149 matches found
CVE-2026-1978 kalyan02 NanoCMS User Information pagesdata.txt direct request
A vulnerability was detected in kalyan02 NanoCMS up to 0.4. Affected by this issue is some unknown functionality of the file /data/pagesdata.txt of the component User Information Handler. Performing a manipulation results in direct request. It is possible to initiate the attack remotely. The...
NanoCMS 安全漏洞
NanoCMS is a lightweight content management system developed by kalyan02. Versions of NanoCMS prior to 0.4 contained security vulnerabilities, which were caused by incorrect handling of the file/data/pagesdata.txt, potentially leading to direct requests...
ALGO 8180 IP Audio Alerter security vulnerability
ALGO 8180 IP Audio Alerter is an IP speaker developed by ALGO Corporation. The ALGO 8180 IP Audio Alerter has a security vulnerability; this vulnerability stems from the web-based user interface, which allows direct requests for URLs, potentially leading to information leakage...
CVE-2022-42953
Certain ZKTeco products ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 ZEM500-510-560-760, ZEM600-800, ZEM720 and 15.00 ZMM200-220-210. The...
OneUptime 授权问题漏洞
OneUptime is a comprehensive solution from OneUptime Open Source. for monitoring and managing your online services. An authorization issue vulnerability exists in OneUptime version 9.0.5598 that stems from a low-privileged user being able to create a new account via a direct API request, which...
CVE-2025-64063
Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...
PT-2025-48071
Primakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard user can exploit this flaw by sending direct HTTP requests to administrative endpoints, bypassing the UI restrictions. This allows the attacker to manipulate...
EUVD-2025-36443
microCLAUDIA in v3.2.0 and prior has an improper access control vulnerability. This flaw allows an authenticated user to perform unauthorized actions on other organizations' systems by sending direct API requests. To do so, the attacker can use organization identifiers obtained through a...
EUVD-2005-4866
Malware in sbrugna...
EUVD-2017-16632
Malware in sbrugna...
EUVD-2006-0914
Malware in sbrugna...
EUVD-2006-5366
Malware in sbrugna...
EUVD-2004-2661
Malware in sbrugna...
EUVD-2003-1274
Malware in sbrugna...
CVE-2025-11280 Frappe LMS Assignment Picture files direct request
A flaw has been found in Frappe LMS 2.35.0. Impacted is an unknown function of the file /files/ of the component Assignment Picture Handler. This manipulation causes direct request. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitability is considered...
EUVD-2025-25746
Malicious code in bioql PyPI...
CVE-2025-59797
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/id and also URLs for eversports, the user-management page, and the plane page...
CVE-2025-59797
Profession Fit 5.0.99 Build 44910 allows authorization bypass via a direct request for /api/challenges/id and also URLs for eversports, the user-management page, and the plane page...
CVE-2025-10287
A vulnerability has been found in roncoo roncoo-pay up to 9428382af21cd5568319eae7429b7e1d0332ff40. The affected element is an unknown function of the file /auth/orderQuery. Such manipulation of the argument orderNo leads to direct request. The attack may be performed from remote. A high complexi...
PT-2025-37285
Name of the Vulnerable Software and Affected Versions: roncoo-pay versions prior to 9428382af21cd5568319eae7429b7e1d0332ff40 Description: A vulnerability exists in roncoo-pay that allows for direct request manipulation. The issue is related to the /auth/orderQuery file and an unknown function...