EUVD-2026-31505

RT is an open source, enterprise-grade issue and ticket tracking system. Versions 5.0.0 through 5.0.9 and 6.0.0 through 6.0.2 contain an SQL injection vulnerability. An authenticated user can craft input that is incorporated into database queries without proper validation, potentially allowing th...

PT-2026-36604

Name of the Vulnerable Software and Affected Versions itsourcecode Courier Management System version 1.0 Description A remote SQL injection exists in the /edit user.php file. This issue occurs when the ID argument is manipulated, allowing an attacker to execute arbitrary SQL commands...

PT-2025-53626

Name of the Vulnerable Software and Affected Versions jackq XCMS versions prior to 3fab5342cc509945a7ce1b8ec39d19f701b89261 Description A flaw exists in jackq XCMS that allows for unrestricted file upload. The issue is located in the Upload function within the...

PT-2025-50974

Name of the Vulnerable Software and Affected Versions Atcom 100M IP Phones versions 2.7.x.x Description The software contains an authenticated command injection issue in the web configuration CGI script. This allows attackers to execute arbitrary system commands. The cmd parameter within the 'web...

PT-2025-34705 · Itsourcecode · Apartment Management System

Name of the Vulnerable Software and Affected Versions: itsourcecode Apartment Management System version 1.0 Description: A security issue exists in itsourcecode Apartment Management System 1.0. The vulnerability is located in the file /owner/addowner.php within an unknown function. Manipulation o...

PT-2025-33731

Name of the Vulnerable Software and Affected Versions: Plesk Obsidian version 18.0.70 Description: The isAdminPasswordValid function in Plesk Obsidian uses a weak comparison == which allows an attacker to bypass the administrator password if the correct password is in the format "0e" followed by...

PT-2025-29497 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SemCms version 5.0 Description: SemCms version 5.0 contains a SQL injection issue via the lgid parameter at the SEMCMS Link.php file. Recommendations: As a temporary workaround, consider restricting access to the SEMCMS Link.php file to...

PT-2025-17345

Name of the Vulnerable Software and Affected Versions DaiCuo version 1.3.13 Description A vulnerability was found in the SEO Optimization Settings Section component, which can lead to cross-site scripting. The attack may be launched remotely. Recommendations For DaiCuo version 1.3.13, consider...

PT-2025-9510 · Unknown +1 · Tuleap Community Edition +2

Name of the Vulnerable Software and Affected Versions: Tuleap versions prior to 16.4.99.1740067916 Tuleap Enterprise Edition versions prior to 16.4-5 and 16.3-10 Description: Tuleap is an Open Source Suite to improve management of software developments and collaboration. It allows cross-site...

PT-2025-6108 · Allims · Lab.Online

Name of the Vulnerable Software and Affected Versions: Allims lab.online versions up to 20250201 Description: A critical issue was found in the processing of the file /model/model recuperar senha.php, where the manipulation of the recuperacao argument leads to SQL injection. This issue can be...

PT-2025-5584 · Acronis · Acronis Cyber Protect Cloud Agent

Name of the Vulnerable Software and Affected Versions: Acronis Cyber Protect Cloud Agent Windows versions prior to build 39378 Description: The issue is related to a local privilege escalation due to a DLL hijacking vulnerability. This means that an attacker could potentially exploit the...

PT-2025-5490 · Unknown · Serped.Net

Name of the Vulnerable Software and Affected Versions: SERPed.net versions n/a through 4.4 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection, potentially compromising data...

PT-2025-1115

Name of the Vulnerable Software and Affected Versions Moxa EDS-508A Series versions 3.11 and earlier Description The Moxa EDS-508A Series Ethernet switch is vulnerable to an authentication bypass due to flaws in its authorization mechanism. Although both client-side and back-end server verificati...

PT-2025-1652 · WordPress · Gatormail Smartforms

Name of the Vulnerable Software and Affected Versions: GatorMail SmartForms plugin for WordPress versions up to, and including, 1.1.0 Description: The issue is related to Stored Cross-Site Scripting in the GatorMail SmartForms plugin for WordPress. This is due to insufficient input sanitization a...

PT-2025-1804 · WordPress · Infility Global

Name of the Vulnerable Software and Affected Versions: Infility Global plugin for WordPress versions up to, and including, 2.9.8 Description: The issue is related to Reflected Cross-Site Scripting via the set type parameter due to insufficient input sanitization and output escaping. This allows...

PT-2024-35305 · Data443 · Data443 Lgpd Framework

Name of the Vulnerable Software and Affected Versions: Data443 LGPD Framework versions n/a through 2.0.2 Description: The issue is related to improper neutralization of input during web page generation, which allows reflected Cross-site Scripting XSS. This enables attackers to inject malicious...

PT-2024-35886 · WordPress · Sparkle Wp Sparkle Elementor Kit

Name of the Vulnerable Software and Affected Versions: Sparkle WP Sparkle Elementor Kit versions through 2.0.9 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows DOM-Based XSS. This is a Cross-site...

PT-2024-17160 · Engenius · Engenius Ens500-Ac +2

Name of the Vulnerable Software and Affected Versions: EnGenius ENH1350EXT, ENS500-AC, and ENS620EXT versions up to 20241118 Description: A critical issue affects an unknown function of the file /admin/network/wifi schedule. The manipulation of the argument wifi schedule day em 5 leads to command...

PT-2024-34665 · Unknown · Meshtastic

Name of the Vulnerable Software and Affected Versions: Meshtastic firmware versions prior to 2.5.6 Description: The Meshtastic firmware does not check for packets claiming to be from the special broadcast address 0xFFFFFFFF, which could result in unexpected behavior and potential for DDoS attacks...

PT-2024-33254 · Zohocorp · Zoho Manageengine Admanager Plus

Name of the Vulnerable Software and Affected Versions: Zohocorp ManageEngine ADManager Plus versions 7241 and prior Description: The issue is related to SQL Injection in the Archived Audit Report. This allows for potential exploitation. Recommendations: For versions 7241 and prior, update to a...