CVE-2025-52130

File upload vulnerability in WebErpMesv2 1.17 in the app/Http/Controllers/FactoryController.php controller. This flaw allows an authenticated attacker to upload arbitrary files, including PHP scripts, which can be accessed via direct GET requests, potentially resulting in remote code execution RC...

Linux Distros Unpatched Vulnerability : CVE-2006-4976

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Date Library in John Lim ADOdb Library for PHP allows remote attackers to obtain sensitive information via a direct request for 1 server.php, 2...

iroha Board 安全漏洞

iroha Board is an e-learning system from iroha Japan. A security vulnerability exists in iroha Board v0.10.12 and earlier versions, which stems from a direct request issue that could allow an attacker to view non-public content...

CVE-2023-3792

A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/teststatus.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this...

CVE-2023-1682

A vulnerability has been found in Xunrui CMS 4.61 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dayrui/My/Config/Install.txt. The manipulation leads to direct request. The attack can be launched remotely. The exploit has been disclosed to t...

CVE-2025-27581

NIH BRICS aka Biomedical Research Informatics Computing System through 14.0.0-67 allows users who lack the InET role to access the InET module via direct requests to known endpoints...

CVE-2024-55075

Grocy, affected through version 4.3.0, exposes information disclosure via direct requests to pages that are not shown in the UI. Connected documents confirm the product (Grocy) and version (≤ 4.3.0) and the impact (sensitive information exposure), but do not provide deeper root-cause analysis, ex...

CVE-2024-55075

Grocy through 4.3.0 allows remote attackers to obtain sensitive information via direct requests to pages that are not shown in the UI, such as calendar and recipes...

PT-2024-36058 · Directus · Directus

Name of the Vulnerable Software and Affected Versions: Directus versions prior to 10.13.4 Directus versions prior to 11.2.0 Description: The Comment feature in Directus has a filter to prevent users from adding restricted characters, such as HTML tags. However, this filter operates on the...

SourceCodester Clinics Patient Management System 安全漏洞

SourceCodester Clinics Patient Management System is a clinic patient management system from SourceCodester, Inc. A security vulnerability exists in SourceCodester Clinics Patient Management System version 1.0, which stems from an incorrect operation that results in a direct request...

CVE-2024-7080

A vulnerability was found in SourceCodester Insurance Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /E-Insurance/. The manipulation leads to direct request. The attack can be launched remotely. The exploit has be...

Parsec Automation TrackSYS Security Vulnerability

Parsec Automation TrackSYS is a data processing platform from Parsec Automation. A security vulnerability exists in Parsec Automation TrackSYS version 11.x.x, which stems from /TS/export/pagedefinition contains unknown processing that results in a direct request via parameter ID...

PT-2024-13711 · Hongdian · H8951-4G-Esp +1

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided descriptions. Description: An authenticated user can execute arbitrary commands in the context of the root user by providing a payload in the destination field of the network test...

VulnCheck KEV: CVE-2022-42953

Certain ZKTeco products ZEM500-510-560-760, ZEM600-800, ZEM720, ZMM allow access to sensitive information via direct requests for the form/DataApp?style=1 and form/DataApp?style=0 URLs. The affected versions may be before 8.88 ZEM500-510-560-760, ZEM600-800, ZEM720 and 15.00 ZMM200-220-210...

CVE-2023-5702

A vulnerability was found in Viessmann Vitogate 300 up to 2.1.3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /cgi-bin/. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The identifier of th...

Viessmann Vitogate Security Breach

Viessmann Vitogate is an intelligent control system from Viessmann. A security vulnerability exists in Viessmann Vitogate versions 300 through 2.1.3.0, which stems from the presence of some unknown functions in /cgi-bin/, resulting in a direct request...

Beijing Baichuo Smart S85F Management Platform 安全漏洞

Beijing Baichuo Smart S85F Management Platform is a management platform from Beijing Baichuo. A security vulnerability exists in Beijing Baichuo Smart S85F Management Platform 20230809 and prior versions, which originates in the file /config/php.ini and results in a direct request...

CVE-2023-3792

A vulnerability was found in Beijing Netcon NS-ASG 6.3. It has been classified as problematic. This affects an unknown part of the file /admin/teststatus.php. The manipulation leads to direct request. The exploit has been disclosed to the public and may be used. The associated identifier of this...

Netcon NS-ASG 安全漏洞

Netcon NS-ASG is an application security gateway from China Netcon Technology Netcon. A security vulnerability exists in Beijing Netcon NS-ASG version 6.3, which originates from the file /admin/teststatus.php that can result in a direct request...

XunRuiCMS 安全漏洞

XunRuiCloud Software Development XunRuiCMS XunRui CMS is an open source content management system CMS from China's XunRuiCloud Software Development Company. A security vulnerability exists in XunRuiCMS version 4.61, which originates from an unknown function in the file...