54 matches found
CVE-2025-22613 WeGIA Cross-Site Scripting (XSS) Stored endpoint 'informacao_adicional.php' parameter 'descricao'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Stored Cross-Site Scripting XSS vulnerability was identified in the informacaoadicional.php endpoint of the WeGIA application. This vulnerability allows attackers to inject malicious scripts...
Arbitrary File Deletion
github.com/siyuan-note/siyuan is vulnerable to Arbitrary file deletion. The vulnerability is due to a lack of proper safeguards in the POST /api/history/getDocHistoryContent endpoint, which allows maliciously crafted payloads to trigger the deletion of arbitrary files on the server...
CVE-2025-22140
WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...
PT-2025-3338 · Unknown · Chestnutcms
Name of the Vulnerable Software and Affected Versions: ChestnutCMS versions prior to 1.5.0 Description: The issue concerns a file upload vulnerability where the /api/member/avatar API endpoint receives a base64 string as input, which is then processed by the memberService.uploadAvatarByBase64...
NITRO API commands not working, request times out.
NITRO API endpoint is not working, the requests sent to the NSIP timeout without a response...
PT-2024-4534
Name of the Vulnerable Software and Affected Versions: ZenML Server versions prior to 0.46.7 ZenML Server versions 0.44.4, 0.43.1, and 0.42.2 are patched and not vulnerable, so the actual vulnerable range is any version before 0.46.7, excluding the mentioned patched versions. However, since 0.44....
CVE-2022-4937
The WCFM Frontend Manager plugin for WordPress is vulnerable to unauthorized modification and access of data in versions up to, and including, 6.6.0 due to missing capability checks on various AJAX actions. This makes it possible for authenticated attackers, with minimal permissions such as...
PT-2023-17078 · Unknown · Mattermost
Name of the Vulnerable Software and Affected Versions: Mattermost affected versions not specified Description: The issue allows an attacker to learn the full name of a board owner due to Mattermost failing to check the "Show Full Name" setting when rendering the result for the...
Priority Web 授权问题漏洞
Priority Window Glass Priority Web is a web site from Priority Window Glass, Inc. A security vulnerability exists in Priority Web version 19.1.0.68, which stems from an authentication bypass due to incorrect operation of an unspecified endpoint parameter...
PT-2022-22511 · Otfcc +1 · Otfcc +1
Name of the Vulnerable Software and Affected Versions: OTFCC commit 617837b Description: A segmentation violation was discovered in OTFCC via the /release-x64/otfccdump+0x703969 endpoint. Recommendations: For OTFCC commit 617837b, consider restricting access to the /release-x64/otfccdump+0x703969...
PT-2022-4568 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.10 through 15.1.6 GitLab CE/EE versions 15.2 through 15.2.4 GitLab CE/EE versions 15.3 through 15.3.2 Description: A vulnerability in GitLab CE/EE allows an authenticated user to achieve remote code execution via the...
PT-2022-16224 · Ece · Ece
Name of the Vulnerable Software and Affected Versions: ECE versions prior to 3.4.0 Description: A flaw in ECE might lead to the disclosure of sensitive information, such as user passwords and Elasticsearch keystore settings values, in logs like the audit log or deployment logs in the Logging and...
Error: "The underlying connection was closed..." when querying the Monitor Service OData endpoint
Clients that attempt to access data OData or other Citrix Services with TLS versions 1.0 and 1.1 fail to establish a connection. Clients using .NET Framework may raise the following error: System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---...
Valve: [help.steampowered.com] Account takeover bruteforcing SteamGuard
Due to a missing protection on a support endpoint, email verification codes could be bruteforced - leading to possible account takeover. The endpoint issue has been corrected...