PT-2025-18857

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to the fixed version Description A bug in the Linux kernel's histogram code allowed histogram values to have certain modifiers, which caused a bug. The issue occurred when attempting to set a histogram value to a...

CVE-2025-35996

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...

CVE-2025-35996 KUNBUS Revolution Pi Improper Neutralization of Server-Side Includes (SSI) Within a Web Page

KUNBUS PiCtory version 2.11.1 and earlier are vulnerable when an authenticated remote attacker crafts a special filename that can be stored by API endpoints. That filename is later transmitted to the client in order to show a list of configuration files. Due to a missing escape or sanitization, t...

PT-2025-18695 · Kunbus · Kunbus Pictory

Name of the Vulnerable Software and Affected Versions: KUNBUS PiCtory versions 2.11.1 and earlier Description: The issue arises when an authenticated remote attacker crafts a special filename that can be stored by API endpoints, which is later transmitted to the client to show a list of...

CVE-2025-42604

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...

CVE-2025-42601

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...

CVE-2025-46546

CVE-2025-46546 concerns Sherpa Orchestrator 141851 where an authenticated user can perform multiple time-based blind SQL injections. Affects API endpoints across GUI and process/file/task listings (examples: api/gui/asset/list; api/gui/files/export/csv/; api/gui/files/list; api/gui/process/export...

Growatt Cloud Applications Information Disclosure Vulnerability

Growatt Cloud Applications is a monitoring platform from Growatt in China. An information disclosure vulnerability exists in Growatt Cloud Applications version 3.6.0 and prior versions, which can be exploited by an unauthenticated attacker to query API endpoints and obtain device details...

PT-2025-17907 · Easyvirt · Easyvirt Co2Scope +1

Name of the Vulnerable Software and Affected Versions: EasyVirt DCScope versions 8.6.4 and earlier EasyVirt CO2Scope versions 1.3.4 and earlier Description: The issue allows remote authenticated attackers to execute arbitrary SQL commands. This can be achieved via various parameters to specific A...

PT-2025-17872 · Unknown · Sherpa Orchestrator

Name of the Vulnerable Software and Affected Versions: Sherpa Orchestrator version 141851 Description: The issue allows an authenticated user to perform multiple time-based blind SQL injections. This affects several API endpoints, including "api/gui/asset/list", "api/gui/files/export/csv/",...

PT-2025-17769 · Animate · Animate

Name of the Vulnerable Software and Affected Versions: Animate versions n/a through 0.5 Description: A Server-Side Request Forgery SSRF issue allows for Server Side Request Forgery. This issue is related to the Animate software. Recommendations: For Animate versions n/a through 0.5, consider...

CVE-2025-42602

This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to...

CVE-2025-42605 Improper Access Control Vulnerability in Meon Bidding Solutions

This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to...

CVE-2025-42604 Detailed Error Response Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to debug mode is enabled in certain API endpoints. A remote attacker could exploit this vulnerability by accessing certain unauthorized API endpoints leading to detailed error messages as response leading to disclosure of system related...

CVE-2025-42603

Meon KYC solutions are affected by a data leakage vulnerability where sensitive information is transmitted in plaintext in API response payloads. An authenticated remote attacker could intercept unencrypted data belonging to other users and impersonate the target user to gain unauthorized access....

CVE-2025-42602 Improper Authentication Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to improper handling of access and refresh tokens in certain API endpoints of authentication process. A remote attacker could exploit this vulnerability by intercepting and manipulating the responses through API request body leading to...

CVE-2025-42601 Captcha Bypass Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...

CVE-2025-42601 Captcha Bypass Vulnerability in Meon KYC solutions

This vulnerability exists in Meon KYC solutions due to insufficient server-side validation of the Captcha in certain API endpoints. A remote attacker could exploit this vulnerability by intercepting the request and removing the Captcha parameter leading to bypassing the Captcha verification...

Meon KYC 授权问题漏洞

Meon KYC is a solution from Meon India. Meon KYC suffers from an authorization issue vulnerability that stems from the mishandling of access and refresh tokens by certain API endpoints during the authentication process, which could lead to unauthorized access to other user accounts...

PT-2025-17616 · Unknown · Meon Bidding Solutions

Name of the Vulnerable Software and Affected Versions: Meon Bidding Solutions affected versions not specified Description: This issue exists due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attack...