7058 matches found
PT-2025-50974
Name of the Vulnerable Software and Affected Versions Atcom 100M IP Phones versions 2.7.x.x Description The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The cmd parameter within the 'web...
CVE-2025-61940
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940
NMIS/BioDose V22.02 and previous versions rely on a common SQL Server user account to access data in the database. User access in the client application is restricted by a password authentication check in the client software but the underlying database connection always has access. The latest...
CVE-2025-61940
NMIS/BioDose (versions before V22.02) uses a common SQL Server user account for database access, while the client app performs password authentication but the underlying DB connection maintains access. The latest release adds Windows authentication to the database, which would restrict the connec...
PT-2025-47302
Name of the Vulnerable Software and Affected Versions SourceCodester Train Station Ticketing System version 1.0 Description A SQL injection weakness exists in the Train Station Ticketing System. This issue is related to the manipulation of the Username argument within the login functionality,...
GO-2025-4126 Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost
Mattermost fails to properly restrict access to archived channel search API in github.com/mattermost/mattermost. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports...
PT-2025-47209
Name of the Vulnerable Software and Affected Versions code-projects Courier Management System version 1.0 Description A flaw exists in code-projects Courier Management System 1.0 that allows for remote code execution. The issue is located in the file /add-new-officer.php. Manipulation of the...
PT-2025-47120
Name of the Vulnerable Software and Affected Versions lsfusion platform versions prior to 6.1 Description A flaw exists in the lsfusion platform that allows for path traversal. This issue is related to the unpackFile function located in the file...
Mattermost fails to properly restrict access to archived channel search API
Mattermost versions 11 fail to properly restrict access to archived channel search API which allows guest users to discover archived public channels via the /api/v4/teams/teamid/channels/searcharchived endpoint...
PT-2025-44788
Name of the Vulnerable Software and Affected Versions Geutebruck G-Cam E-Series Cameras version 1.12.0.19 Description An unauthenticated SQL Injection exists within the Geutebruck G-Cam E-Series Cameras. The issue is located in the /uapi-cgi/viewer/Param.cgi script through the Group parameter...
PT-2025-44745
Name of the Vulnerable Software and Affected Versions Tenda AC21 version 16.03.08.16 Description A flaw exists in the Tenda AC21 device. This issue is related to a buffer overflow in the formSetPPTPServer function within the /goform/SetPptpServerCfg file. Manipulation of the startIp argument can...
PT-2025-44784
Name of the Vulnerable Software and Affected Versions Open Source Social Network OSSN version 8.6 Description Open Source Social Network OSSN version 8.6 is susceptible to a Cross Site Scripting XSS issue. The issue occurs through the param parameter at the /u/administrator/friends API endpoint...
PT-2025-44777
Name of the Vulnerable Software and Affected Versions Car-Booking-System-PHP version 1.0 Description Car-Booking-System-PHP version 1.0 is susceptible to Cross Site Scripting XSS in the /carlux/booking.php file. The issue allows for the injection of malicious scripts through the vulnerable...
PT-2025-43875
Name of the Vulnerable Software and Affected Versions projectworlds Online Shopping System version 1.0 Description A flaw has been identified in projectworlds Online Shopping System 1.0. The issue involves a potential SQL injection affecting an unknown function within the /login submit.php file...
CVE-2025-62256
Liferay Portal 7.4.0 through 7.4.3.109, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.7, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions does not properly restrict access to OpenAPI in certain circumstances, which allows remote attackers...
Apache Traffic Control has an Inefficient Regular Expression Complexity vulnerability
UNSUPPORTED WHEN ASSIGNED Inefficient Regular Expression Complexity vulnerability in Apache Traffic Control. This issue affects Apache Traffic Control: all versions. People with access to the management interface of the Traffic Router component could specify malicious patterns and cause...
EUVD-2025-33577
Newforma Info Exchange NIX accepts serialized .NET data via the '/remoteweb/remote.rem' endpoint, allowing a remote, unauthenticated attacker to execute arbitrary code with 'NT AUTHORITY\NetworkService' privileges. The vulnerable endpoint is used by Newforma Project Center Server NPCS, so a...
CVE-2025-4615
An improper input neutralization vulnerability in the management web interface of the Palo Alto Networks PAN-OS® software enables an authenticated administrator to bypass system restrictions and execute arbitrary commands. The security risk posed by this issue is significantly minimized when CLI...
CVE-2025-4614 PAN-OS: Session Token Disclosure Vulnerability
An information disclosure vulnerability in Palo Alto Networks PAN-OS® software enables an authenticated administrator to view session tokens of users authenticated to the firewall web UI. This may allow impersonation of users whose session tokens are leaked. The security risk posed by this issue...
EUVD-2020-17585
Malware in sbrugna...