PT-2026-51142

Name of the Vulnerable Software and Affected Versions Flowise versions prior to 2.1.4 Description Configuration can be injected into the Chainflow during execution through the overrideConfig option, which is available in the frontend web integration and the backend Prediction API. This feature is...

CoreExploit-Final

CoreExploit 🔐 Ethical Penetration Testing Learning Platfor...

EUVD-2020-30960

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

PT-2026-5415

Tryton 5.4 contains a persistent cross-site scripting vulnerability in the user profile name input that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability by inserting script payloads in the name field, which execute in the frontend and backend user...

CVE-2025-41082

CVE-2025-41082 : Affected: Altitude Communication Server. vulnerability arises from inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers, causing desynchronization between frontend and backend servers. Potential effects include request h...

CVE-2025-41082

Illegal HTTP request traffic vulnerability CL.0 in Altitude Communication Server, caused by inconsistent analysis of multiple HTTP requests over a single Keep-Alive connection using Content-Length headers. This can cause a desynchronization of requests between frontend and backend servers, which...

PT-2025-53158

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A memory leak and potential VM freeze can occur in the Linux kernel when handling grant entries used by remote domains. Specifically, the issue arises when a frontend unmaps a window...

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

CVE-2025-55948

CVE-2025-55948 describes a desynchronization bug in yzcheng90’s X-SpringBoot 6.0 RBAC, arising from dual reliance on frontend menu states and backend permission tables without atomic synchronization. The flaw allows UI to revoke privileges while stale backend permissions still authorize API reque...

PT-2025-49143

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

EUVD-2025-201282

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

CVE-2024-48288

TP-Link TL-IPC42C V4.0202112271.0.16 is vulnerable to command injection due to the lack of malicious code verification on both the frontend and backend...

PT-2024-37088 · Unknown · Stitionai/Devika

Name of the Vulnerable Software and Affected Versions: stitutionai/devika affected versions not specified Description: A stored Cross-Site Scripting XSS vulnerability exists in the stitionai/devika chat feature, allowing attackers to inject malicious payloads into the chat input. This issue is du...

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" askforaquotemodul = 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods AskforaquotemodulcustomernewquoteModuleFrontController::ru...

PT-2024-26277 · Unknown · Create A Quote In Frontend + Backend Pro

Name of the Vulnerable Software and Affected Versions: Complete for Create a Quote in Frontend + Backend Pro module versions = 1.0.51 Description: The issue allows attackers to view sensitive information and cause other impacts. This is achieved via methods such as...

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" askforaquotemodul = 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods AskforaquotemodulcustomernewquoteModuleFrontController::ru...

CVE-2024-34988

SQL injection vulnerability in the module "Complete for Create a Quote in Frontend + Backend Pro" askforaquotemodul = 1.0.51 from Buy Addons for PrestaShop allows attackers to view sensitive information and cause other impacts via methods AskforaquotemodulcustomernewquoteModuleFrontController::ru...