PT-2026-36976

Name of the Vulnerable Software and Affected Versions OpenMRS Core versions prior to 2.7.9 OpenMRS Core versions 2.8.0 through 2.8.5 Description The module upload endpoint 'POST /openmrs/ws/rest/v1/module' is susceptible to a Zip Slip path traversal attack. This occurs during the automatic...

PT-2025-47151

Name of the Vulnerable Software and Affected Versions OpenRapid RapidCMS version 1.3.1 Description OpenRapid RapidCMS version 1.3.1 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /system/update-run.php API endpoint. This allows for the injection of malicious...

PT-2025-38236

Name of the Vulnerable Software and Affected Versions: ZimaOS versions prior to 1.4.2 Description: ZimaOS, a fork of CasaOS, is susceptible to a file read issue. The /v2 1/files/file/download API endpoint allows unauthorized file access from any user with localhost access. File reads are executed...

PT-2025-35925

Name of the Vulnerable Software and Affected Versions: appRain CMF version 4.0.5 Description: A stored authenticated cross-site scripting XSS issue exists due to insufficient validation of user-supplied input. The vulnerability is present in the /apprain/developer/addons/update/cycle endpoint,...

PT-2025-32465 · Unknown · Litmuschaos

Name of the Vulnerable Software and Affected Versions: LitmusChaos versions prior to 3.19.0 Description: A critical issue exists in LitmusChaos related to improper authorization. The vulnerability stems from the manipulation of the role argument during the processing of the /auth/list projects AP...

PT-2025-26687 · Unknown · Sysmonelixir

Name of the Vulnerable Software and Affected Versions: SysmonElixir versions prior to 1.0.1 Description: The issue concerns SysmonElixir, a system monitor HTTP service in Elixir. Prior to version 1.0.1, the "/read" endpoint reads any file from the server's file system, including sensitive files...

PT-2025-9242

Name of the Vulnerable Software and Affected Versions Serosoft Solutions Pvt Ltd Academia Student Information System SIS EagleR version 1.0.118 Description The issue is related to an Insecure Direct Object References IDOR in the component "/getStudemtAllDetailsById?studentId=XX". This allows...

PT-2025-7215 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.14 Description: A Path Traversal issue was discovered in the WeGIA application, affecting the exportar dump.php endpoint. This could allow an attacker to gain unauthorized access to sensitive information stored in...

PT-2025-5612 · Dumpdrop · Dumpdrop

Name of the Vulnerable Software and Affected Versions: DumpDrop affected versions not specified Description: The issue is related to an OS Command Injection vulnerability in the DumpDrop application, specifically in the "/upload/init" endpoint. This vulnerability could allow an attacker to execut...

PT-2025-4751 · Teedy · Teedy

Name of the Vulnerable Software and Affected Versions: Teedy versions 1.11 and earlier Description: The issue allows for CSRF, enabling account takeover via POST "/api/user/admin". This can be exploited to gain unauthorized access to user accounts. Recommendations: For versions 1.11 and earlier, ...

PT-2024-33292 · Logpoint · Logpoint

Name of the Vulnerable Software and Affected Versions: Logpoint versions prior to 7.5.0 Description: An issue was discovered in Logpoint where an endpoint used by Distributed Logpoint Setup was exposed. This exposure allows unauthenticated attackers to bypass CSRF protections and authentication...

PT-2024-33082 · Portabilis · Portabilis I-Educar

Name of the Vulnerable Software and Affected Versions: Portabilis i-Educar version 2.9.0 Description: The issue concerns a Cross-Site Scripting XSS vulnerability. It can be exploited via the nm religiao parameter in the "/intranet/educar religiao lst.php?busca=S&nm religiao=" endpoint...

PT-2024-33482 · Zimaos · Zimaos

Name of the Vulnerable Software and Affected Versions: ZimaOS versions 1.2.4 and earlier Description: The issue allows authenticated users to perform a directory traversal attack via the API endpoint http:///v2 1/file, enabling access to sensitive system directories such as /etc. This could expos...

PT-2024-39032 · Unknown · Job Portal

Name of the Vulnerable Software and Affected Versions: JobPortal affected versions not specified Description: The issue is related to a SQL injection vulnerability. An attacker could send a specially designed query through the user id parameter in the "/jobportal/admin/user/controller.php" endpoi...

PT-2024-38525 · Unknown · Fujian Mwcms

Name of the Vulnerable Software and Affected Versions: Fujian mwcms version 1.0.0 Description: A critical issue was found in the Image Upload component, specifically affecting the uploadeditor function of the file "/uploadeditor.html?action=uploadimage". The manipulation of the upfile argument...

PT-2024-25595 · Paypal · Paypal

Name of the Vulnerable Software and Affected Versions: PayPal, Credit Card and Debit Card Payment version 1.0 Description: The issue allows an attacker to exploit a SQL injection vulnerability by sending a specially crafted query to the server. This can lead to the retrieval of all information...

PT-2024-36060 · Unknown · Phpmybackuppro

Name of the Vulnerable Software and Affected Versions: PhpMyBackupPro version 2.3 Description: A vulnerability has been discovered that could allow an attacker to execute XSS through the "/phpmybackuppro/scheduled.php" API endpoint, utilizing all parameters. This issue could enable an attacker to...

PT-2024-25809 · 1Panel · 1Panel

Name of the Vulnerable Software and Affected Versions: 1Panel versions prior to 1.10.3-lts Description: The issue is related to command injections in the project that are not well filtered, leading to arbitrary file writes and ultimately to remote code executions RCEs. The mirror configuration...

PT-2024-23703 · Unknown · Phpgurukul Cyber Cafe Management System

Name of the Vulnerable Software and Affected Versions: phpgurukul Cyber Cafe Management System Using PHP & MySQL version 1.0 Description: The issue allows attackers to run arbitrary SQL commands via the editid variable in the "/edit-computer-detail.php" API endpoint. This enables attackers to...

PT-2024-2494 · Tenda · Tenda Ac7

Name of the Vulnerable Software and Affected Versions: Tenda AC7 version 15.03.06.44 Description: A critical issue was found in the saveParentControlInfo function of the /goform/saveParentControlInfo file, which is related to a stack-based buffer overflow. This can be exploited remotely by...