PT-2025-14891 · Edimax · Edimax Ac1200 Wave 2 Dual-Band Gigabit Router Br-6478Ac V3

Name of the Vulnerable Software and Affected Versions: Edimax AC1200 Wave 2 Dual-Band Gigabit Router BR-6478AC V3 version 1.0.15 Description: A command injection issue was discovered via the fota url in the "/boafrm/formLtefotaUpgradeQuectel" API endpoint. This allows for potential exploitation. ...

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2024-47212

An issue was discovered in Iglu Server 0.13.0 and below. It involves sending very large payloads to a particular API endpoint of Iglu Server and can render it completely unresponsive. If the operation of Iglu Server is not restored, event processing in the pipeline would eventually halt...

PT-2025-14636 · Os4Ed · Os4Ed Opensis

Name of the Vulnerable Software and Affected Versions: OS4ED openSIS versions 8.0 through 9.1 Description: The issue allows attackers to execute a directory traversal by sending a crafted POST request to "/Modules.php?modname=messaging/Inbox.php&modfunc=save&filename". This enables attackers to...

PT-2025-14570 · Unknown · Fcba Zzm Ics-Park Smart Park Management System

Name of the Vulnerable Software and Affected Versions: fcba zzm ics-park Smart Park Management System version 2.1 Description: A critical vulnerability was found in the fcba zzm ics-park Smart Park Management System. This issue affects unknown code of the file "/api/system/dept/update" and leads ...

CVE-2025-3022

Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint...

CVE-2025-31132

Raven is an open-source messaging platform. A vulnerability allowed any logged in user to execute code via an API endpoint. This vulnerability is fixed in 2.1.10...

CVE-2025-31132

Raven (open-source messaging platform) has a vulnerability where any logged-in user could execute code via an API endpoint. Root cause described as input validation issues in Raven prior to 2.1.10. Impact is high (arbitrary code execution potential) with no user interaction required. The fixed ve...

PT-2025-14121 · Raven · Raven

Name of the Vulnerable Software and Affected Versions: Raven versions prior to 2.1.10 Description: A vulnerability in Raven, an open-source messaging platform, allowed any logged-in user to execute code via an API endpoint. Recommendations: For versions prior to 2.1.10, update to version 2.1.10 t...

CVE-2025-3022

Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the ‘client’ parameter in the /data/apache/e-management/api/api3.php endpoint...

VulnCheck KEV: CVE-2023-31478

An issue was discovered on GL.iNet devices before 3.216. An API endpoint reveals information about the Wi-Fi configuration, including the SSID and key...

PT-2025-13622 · Unknown · Bluestar Micro Mall

Name of the Vulnerable Software and Affected Versions: Bluestar Micro Mall version 1.0 Description: A critical vulnerability was found in Bluestar Micro Mall, affecting an unknown functionality of the file "/api/api.php?mod=upload&type=1". The manipulation of the File argument leads to unrestrict...

PT-2025-13586 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The issue concerns Command Injection in the /bin/boa executable via the bandstr variable. This allows for potential execution of arbitrary commands. Recommendations: For TOTOLINK A3002...

LibreChat Denial of Service Vulnerability (CNVD-2025-06064)

LibreChat is an enhanced ChatGPT clone. A denial-of-service vulnerability exists in LibreChat that stems from certain API endpoints not handling incorrectly formatted input when received, which can be exploited by an attacker to cause the server to crash...

Lunary /api/v1/data-warehouse/bigquery endpoint access control error vulnerability

Lunary is Lunary open source a production toolkit for LLM . Lunary suffers from an Access Control Error vulnerability that originates from the POST /api/v1/data-warehouse/bigquery endpoint without proper access control, which can be exploited by an attacker to obtain sensitive information...

PT-2025-12693 · H3C · H3C Magic Be18000 +4

Name of the Vulnerable Software and Affected Versions: H3C Magic NX15 versions up to V100R014 H3C Magic NX30 Pro versions up to V100R014 H3C Magic NX400 versions up to V100R014 H3C Magic R3010 versions up to V100R014 H3C Magic BE18000 versions up to V100R014 Description: A critical vulnerability...

PT-2025-12698 · Unknown · Phpgurukul Old Age Home Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Old Age Home Management System version 1.0 Description: A critical vulnerability was found in PHPGurukul Old Age Home Management System, affecting some unknown functionality of the file /admin/bwdates-report-details.php. The...

PT-2025-12689 · H3C · H3C Magic Nx30 Pro

Name of the Vulnerable Software and Affected Versions: H3C Magic NX30 Pro up to V100R007 Description: A critical vulnerability was found in the H3C Magic NX30 Pro, affecting an unknown part of the file /api/wizard/getNetworkStatus of the component HTTP POST Request Handler. The manipulation leads...