65 matches found
PT-2025-28412 · Unknown · Quiter Gateway
Name of the Vulnerable Software and Affected Versions: Quiter Gateway versions prior to 4.7.0 Description: The issue allows an attacker to retrieve, create, update, and delete databases through the "pagina.filter.categoria mensaje" in the "/QuiterGatewayWeb/api/v1/sucesospagina" endpoint. This...
PT-2025-28164 · Unknown · Campcodes Payroll Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Payroll Management System version 1.0 Description: A critical issue has been found in the system, affecting the /ajax.php?action=calculate payroll file. The manipulation of the ID argument leads to SQL injection. This issue can be...
PT-2025-28219 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being...
CVE-2025-52554 n8n Improper Authorization in Workflow Execution Stop Endpoint Allows Terminating Other Users’ Workflows
n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential...
PT-2025-27791 · Unknown · Flatboard Pro
Name of the Vulnerable Software and Affected Versions: Flatboard Pro versions prior to 3.2.2 Description: The issue is a Stored Cross-Site Scripting XSS vulnerability due to the lack of proper validation of user input. This occurs through the replace parameter in the "/config.php/tags" endpoint...
PT-2025-26537 · Unknown · Code-Projects Simple Online Hotel Reservation System
Name of the Vulnerable Software and Affected Versions: code-projects Simple Online Hotel Reservation System version 1.0 Description: A critical vulnerability was found in the code-projects Simple Online Hotel Reservation System. This issue affects the file /admin/delete pending.php, where the...
PT-2025-26206 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.2 Description: The issue is related to an OS Command Injection flaw in the "/html/configuracao/debug info.php" endpoint. The branch parameter is not properly sanitized before being concatenated and executed in a...
PT-2025-23849 · Unknown · Unifiedtransform
Name of the Vulnerable Software and Affected Versions: Unifiedtransform version 2.0 Description: An issue in Unifiedtransform allows a remote attacker to escalate privileges via the "/course/edit/id" endpoint. Recommendations: For Unifiedtransform version 2.0, as a temporary workaround, consider...
PT-2025-23799 · Oscommerce · Oscommerce
Name of the Vulnerable Software and Affected Versions: osCommerce version 4 Description: The issue is a Reflected Cross-Site Scripting XSS that allows an attacker to execute JavaScript code in the victim's browser. This can be achieved by sending a malicious URL using any parameter name in the...
PT-2025-21280 · Unknown · Phpgurukul Vehicle Record Management System
Name of the Vulnerable Software and Affected Versions: Phpgurukul Vehicle Record Management System version 1.0 Description: The issue concerns a Cross Site Scripting XSS problem. It occurs in the /admin/add-brand.php endpoint via the brandname parameter. This allows for potential malicious script...
PT-2025-18911 · Vercel +1 · @Vercel/Flags +1
Name of the Vulnerable Software and Affected Versions: Flags versions 3.2.0 and prior @vercel/flags versions 3.1.1 and prior Description: The issue allows for information disclosure, where a bad actor could gain access to a list of all feature flags exposed through the "flags discovery endpoint"...
PT-2025-17565 · Unknown · Sacco Management System
Name of the Vulnerable Software and Affected Versions: Sacco Management system version 1.0 Description: The issue is related to a SQL injection vulnerability. It can be exploited via the password parameter at the "/sacco/ajax.php" API endpoint. Recommendations: For Sacco Management system version...
PT-2025-14909 · Unknown · Xujiangfei Admintwo
Name of the Vulnerable Software and Affected Versions: xujiangfei admintwo version 1.0 Description: A vulnerability was found in the processing of the file /ztree/insertTree, where the manipulation of the Name argument leads to cross-site scripting. The attack may be initiated remotely...
PT-2025-1306 · Devdojo · Devdojo Voyager
Name of the Vulnerable Software and Affected Versions: DevDojo Voyager versions 1.8.0 and earlier Description: The issue allows an authenticated user to bypass file type verification when uploading a file via the "/admin/media/upload" endpoint. This can lead to the upload of a web shell, resultin...
PT-2025-4776 · Wegia · Wegia
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.6 Description: A Reflected Cross-Site Scripting XSS vulnerability was identified in the cadastro funcionario.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts in...
PT-2025-4370
Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.2.8 Description: A critical issue was identified in the "/WeGIA/html/socio/sistema/controller/controla xlsx.php" endpoint, which accepts file uploads without proper validation. This allows the upload of malicious...
PT-2024-11552 · Ovaledge · Ovaledge
Name of the Vulnerable Software and Affected Versions: OvalEdge versions 5.2.8.0 and earlier Description: The issue allows for Sensitive Data Exposure through a GET request to "/user/getUserWithTeam". This requires authentication and discloses information associated with all registered user ID...
PT-2024-39074 · Lmxcms · Lmxcms
Name of the Vulnerable Software and Affected Versions: lmxcms versions up to 1.4 Description: A critical issue was found in the function formatData of the file /admin.php?m=Acquisi&a=testcj&lid=1, which is part of the SQL Command Execution Module. The manipulation of the argument data leads to co...
PT-2024-22971 · Sportsnet · Sportsnet
Name of the Vulnerable Software and Affected Versions: SportsNET version 4.0.1 Description: The issue concerns SQL injection vulnerabilities that could allow an attacker to retrieve, update, and delete all information in the database by sending a specially crafted SQL query to the...
PT-2024-30003 · Publiccms · Publiccms
Name of the Vulnerable Software and Affected Versions: publiccms versions V4.0.202302.e and before Description: The issue concerns an Any File Upload vulnerability via the "publiccms/admin/cmsTemplate/saveMetaData" endpoint. This allows unauthorized file uploads, potentially leading to security...