Information Exposure

Overview github.com/free5gc/udr/internal/sbi is a None Affected versions of this package are vulnerable to Information Exposure. in the HandleApplicationDataInfluenceDataSubsToNotifyGet process. An attacker can access sensitive subscriber identifiers by sending unauthenticated HTTP GET requests t...

PT-2025-33689 · Totolink · Totolink A3002Ru

Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002R version 4.0.0-B20230531.1404 Description: The TOTOLINK A3002R router firmware contains multiple OS command injection vulnerabilities. These vulnerabilities are located in the /boafrm/formMapDelDevice endpoint and can be...

PT-2025-27233 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA version 3.3.3 Description: A Time-Based Blind SQL Injection issue was discovered in the /controle/getProdutosPorAlmox.php endpoint, specifically in the almox parameter. This allows any unauthenticated attacker to inject arbitrary SQL...

CVE-2025-25621

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacherid=2id=1...

CVE-2025-25621

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows teachers to take attendance of fellow teachers. This affected endpoint is /courses/teacher/index?teacherid=2&semesterid=1...

CVE-2025-25616

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?examruleid=1...

CVE-2025-25616

Unifiedtransform 2.0 is vulnerable to Incorrect Access Control, which allows students to modify rules for exams. The affected endpoint is /exams/edit-rule?examruleid=1...

PT-2024-33163 · Domainmod · Domainmod

Name of the Vulnerable Software and Affected Versions: DomainMOD versions prior to 4.12.0 Description: A cross-site scripting XSS issue allows remote attackers to inject JavaScript code via the "admin/domain-fields/edit.php" API endpoint and the cdfid parameter. This enables attackers to execute...

PT-2024-37352 · Labvantage · Labvantage Lims

Name of the Vulnerable Software and Affected Versions: LabVantage LIMS version 2017 Description: A problematic vulnerability has been found in LabVantage LIMS, affecting an unknown part of the file "/labvantage/rc?command=page&page=SampleHistoricalList& iframename=list& crc=crc 1701669816260". Th...

PT-2023-32805

Name of the Vulnerable Software and Affected Versions Hikvision Intercom Broadcasting System versions 3.0.3 20201113 RELEASEHIK Description A critical issue exists in Hikvision Intercom Broadcasting System. The issue affects unknown code within the /php/ping.php file. Manipulating the jsondataip...

PT-2023-32734 · Sourcecodester · Sourcecodester Simple Student Attendance System

Name of the Vulnerable Software and Affected Versions: SourceCodester Simple Student Attendance System version 1.0 Description: A critical vulnerability was found in the SourceCodester Simple Student Attendance System. This issue affects the file ajax-api.php?action=save attendance, where the...

PT-2023-3380 · Sourcecodester · Sourcecodester Lost/Found Information System

Name of the Vulnerable Software and Affected Versions: SourceCodester Lost and Found Information System version 1.0 Description: A critical issue has been found in the component "admin/?page=items/view item" of the SourceCodester Lost and Found Information System, related to the lack of protectio...

PT-2023-17203 · Sourcecodester · Sourcecodester Young Entrepreneur E-Negosyo System

Name of the Vulnerable Software and Affected Versions: SourceCodester Young Entrepreneur E-Negosyo System version 1.0 Description: A critical issue has been found in the system, affecting the file index.php?q=product. The manipulation of the search argument leads to SQL injection. The attack can ...

PT-2023-16445 · Unknown · Calendar Event Management System

Name of the Vulnerable Software and Affected Versions: Calendar Event Management System version 2.3.0 Description: A critical issue was found in the system, affecting an unknown part. The manipulation of the start and end arguments leads to SQL injection. It is possible to initiate the attack...

PT-2023-16325 · Sourcecodester · Sourcecodester Online Tours & Travels Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online Tours & Travels Management System version 1.0 Description: A critical issue was found in the Parameter Handler component of the file user/forget password.php, where the manipulation of the email argument leads to sql...

PT-2022-26741 · Unknown · Web-Based Student Clearance System

Name of the Vulnerable Software and Affected Versions: Web-Based Student Clearance System version 1.0 Description: A cross-site scripting XSS issue exists in the /admin/add-fee.php endpoint, allowing attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the cmddep...

PT-2022-26915 · Jenkins · Jenkins Compuware Strobe Measurement Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Compuware Strobe Measurement Plugin versions 1.0.1 and earlier Description: The issue allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins due to a lack of permission check in an...

CVE-2022-32170

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...

CVE-2022-32170

The “Bytebase” application does not restrict low privilege user to access admin “projects“ for which an unauthorized user can view the “projects“ created by “Admin” and the affected endpoint is “/api/project?user=$userId”...

PT-2022-24466 · Unknown · Interview Management System

Name of the Vulnerable Software and Affected Versions: Interview Management System version 1.0 Description: The issue is related to a SQL injection vulnerability. It affects the component "/interview/delete.php?action=deletecand&id=". Recommendations: For Interview Management System version 1.0,...