EUVD-2026-31309

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesi.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into HTML form hidden input value attributes...

CVE-2026-48229 Open ISES Tickets < 3.44.2 Reflected XSS via routes_i.php ticket_id Parameter

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesi.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into HTML form hidden input value attributes...

EUVD-2026-31184

Open ISES Tickets before 3.44.2 contains a reflected cross-site scripting vulnerability in routesnm.php that allows authenticated attackers to inject arbitrary JavaScript by passing an unsanitized value through the ticketid GET parameter directly into a hidden input field VALUE attribute. Attacke...

Introspect 注入漏洞

Introspect is an open source application from Defog.ai. An injection vulnerability exists in Introspect 0.1.4 and earlier versions, which stems from code injection due to misbehavior of the parameter inputmodel in the file introspect/backend/integrationroutes.py...

Exploit for CVE-2025-29927

CVE-2025-29927 Scanner ===================== This Python script...

PT-2025-7165 · Q Free · Q-Free Maxtime

Name of the Vulnerable Software and Affected Versions: Q-Free MaxTime versions 2.11.0 and earlier Description: A missing authorization issue in maxprofile/users/routes.lua allows an authenticated, low-privileged attacker to modify user data via crafted HTTP requests. Recommendations: For versions...

Q-Free MAXTIME Suite 安全漏洞

Q-Free MAXTIME Suite is a software suite for local traffic signal management from Q-Free. A security vulnerability exists in Q-Free MAXTIME Suite version 2.11.0 and prior versions that stems from a missing authorization in maxprofile/users/routes.lua. An attacker could exploit the vulnerability t...

gotribe-admin 安全漏洞

gotribe-admin is a Go + Vue developed small cms solution by gotribe open source. A security vulnerability exists in gotribe-admin version 1.0, which stems from the function InitRoutes in the file internal/app/routes/routes.go that causes deserialization...

PT-2024-24085 · Docsgpt · Docsgpt

Name of the Vulnerable Software and Affected Versions: DocsGPT versions prior to 0.8.1 Description: The issue is related to an unauthenticated limited file write in routes.py. This allows for unauthorized access to write files, potentially leading to further exploitation. The estimated number of...

PT-2024-21904 · Maildev · Maildev

Name of the Vulnerable Software and Affected Versions: MailDev versions 2 through 2.1.0 Description: The issue allows Remote Code Execution via a crafted Content-ID header for an e-mail attachment, leading to lib/mailserver.js writing arbitrary code into the routes.js file. Recommendations: For...