8 matches found
PT-2025-21825 · Totolink · Totolink N300Rt
Name of the Vulnerable Software and Affected Versions: TOTOLINK N300RH version 6.1c.1390 B20191101 Description: A critical vulnerability has been found in the TOTOLINK N300RH router. This issue affects the setUnloadUserData function of the /cgi-bin/cstecgi.cgi file. The manipulation of the plugin...
PT-2025-14570 · Unknown · Fcba Zzm Ics-Park Smart Park Management System
Name of the Vulnerable Software and Affected Versions: fcba zzm ics-park Smart Park Management System version 2.1 Description: A critical vulnerability was found in the fcba zzm ics-park Smart Park Management System. This issue affects unknown code of the file "/api/system/dept/update" and leads ...
PT-2025-9104 · Opencart · Opencart
Name of the Vulnerable Software and Affected Versions: OpenCart versions prior to 4.1.0 Description: The issue allows an attacker to modify the HTML of the victim's browser by sending a malicious URL and modifying the parameter name in the "/account/voucher" API endpoint. This could potentially...
PT-2024-18648 · Zenml Io · Zenml
Name of the Vulnerable Software and Affected Versions: zenml-io/zenml versions up to and including 0.55.3 Description: A race condition issue exists, allowing for the creation of multiple users with the same username when requests are sent in parallel. This is due to insufficient handling of...
PT-2024-24235
Name of the Vulnerable Software and Affected Versions: tiagorlampert CHAOS version 5.0.1 Description: A Cross Site Scripting XSS vulnerability exists in tiagorlampert CHAOS. A remote attacker may be able to escalate privileges via the sendCommandHandler function in the handler.go component. A...
PT-2022-25641 · Unknown · Diaenergie
Name of the Vulnerable Software and Affected Versions: DIAEnergie versions prior to v1.9.01.002 Description: The issue concerns a stored cross-site scripting vulnerability. This vulnerability can be exploited through the "PostEnergyType API" endpoint. Recommendations: For versions prior to...
PT-2022-19642 · Abode Systems · Iota All-In-One Security Kit
Name of the Vulnerable Software and Affected Versions: Abode Systems, Inc. iota All-In-One Security Kit versions 6.9X and 6.9Z Description: An authentication bypass issue exists in the web interface, specifically in the /action/factory functionality. This can be triggered by a specially-crafted...
PT-2022-24340 · Jfinalcms · Jfinalcms
Name of the Vulnerable Software and Affected Versions: JFinal CMS version 5.1.0 Description: The issue is related to SQL Injection, which can be exploited via the /system/menu/list API endpoint. This allows for potential unauthorized access to sensitive data. Recommendations: For JFinal CMS versi...