6 matches found
CVE-2025-57805 The Scratch Channel's Publish Articles POST Request Can Upload Articles Without Validation
The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an article in any category with any date, regardless of who's logged in. This issue has been patched in version 1.2...
CVE-2021-41976
Tad Uploader edit book list function is vulnerable to authorization bypass, thus remote attackers can use the function to amend the folder names in the book list without logging in...
CVE-2021-41564
Tad Honor viewing book list function is vulnerable to authorization bypass, thus remote attackers can use special parameters to delete articles arbitrarily without logging in...
LearningDigital Orca HCM digital learning platform 路径遍历漏洞
The LearningDigital Orca HCM digital learning platform is a digital learning platform from China-based LearningDigital. The Orca HCM digital learning platform suffers from a Path Traversal vulnerability that arises from the platform's directory page parameters not filtering special characters. A...
TrendNET Router Device Information Disclosure Vulnerability
TEW-751DR\TEW-752DRU\TEW-733GR is a router product from TrendNET Trends. An information disclosure vulnerability exists in TrendNET router devices, which can be exploited by an attacker to obtain the admin user password without logging in...
PHPCMS WAP module arbitrary file download vulnerability
PHPCMS is a website management software. The software is developed in a modular way and supports a variety of classification methods. Using it makes it easy to design, develop and maintain a personalized website. An arbitrary file download vulnerability exists in the PHPCMS WAP module, which can ...