Weitong Mall 授权问题漏洞

Weitong Mall is a shopping mall system developed by fuyanglipengjun. Weitong Mall version 1.0 has an authorization issue vulnerability, the vulnerability stems from improper authorization of the TopicCategoryController function in the file /topiccategory/queryAll, which may lead to remote attacks...

PT-2025-39088

Name of the Vulnerable Software and Affected Versions fuyang lipengjun platform version 1.0 Description An improper authorization issue exists in the TopicCategoryController function within the /topiccategory/queryAll file of the fuyang lipengjun platform. This allows for remote attacks. The...

JimuReport 代码问题漏洞

JimuReport is a free reporting tool open source by JEECG in China. A code issue vulnerability exists in JimuReport 2.1.2 and earlier versions, which stems from a deserialization issue in file /drag/onlDragDataSource/testConnection in the MySQL JDBC Handler component, which could lead to remote...

Weitong Mall 授权问题漏洞

Weitong Mall Weitong Mall is a shopping mall system by fuyanglipengjun individual developer. An authorization issue vulnerability exists in Weitong Mall version 1.0, which stems from improper authorization of the AttributeController function in file/attribute/queryAll, and could lead to remote...

Weitong Mall 授权问题漏洞

Weitong Mall Weitong Mall is a shopping mall system by fuyanglipengjun, an individual developer. Weitong Mall version 1.0 has an authorization issue vulnerability, the vulnerability stems from improper authorization of the function AttributeCategoryController in the file...

Airsonic-Advanced 代码问题漏洞

Airsonic-Advanced is an open source music streaming server from Airsonic. A code issue vulnerability exists in Airsonic-Advanced version 10.6.0 and earlier, which stems from the Playlist Upload Handler component not limiting uploads, which could lead to remote attacks...

PT-2025-35156

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Apartment Management System 1.0. The issue is located in the file /o dashboard/rented all info.php. Manipulation of the uid argumen...

PT-2025-34838

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A vulnerability exists in the /visitor/addvisitor.php file within the software. Manipulation of the ID argument can lead to a SQL injection. The attack can be launched remotely...

Scada-LTS 安全漏洞

Scada-LTS is an open source, web-based, multi-platform solution from Scada-LTS Open Source. A security vulnerability exists in Scada-LTS version 2.7.8.1 and earlier, which originates from cross-site scripting and could lead to remote attacks...

Belkin AX1800 数据伪造问题漏洞

The Belkin AX1800 is a wireless router from Belkin Canada. A data forgery issue vulnerability exists in the Belkin AX1800 version 1.1.00.016, which stems from insufficient validation of data authenticity and could lead to remote attacks...

Zhilink ADP Application Developer Platform SQL注入漏洞

Zhilink ADP Application Developer Platform is an application development platform from Zhilink, which provides one-stop development tools and environment to support rapid building and deployment of enterprise-level applications. Zhilink ADP Application Developer Platform suffers from a SQL...

pybbs 输入验证错误漏洞

pybbs is a community platform for Java development by iuiu individual developers. An input validation error vulnerability exists in pybbs 6.0.0 and earlier versions, which originates from the function changeLanguage parameter referer in the file...

PT-2025-32318 · Wanzhou · Woes Intelligent Optimization Energy Saving System

Name of the Vulnerable Software and Affected Versions: Wanzhou WOES Intelligent Optimization Energy Saving System version 1.0 Description: A vulnerability exists in Wanzhou WOES Intelligent Optimization Energy Saving System 1.0. The issue involves SQL injection due to the manipulation of the...

CVE-2025-51058

Bottinelli Informatical Vedo Suite 2024.17 is vulnerable to Server-side Request Forgery SSRF in the /apivedo/video/preview endpoint, which allows remote authenticated attackers to trigger HTTP requests towards arbitrary remote paths via the "file" URL parameter...

PT-2025-32201 · Unknown · Skyworkai Deepresearchagent

Name of the Vulnerable Software and Affected Versions: SkyworkAI DeepResearchAgent up to 08eb7f8eb9505d0094d75bb97ff7dacc3fa3bbf2 Description: A critical vulnerability exists in SkyworkAI DeepResearchAgent. The issue is an OS command injection within the from code, from dict, and from mcp functio...

PT-2025-31932 · Emsisoft · Emsisoft Anti-Malware

Name of the Vulnerable Software and Affected Versions: Emsisoft Anti-Malware versions prior to 2024.12 Description: A vulnerability in the scanning module of Emsisoft Anti-Malware allows attackers on a remote server to obtain Net-NTLMv2 hash information by using a specially crafted A2S Emsisoft...

CVE-2025-52078

File upload vulnerability in Writebot AI Content Generator SaaS React Template thru 4.0.0, allowing remote attackers to gain escalated privileges via a crafted POST request to the /file-upload endpoint...

Grafana Infinity datasource plugin 安全漏洞

Grafana Infinity datasource plugin is an open source data access plugin for Grafana. A security vulnerability exists in Grafana Infinity datasource plugin versions prior to 3.4.1, which originates from URL restrictions that can be bypassed, potentially leading to remote attacks...

CVE-2025-8443

CVE-2025-8443 affects code-projects Online Medicine Guide 1.0. The vulnerability is a SQL injection in login.php via the uname parameter, exploitable remotely; multiple sources describe public disclosure and potential impact. A practical mitigation noted in PT Security documentation is to restric...

The vulnerability in the adicionar_raca.php script of the WeGIA web manager allows a hacker to perform cross-site scripting attacks.

The vulnerability of the adicionarraca.php script of the WeGIA web manager is related to the failure to protect the website structure when processing the raca parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks XSS remotely...