CVE-2024-56523

Radware Cloud Web Application Firewall WAF before 2025-05-07 allows remote attackers to bypass firewall filters by placing random data in the HTTP request body when using the HTTP GET method...

CVE-2025-24948

In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records...

CVE-2025-24948

In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records...

CVE-2025-3612

CVE-2025-3612 affects Demtec Graphytics 5.0.7. The issue resides in an unknown part of the file /visualization within the HTTP GET Parameter Handler component, where input manipulation enables cross-site scripting. Exploitation is possible remotely and publicized, with the vendor not responding t...

CVE-2025-3612 Demtec Graphytics HTTP GET Parameter visualization cross site scripting

A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-3612 Demtec Graphytics HTTP GET Parameter visualization cross site scripting

A vulnerability, which was classified as problematic, was found in Demtec Graphytics 5.0.7. This affects an unknown part of the file /visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-24948

In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records...

PT-2025-16285 · Demtec · Demtec Graphytics

Name of the Vulnerable Software and Affected Versions: Demtec Graphytics version 5.0.7 Description: A vulnerability was found in Demtec Graphytics, affecting an unknown part of the file/visualization of the component HTTP GET Parameter Handler. The manipulation leads to cross-site scripting. It i...

CVE-2025-24948

In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records...

CVE-2025-24948

CVE-2025-24948 affects JotUrl 2.0, where passwords are transmitted via HTTP GET requests. Root cause: sensitive credentials sent in URL parameters, exposing them to eavesdropping or insecure records. Impact: credential exposure risk (as described in sources). The CVSS v3.1 base score is 6.5 (Medi...

CVE-2025-3405

A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDERID leads ...

CVE-2025-3405

A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDERID leads ...

CVE-2025-3405 FCJ Venture Builder appclientefiel HTTP GET Request ObterPedido resource injection

A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDERID leads ...

CVE-2025-3405 FCJ Venture Builder appclientefiel HTTP GET Request ObterPedido resource injection

A vulnerability was found in FCJ Venture Builder appclientefiel 3.0.27. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /rest/cliente/ObterPedido/ of the component HTTP GET Request Handler. The manipulation of the argument ORDERID leads ...

CVE-2025-29033

An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter...

CVE-2025-29033

The CVE-2025-29033 issue affects BambooHR Build 25.0210.170831-83b08dd, where a remote attacker can escalate privileges through the GET parameter r of /saml/index.php. Descriptions across multiple feeds confirm the vulnerability path but do not supply an official patched version or vendor-issued ...

CVE-2025-29033

An issue in BambooHR Build v.25.0210.170831-83b08dd allows a remote attacker to escalate privileges via the /saml/index.php?r=" HTTP GET parameter...

CVE-2025-2353

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...

CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...

CVE-2025-2353 VAM Virtual Airlines Manager HTTP GET Parameter index.php sql injection

A vulnerability, which was classified as critical, was found in VAM Virtual Airlines Manager up to 2.6.2. Affected is an unknown function of the file /vam/index.php of the component HTTP GET Parameter Handler. The manipulation of the argument ID/registryid/planeicao leads to sql injection. It is...