CVE-2026-46366

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...

CVE-2026-46366 phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...

CVE-2026-46366 phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...

CVE-2026-46366

phpMyFAQ before 4.1.2 contains an information disclosure vulnerability in the getIdFromSolutionId method that lacks permission filtering, allowing unauthenticated attackers to enumerate restricted FAQ entries and read their titles via the /solutionidid.html endpoint. Attackers can sequentially...

phpMyFAQ 安全漏洞

phpMyFAQ is a multilingual, fully database-driven FAQ system developed by Thorsten Rinne. Versions of phpMyFAQ prior to 4.1.2 contained security vulnerabilities. These vulnerabilities stemmed from a lack of permission filtering in the getIdFromSolutionId method. This allowed unauthorized attacker...

Aptsys Gemscms POS Platform security vulnerabilities

Aptsys Gemscms POS Platform is a catering management system developed by the Indian company Aptsys. There is a security vulnerability in the Aptsys Gemscms POS Platform. This vulnerability stems from the GetServiceByRestaurantID endpoint, which does not properly clean or parameterize user inputs,...

CVE-2025-41443 Guest user can discover active public channels

Mattermost versions 10.5.x = 10.5.12, 10.11.x = 10.11.2 fail to properly validate guest user permissions when accessing channel information which allows guest users to discover active public channels and their metadata via the /api/v4/teams/teamid/channels/ids endpoint...

CVE-2025-9756

A vulnerability was found in PHPGurukul User Management System 1.0. This impacts an unknown function of the file /admin/change-emailid.php. The manipulation of the argument uid results in sql injection. The attack can be executed remotely. The exploit has been made public and could be used...

PT-2024-25756 · Sourcecodester · Sourcecodester Stock Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Visitor Management System version 1.0 Description: The issue allows attackers to execute arbitrary SQL commands, potentially leading to data exfiltration. This can be exploited remotely via the id parameter in the...

PT-2023-30555 · Zoho · Manageengine Desktop Central

Name of the Vulnerable Software and Affected Versions: ManageEngine Desktop Central version 9.1.0 Description: A CRLF injection vulnerability has been found in ManageEngine Desktop Central. This vulnerability could allow a remote attacker to inject arbitrary HTTP headers and perform HTTP response...

PT-2023-32052 · Unknown · Mattermost

Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: Mattermost fails to deduplicate input IDs, allowing a simple user to cause the application to consume excessive resources and possibly crash by sending a specially crafted request to...

grafana: IDOR vulnerability can lead to information disclosure

An Insecure Direct Object Reference IDOR vulnerability was found on Grafana Teams APIs. This flaw impacts the /teams/:teamId, /teams/:search, /teams/:teamId/members API endpoints and may allow an authenticated attacker to view unintended data by querying for the specific team ID or search for tea...

CIRCONTROL CirCarLife Information Disclosure Vulnerability

CIRCONTROL CirCarLife is a parking lot automation management system from Circontrol, Spain. An information disclosure vulnerability exists in CIRCONTROL CirCarLife versions prior to 4.3, which stems from the program's lack of authentication against /html/device-id. An attacker could exploit this...