CVE-2025-13791

A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is...

CVE-2025-13791

A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is...

CVE-2025-13791 Scada-LTS Project Import ZIPProjectManager.java Common.getHomeDir path traversal

A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is...

CVE-2025-13791 Scada-LTS Project Import ZIPProjectManager.java Common.getHomeDir path traversal

A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is...

Scada-LTS 路径遍历漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A path traversal vulnerability exists in Scada-LTS version 2.7.8.1 and earlier, which stems from a path traversal issue in the Common.getHomeDir function in the file...

CVE-2025-0504

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

EUVD-2025-198515

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-0504

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-0504 Black Duck SCA Project Privilege Escalation

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-0504 Black Duck SCA Project Privilege Escalation

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-0504

CVE-2025-0504 affects Black Duck SCA versions prior to 2025.10.0. The root cause is an overly broad configuration of user role permissions: a scoped Project Manager with Global User Read access could access Project Administrator functionalities that should be inaccessible. Consequence: potential ...

PT-2025-47803

Black Duck SCA versions prior to 2025.10.0 had user role permissions configured in an overly broad manner. Users with the scoped Project Manager user role with the Global User Read access permission enabled access to certain Project Administrator functionalities which should have be inaccessible...

CVE-2025-8994

CVE-2025-8994 : WP Project Manager (WordPress) is vulnerable to a time-based SQL Injection via the completed_at_operator parameter in all versions up to 2.6.26. Exploitation requires authenticated access at Subscriber level or higher and can be used to extract sensitive data from the database. Pu...

CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

CVE-2025-8994 WP Project Manager <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator'

The Project Management, Team Collaboration, Kanban Board, Gantt Charts, Task Manager and More – WP Project Manager plugin for WordPress is vulnerable to time-based SQL Injection via the ‘completedatoperator’ parameter in all versions up to, and including, 2.6.26 due to insufficient escaping on th...

PT-2025-47042

Name of the Vulnerable Software and Affected Versions WP Project Manager plugin for WordPress versions prior to 2.6.27 Description The WP Project Manager plugin for WordPress is susceptible to a time-based SQL Injection issue. This is due to inadequate escaping of user-supplied input and...

WordPress plugin WP Project Manager SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to set up personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A SQL...

WordPress WP Project Manager plugin <= 2.6.26 - Authenticated (Subscriber+) SQL Injection via 'completed_at_operator' vulnerability

Authenticated Subscriber+ SQL Injection via 'completedatoperator' vulnerability discovered by mikemyers in WordPress Plugin WP Project Manager versions = 2.6.26...

FairSketch Rise Ultimate Project Manager and CRM 跨站脚本漏洞

FairSketch Rise Ultimate Project Manager and CRM is a team management and customer relationship management system from FairSketch. A cross-site scripting vulnerability exists in FairSketch Rise Ultimate Project Manager and CRM version 3.8.1, which stems from insufficient validation of user input...

CVE-2025-63293

FairSketch Rise Ultimate Project Manager & CRM 3.9.4 is vulnerable to Insecure Permissions. A remote authenticated user can append comments or upload attachments to tickets for which they lack view or edit authorization, due to missing authorization checks in the ticketing/commenting API...