22 matches found
CVE-2026-56237 Capgo - Unauthenticated API Key Generation via Client-Side Parameter Manipulation
Capgo before 12.128.2 contains a broken authentication vulnerability in its API key generation mechanism. API keys are exposed in frontend requests, and the backend fails to validate that keys are securely generated and bound to the authenticated user. An attacker can tamper with the API key...
CVE-2025-41008
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...
EUVD-2025-208935
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...
CVE-2025-41008
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...
CVE-2025-41008
CVE-2025-41008 affects Sinturno via SQL injection in the /_adm/scripts/modalReport_data.php endpoint, using the 'client' parameter. The vulnerability allows an attacker to retrieve, create, update, and delete databases, with network attack vector, low attack complexity, and no privileges required...
CVE-2025-41008 SQL Injection in Sinturno
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...
CVE-2025-41008 SQL Injection in Sinturno
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...
CVE-2025-41008
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/adm/scripts/modalReportdata.php' endpoint...
PT-2026-27125
SQL injection vulnerability in Sinturno. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'client' parameter in the '/ adm/scripts/modalReport data.php' endpoint...
Sinturno SQL注入漏洞
Sinturno is a tool used by the American company Sinturno to manage and analyze network traffic. Sinturno has a SQL injection vulnerability, which stems from improper handling of the client parameter in the adm/scripts/modalReportdata.php endpoint. This vulnerability may lead to SQL injection...
systems@work time@work SQL注入漏洞
systems@work time@work is a service automation and working hours management system of the Czech company systems@work. Version 7.0.5 of systems@work time@work has a SQL injection vulnerability. This vulnerability arises from the IDClient parameter, which is vulnerable to authenticated brute-force...
CVE-2025-66507
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...
CVE-2025-66507 1Panel – CAPTCHA Bypass via Client-Controlled Flag
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...
PT-2025-49759
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA...
EUVD-2006-2561
Malware in sbrugna...
CVE-2025-40720
Reflected Cross-site Scripting XSS vulnerability in versions prior to 4.7.0 of Quiter Gateway by Quiter. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending a malicious URL trhough the campo parameter in /FacturaE/VerFacturaPDF...
CVE-2024-50717
SQL injection vulnerability in Smart Agent v.1.1.0 allows a remote attacker to execute arbitrary code via the client parameter in the /recuperaLog.php component...
PT-2024-34400 · Unknown · Smart Agent
Name of the Vulnerable Software and Affected Versions: Smart Agent version 1.1.0 Description: The issue allows a remote attacker to execute arbitrary code via the client parameter in the "/recuperaLog.php" component. This is an SQL injection vulnerability. Recommendations: For Smart Agent version...
CVE-2024-50717
CVE-2024-50717: SQL injection in Smart Agent v1.1.0 allows remote execution via the client parameter in /recuperaLog.php. Underlying cause is injectable SQL in the affected parameter; no patch/version fix is detailed in the provided documents. CVSS v3.1 base score 9.8 (CRITICAL). Remediation/stat...
Garage Management System 跨站脚本漏洞
Garage Management System Cms-Website is a garage management system that helps you manage all your vehicles, cars and motorcycles. A cross-site scripting vulnerability exists in Garage Management System v1.0, which stems from the lack of effective filtering and escaping of user-supplied data in th...