Lucene search
K

65 matches found

Positive Technologies
Positive Technologies
added 2025/07/08 12:0 a.m.4 views

PT-2025-28412 · Unknown · Quiter Gateway

Name of the Vulnerable Software and Affected Versions: Quiter Gateway versions prior to 4.7.0 Description: The issue allows an attacker to retrieve, create, update, and delete databases through the "pagina.filter.categoria mensaje" in the "/QuiterGatewayWeb/api/v1/sucesospagina" endpoint. This...

9.3CVSS6.3AI score0.00385EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.5 views

PT-2025-28164 · Unknown · Campcodes Payroll Management System

Name of the Vulnerable Software and Affected Versions: Campcodes Payroll Management System version 1.0 Description: A critical issue has been found in the system, affecting the /ajax.php?action=calculate payroll file. The manipulation of the ID argument leads to SQL injection. This issue can be...

9.8CVSS7.5AI score0.00454EPSS
Exploits1References8
Positive Technologies
Positive Technologies
added 2025/07/07 12:0 a.m.4 views

PT-2025-28219 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being...

9.8CVSS7AI score0.00488EPSS
Exploits1References8
OSV
OSV
added 2025/07/03 8:8 p.m.7 views

CVE-2025-52554 n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential...

4.9CVSS6.5AI score0.00268EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/07/03 12:0 a.m.6 views

PT-2025-27791 · Unknown · Flatboard Pro

Name of the Vulnerable Software and Affected Versions: Flatboard Pro versions prior to 3.2.2 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability due to the lack of proper validation of user input. This occurs through the replace parameter in the "/config.php/tags" endpoint...

5.1CVSS5.3AI score0.00276EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/06/22 12:0 a.m.7 views

PT-2025-26537 · Unknown · Code-Projects Simple Online Hotel Reservation System

Name of the Vulnerable Software and Affected Versions: code-projects Simple Online Hotel Reservation System version 1.0 Description: A critical vulnerability was found in the code-projects Simple Online Hotel Reservation System. This issue affects the file /admin/delete pending.php, where the...

9.8CVSS7.6AI score0.00394EPSS
Exploits1References13
Positive Technologies
Positive Technologies
added 2025/06/18 12:0 a.m.8 views

PT-2025-26206 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.2 Description: The issue is related to an OS Command Injection flaw in the "/html/configuracao/debug info.php" endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a...

10CVSS7.8AI score0.04884EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.5 views

PT-2025-23849 · Unknown · Unifiedtransform

Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: An issue in Unifiedtransform allows a remote attacker to escalate privileges via the "/course/edit/id" endpoint. Recommendations: For Unifiedtransform version 2.0, as a temporary workaround, consider...

6.5CVSS6.7AI score0.00345EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2025/06/04 12:0 a.m.4 views

PT-2025-23799 · Oscommerce · Oscommerce

Name of the Vulnerable Software and Affected Versions: osCommerce version 4 Description: The issue is a Reflected Cross-Site Scripting XSS that allows an attacker to execute JavaScript code in the victim's browser. This can be achieved by sending a malicious URL using any parameter name in the...

5.1CVSS5.7AI score0.00421EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2025/05/15 12:0 a.m.7 views

PT-2025-21280 · Unknown · Phpgurukul Vehicle Record Management System

Name of the Vulnerable Software and Affected Versions: Phpgurukul Vehicle Record Management System version 1.0 Description: The issue concerns a Cross Site Scripting XSS problem. It occurs in the /admin/add-brand.php endpoint via the brandname parameter. This allows for potential malicious script...

6.1CVSS5.2AI score0.00241EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/05/02 12:0 a.m.5 views

PT-2025-18911 · Vercel +1 · @Vercel/Flags +1

Name of the Vulnerable Software and Affected Versions: Flags versions 3.2.0 and prior @vercel/flags versions 3.1.1 and prior Description: The issue allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the "flags discovery endpoint"...

6.5CVSS6.2AI score0.00278EPSS
Exploits0References13
Positive Technologies
Positive Technologies
added 2025/04/22 12:0 a.m.5 views

PT-2025-17565 · Unknown · Sacco Management System

Name of the Vulnerable Software and Affected Versions: Sacco Management system version 1.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the password parameter at the "/sacco/ajax.php" API endpoint. Recommendations: For Sacco Management system version...

9.8CVSS7AI score0.00456EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2025/04/04 12:0 a.m.6 views

PT-2025-14909 · Unknown · Xujiangfei Admintwo

Name of the Vulnerable Software and Affected Versions: xujiangfei admintwo version 1.0 Description: A vulnerability was found in the processing of the file /ztree/insertTree, where the manipulation of the Name argument leads to cross-site scripting. The attack may be initiated remotely...

6.1CVSS3.6AI score0.00322EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/01/28 12:0 a.m.4 views

PT-2025-1306 · Devdojo · Devdojo Voyager

Name of the Vulnerable Software and Affected Versions: DevDojo Voyager versions 1.8.0 and earlier Description: The issue allows an authenticated user to bypass file type verification when uploading a file via the "/admin/media/upload" endpoint. This can lead to the upload of a web shell, resultin...

9CVSS9.4AI score0.12298EPSS
Exploits1References23
Positive Technologies
Positive Technologies
added 2025/01/13 12:0 a.m.7 views

PT-2025-4776 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastro funcionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...

6.4CVSS3.7AI score0.00295EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2025/01/07 12:0 a.m.6 views

PT-2025-4370

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.8 Description: A critical issue was identified in the "/WeGIA/html/socio/sistema/controller/controla xlsx.php" endpoint, which accepts file uploads without proper validation. This allows the upload of malicious...

9.9CVSS6.3AI score0.00709EPSS
Exploits1References14
Positive Technologies
Positive Technologies
added 2024/10/25 12:0 a.m.5 views

PT-2024-11552 · Ovaledge · Ovaledge

Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for Sensitive Data Exposure through a GET request to "/user/getUserWithTeam". This requires authentication and discloses information associated with all registered user ID...

7.5CVSS6.3AI score0.0049EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2024/09/07 12:0 a.m.4 views

PT-2024-39074 · Lmxcms · Lmxcms

Name of the Vulnerable Software and Affected Versions: lmxcms versions up to 1.4 Description: A critical issue was found in the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1, which is part of the SQL Command Execution Module. The manipulation of the argument data leads to co...

7.2CVSS8.4AI score0.0096EPSS
Exploits1References9
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.6 views

PT-2024-22971 · Sportsnet · Sportsnet

Name of the Vulnerable Software and Affected Versions: SportsNET version 4.0.1 Description: The issue concerns SQL injection vulnerabilities that could allow an attacker to retrieve, update, and delete all information in the database by sending a specially crafted SQL query to the...

9.8CVSS7.7AI score0.00408EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2024/08/23 12:0 a.m.7 views

PT-2024-30003 · Publiccms · Publiccms

Name of the Vulnerable Software and Affected Versions: publiccms versions V4.0.202302.e and before Description: The issue concerns an Any File Upload vulnerability via the "publiccms/admin/cmsTemplate/saveMetaData" endpoint. This allows unauthorized file uploads, potentially leading to security...

7.2CVSS6.4AI score0.0051EPSS
Exploits1References11
Rows per page
Query Builder