EUVD-2025-32091

Malicious code in bioql PyPI...

CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40645

Exposure of sensitive information in Viday. This vulnerability could allow an unauthenticated attacker to obtain sensitive information about customers by sending an HTTP GET request to “/api/reserva/web/clients” using the “phone” parameter...

CVE-2025-40646

CVE-2025-40646 describes a Stored Cross-Site Scripting (XSS) in Energy CRM v2025 by Status Tracker Ltd. The vulnerability arises from insufficient validation of user input in a POST to /crm/create_job_submit.php, using the JobCreatedBy parameter. An attacker could craft a request that, when viewe...

CVE-2025-40646 Multiple vulnerabilities in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40646 Multiple vulnerabilities in Energy CRM by Status Tracker

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

CVE-2025-40645

CVE-2025-40645 relates to ViDay/Viday. An unauthenticated attacker can retrieve sensitive customer information by issuing an HTTP GET to /api/reserva/web/clients with the phone parameter. Technical details from sources: CVSS v4.0 base score 8.7 (HIGH) with NETWORK attack vector, LOW attack comple...

PT-2025-40330

Name of the Vulnerable Software and Affected Versions Viday affected versions not specified Description The software exhibits a flaw that could allow an attacker to obtain sensitive customer information. This is achieved by intercepting HTTP requests and locating JWTs within the request payload...

ViDay 信息泄露漏洞

ViDay is a business management platform from the Spanish company ViDay. ViDay suffers from an information disclosure vulnerability that originates from an unauthenticated attacker being able to obtain sensitive information via an HTTP GET request, which could lead to an information disclosure...

ViDay 跨站脚本漏洞

ViDay is a business management platform from the Spanish company ViDay. ViDay suffers from a cross-site scripting vulnerability that originates from a JWT containing sensitive user information in an HTTP request, which could lead to information disclosure...