CVE-2025-11195 Rapid7 AppSpider Project Name Validation Bypass

Rapid7 AppSpider Pro versions below 7.5.021 suffer from a project name validation vulnerability, whereby an attacker can change the project name directly in the configuration file to a name that already exists. This issue stems from a lack of effective verification of the uniqueness of project...

CVE-2025-11195

Rapid7 AppSpider Pro versions below 7.5.021 are affected by a project name validation bypass. The issue arises from insufficient verification of project name uniqueness when editing the configuration file outside the application, allowing an attacker to set a project name to one that already exis...

Rapid7 AppSpider Pro 数据伪造问题漏洞

Rapid7 AppSpider Pro is a dynamic application security testing solution from Rapid7, Inc. that allows you to scan Web and mobile applications for vulnerabilities. A data forgery issue vulnerability exists in Rapid7 AppSpider Pro versions prior to 7.5.021, which stems from insufficient project nam...

PT-2025-40014

Name of the Vulnerable Software and Affected Versions Rapid7 AppSpider Pro versions prior to 7.5.021 Description Rapid7 AppSpider Pro versions below 7.5.021 have a project name validation issue. An attacker can modify the project name directly in the configuration file to a name that already exis...

CVE-2025-11124

A vulnerability has been found in code-projects Project Monitoring System 1.0. Affected is an unknown function of the file /onlineJobSearchEngine/postjob.php. Such manipulation of the argument txtapplyto leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-59945

SysReptor is a fully customizable pentest reporting platform. In versions from 2024.74 to before 2025.83, authenticated and unprivileged non-admin users can assign the isprojectadmin permission to their own user. This allows users to read, modify and delete pentesting projects they are not member...

CVE-2025-56807

A cross-site scripting XSS vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders...

CVE-2025-56807

A cross-site scripting XSS vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders...

CVE-2025-7104 Mass Assignment in danny-avila/librechat

A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to manipulate sensitive fields by automatically binding user-provided data to internal object properties or database fields without proper filtering. As a result, any extra...

CVE-2025-10344 HTML injection in Perfex CRM

HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameters 'name' and 'clientid' at the endpoint '/projects/project/x'...

CVE-2025-10344

CVE-2025-10344 describes a stored HTML-injection vulnerability in Perfex CRM v3.2.1. The issue arises from insufficient validation of user input in the API at the endpoint /projects/project/x, where HTML can be injected via the POST parameters named, clientid. The core impact is stored HTML injec...

CVE-2025-56807

CVE-2025-56807 affects FairSketch RISE Ultimate Project Manager & CRM (v3.9.4). The vulnerability is a Stored XSS in the File Manager/File Explorer utilized when creating new folders: the title parameter is not properly sanitized, allowing an attacker (with admin privileges as per description) to...

PMTicket Project-Management-Software 代码问题漏洞

PMTicket Project-Management-Software is a PMTicket open source agile project management and issue tracking system. A code issue vulnerability exists in PMTicket Project-Management-Software, which stems from incorrect manipulation of the parameter userid of the component Cookie Handler in the file...

CVE-2025-56807

A cross-site scripting XSS vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders...

CVE-2025-56807

A cross-site scripting XSS vulnerability in FairSketch RISE Ultimate Project Manager & CRM 3.9.4 allows an administrator to store a JavaScript payload using the file explorer in the admin dashboard when creating new folders...

Project Monitoring System login.php File SQL Injection Vulnerability

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameters username/password in the file /login.php. An attacker can exploit this...

FairSketch RISE Ultimate Project Manager 安全漏洞

FairSketch RISE Ultimate Project Manager is a project management system from FairSketch, Inc. A security vulnerability exists in FairSketch RISE Ultimate Project Manager version 3.9.4, which originates from a JavaScript payload that can be stored by an administrator via File Explorer when creatin...

Project Monitoring System Cross-Site Scripting Vulnerability

Project Monitoring System is a project monitoring system. Project Monitoring System suffers from a cross-site scripting vulnerability that stems from the /onlineJobSearchEngine/postjob.php file not adequately filtering the txtapplyto parameter. No details of the vulnerability are available at thi...

PT-2025-39817

Name of the Vulnerable Software and Affected Versions Perfex CRM version 3.2.1 Description An HTML injection issue exists in Perfex CRM version 3.2.1. This is due to insufficient validation of user-supplied data. An attacker can inject HTML code by sending a POST request to the /projects/project/...

CVE-2025-11124

A vulnerability has been found in code-projects Project Monitoring System 1.0. Affected is an unknown function of the file /onlineJobSearchEngine/postjob.php. Such manipulation of the argument txtapplyto leads to cross site scripting. The attack may be launched remotely. The exploit has been...