v1/video/list" API endpoint. The manipulation of the sort argument leads to SQL injection. This issue can be exploited remotely...

CVE-2025-5964

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...

CVE-2025-5964

A path traversal issue in the API endpoint in M-Files Server before version 25.6.14925.0 allows an authenticated user to read files in the server...

OpenC3 COSMOS 安全漏洞

OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to 6.1.0 that stems from the /script-api/scripts/ endpoint being vulnerable to directory traversal attacks...

CVE-2025-49181

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service atta...

CVE-2025-49181

CVE-2025-49181 involves missing authorization of an API endpoint, allowing unauthorized GET requests to disclose information and POST requests to modify the log root path and the service TCP ports, potentially enabling information disclosure and Denial of Service. The issue is associated with SIC...

CVE-2025-49181 Configurations endpoint does not require authorization

Due to missing authorization of an API endpoint, unauthorized users can send HTTP GET requests to gather sensitive information. An attacker could also send HTTP POST requests to modify the log files’ root path as well as the TCP ports the service is running on, leading to a Denial of Service atta...

PT-2025-24643 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...

PT-2025-24641 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: A SQL injection issue has been found, allowing an attacker to retrieve, create, update, and delete databases. This is achieved through the codform parameter in the...

PT-2025-24640 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: A SQL injection issue has been found, allowing an attacker to retrieve, create, update, and delete databases. This is achieved through the cod parameter in the...

PT-2025-24642 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: An Insecure Direct Object Reference IDOR vulnerability has been found in DM Corporative CMS. This vulnerability allows an attacker to access the private area by setting the optio...

PT-2025-24638 · Unknown · Dm Corporative Cms

Name of the Vulnerable Software and Affected Versions: DM Corporative CMS affected versions not specified Description: A SQL injection issue has been found, allowing an attacker to retrieve, create, update, and delete databases. This is achieved through the name and cod parameters in the...

PT-2025-24544 · Unknown · Anchor Cms

Name of the Vulnerable Software and Affected Versions: Anchor CMS version 0.12.7 Description: A stored cross-site scripting XSS issue allows attackers to inject malicious JavaScript via the page description field in the page creation interface, specifically the "/admin/pages/add" API endpoint...

PT-2025-24576 · Totolink · Totolink T10

Name of the Vulnerable Software and Affected Versions: TOTOLINK T10 version 4.1.8cu.5207 Description: A critical vulnerability has been found in the UploadCustomModule function of the /cgi-bin/cstecgi.cgi file, which is part of the POST Request Handler component. The manipulation of the File...

CVE-2025-20130

A vulnerability in the API of Cisco Identity Services Engine ISE and Cisco ISE Passive Identity Connector ISE-PIC could allow an authenticated, remote attacker with administrative privileges to upload files to an affected device. This vulnerability is due to improper validation of the file copy...

CVE-2025-5552

A vulnerability was found in ChestnutCMS up to 15.1. It has been declared as critical. This vulnerability affects unknown code of the file /dev-api/groovy/exec of the component API Endpoint. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been...

PT-2025-24383 · Tenda · Tenda Ac15

Name of the Vulnerable Software and Affected Versions: Tenda AC15 version 15.03.05.19 multi Description: A critical vulnerability was found in the Tenda AC15 router, specifically affecting the formSetPPTPUserList function of the /goform/setPptpUserList file in the HTTP POST Request Handler...

PT-2025-24397 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue affects the function formSetPPTPUserList of the file /goform/setPptpUserList. The manipulation of the list argument leads to a buffer overflow. The attack may be initiated remotely...