PT-2025-47151

Name of the Vulnerable Software and Affected Versions OpenRapid RapidCMS version 1.3.1 Description OpenRapid RapidCMS version 1.3.1 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /system/update-run.php API endpoint. This allows for the injection of malicious...

PT-2025-35925

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied input. The vulnerability is present in the /apprain/developer/addons/update/cycle endpoint,...

PT-2025-26687 · Unknown · Sysmonelixir

Name of the Vulnerable Software and Affected Versions: SysmonElixir versions prior to 1.0.1 Description: The issue concerns SysmonElixir, a system monitor HTTP service in Elixir. Prior to version 1.0.1, the "/read" endpoint reads any file from the server's file system, including sensitive files...

PT-2025-5612 · Dumpdrop · Dumpdrop

Name of the Vulnerable Software and Affected Versions: DumpDrop affected versions not specified Description: The issue is related to an OS Command Injection vulnerability in the DumpDrop application, specifically in the "/upload/init" endpoint. This vulnerability could allow an attacker to execut...

PT-2024-33292 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.5.0 Description: An issue was discovered in Logpoint where an endpoint used by Distributed Logpoint Setup was exposed. This exposure allows unauthenticated attackers to bypass CSRF protections and authentication...

PT-2024-33082 · Portabilis · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9.0 Description: The issue concerns a Cross-Site Scripting XSS vulnerability. It can be exploited via the nm religiao parameter in the "/intranet/educar religiao lst.php?busca=S&nm religiao=" endpoint...

PT-2024-33482 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...

PT-2024-36060 · Unknown · Phpmybackuppro

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/scheduled.php" API endpoint, utilizing all parameters. This issue could enable an attacker to...

PT-2024-25809 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.3-lts Description: The issue is related to command injections in the project that are not well filtered, leading to arbitrary file writes and ultimately to remote code executions RCEs. The mirror configuration...

PT-2024-20320 · Zentao · Zentao

Name of the Vulnerable Software and Affected Versions: Zentao versions 18.0 through 18.10 Description: A remote code execution issue was discovered in Zentao, affecting its checkConnection method. The vulnerability can be exploited via the /app/zentao/module/repo/model.php endpoint, allowing for...

PT-2023-32940

Name of the Vulnerable Software and Affected Versions encoded id-rails versions before 1.0.0.beta2 Description The issue is an uncontrolled resource consumption vulnerability. A remote and unauthenticated attacker might cause a denial of service condition by sending an HTTP request with an...

PT-2023-16983 · Sourcecodester · Sourcecodester Medicine Tracker System

Name of the Vulnerable Software and Affected Versions: SourceCodester Medicine Tracker System version 1.0 Description: A critical issue has been found in the processing of the file medicines/view details.php of the component GET Parameter Handler. The manipulation of the GET argument leads to sql...

PT-2022-27781 · Unknown · Spring-Boot-Admin

Name of the Vulnerable Software and Affected Versions: Spring Boot Admin versions prior to 2.6.10 Spring Boot Admin versions prior to 2.7.8 Description: The issue affects users who run Spring Boot Admin Server with enabled Notifiers and write access to environment variables via UI. This allows fo...

PT-2022-26293 · Tenda · Tenda Ac10

Name of the Vulnerable Software and Affected Versions: Tenda AC10 version 15.03.06.23 Description: The issue is related to a stack overflow vulnerability. This vulnerability can be exploited via the "/goform/formSetFirewallCfg" API endpoint. Recommendations: For Tenda AC10 version 15.03.06.23, as...

PT-2022-18389 · Unknown · Zoo Management System

Name of the Vulnerable Software and Affected Versions: Zoo Management System version 1.0 Description: The issue allows attackers to execute arbitrary code via a crafted PHP file, exploiting an arbitrary file upload vulnerability. This is possible through the "/public html/apply vacancy" API...

PT-2021-9610 · Openiam · Openam

Name of the Vulnerable Software and Affected Versions: OpenIAM versions prior to 4.2.0.3 Description: The issue concerns a lack of permission verification for users attempting to perform administrative actions through the "/webconsole/rest/api/" endpoint. This means that users without proper...

PT-2020-20583 · Aquaforest · Aquaforest Tiff Server

Name of the Vulnerable Software and Affected Versions: Aquaforest TIFF Server version 4.0 Description: The issue allows unauthenticated file and directory enumeration. This is achieved via the "tiffserver/tssp.aspx" endpoint. Recommendations: For Aquaforest TIFF Server version 4.0, consider...