2 matches found
CVE-2025-45237
Incorrect access control in the component /config/download of DBSyncer v2.0.6 allows attackers to access the JSON file containing sensitive account information, including the encrypted password...
PT-2025-19751
Name of the Vulnerable Software and Affected Versions DBSyncer version 2.0.6 Description A stored cross-site scripting XSS issue in the Edit Profile feature allows attackers to execute arbitrary web scripts or HTML by injecting a crafted payload into the Nickname parameter. Recommendations For...