CVE-2025-40646

Stored Cross-Site Scripting XSS vulnerability in Energy CRM v2025 by Status Tracker Ltd, consisting of a stored XSS due to lack of proper validation of user input by sending a POST request to “/crm/createjobsubmit.php”, using the “JobCreatedBy” parameter. This vulnerability could allow a remote...

ViDay 信息泄露漏洞

ViDay is a business management platform from the Spanish company ViDay. ViDay suffers from an information disclosure vulnerability that originates from an unauthenticated attacker being able to obtain sensitive information via an HTTP GET request, which could lead to an information disclosure...