CVE-2026-45053

CubeCart is an ecommerce software solution. Prior to 6.7.0, an Authenticated Arbitrary File Upload vulnerability exists in the REST API File Manager endpoint POST /api/v1/files of CubeCart. The endpoint allows any holder of an API key with files:rw permission to upload PHP source files into the...

CVE-2021-47939 Evolution CMS 3.1.6 Authenticated Remote Code Execution via Module Creation

Evolution CMS 3.1.6 contains a remote code execution vulnerability that allows authenticated users with module creation permissions to execute arbitrary system commands by injecting PHP code into module parameters. Attackers can send POST requests to /manager/index.php with malicious PHP code in...

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

CVE-2026-30695

A Cross-Site Scripting XSS vulnerability exists in the web-based configuration interface of Zucchetti Axess access control devices, including XA4, X3/X3BIO, X4, X7, and XIO / i-door / i-door+. The vulnerability is caused by improper sanitization of user-supplied input in the dirBrowse parameter o...

PT-2025-52706

Name of the Vulnerable Software and Affected Versions Screen SFT DAB 600/C version 1.9.3 Description The software contains a session management issue that allows attackers to bypass authentication controls. This is achieved by exploiting improper IP address session binding. Attackers can reuse th...

CVE-2023-53740 Screen SFT DAB 1.9.3 Authentication Bypass via Admin Password Change

Screen SFT DAB 1.9.3 contains an authentication bypass vulnerability that allows attackers to change the admin password without providing the current credentials. Attackers can exploit the userManager.cgx endpoint by sending a crafted JSON request with a new MD5-hashed password to directly modify...

DB Elettronica Screen SFT DAB 安全漏洞

DB Elettronica Screen SFT DAB is a series of digital audio broadcast transmitters from DB Elettronica, Italy. A security vulnerability exists in DB Elettronica Screen SFT DAB version 1.9.3, which originates from an authentication bypass in the userManager.cgx endpoint, which could lead to passwor...

CVE-2025-64030

Eximbills Enterprise 4.1.5 Built on 2020-10-30 is vulnerable to authenticated stored cross-site scripting CWE-79 via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized user input in the TMPLINFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript...

CVE-2025-64030

Eximbills Enterprise 4.1.5 (built 2020-10-30) is vulnerable to authenticated stored cross-site scripting (CWE-79) via the /EximBillWeb/servlets/WSTrxManager endpoint. Unsanitized input in the TMPL_INFO parameter is stored server-side and rendered to other users, enabling arbitrary JavaScript exec...

appRain CMF cross-site scripting vulnerability (CNVD-2025-21123)

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/rowmanager endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...

appRain CMF 跨站脚本漏洞

appRain CMF is a content management framework. A cross-site scripting vulnerability exists in appRain CMF due to improper validation of user input in the /apprain/developer/addons/update/rowmanager endpoint. An attacker could use this vulnerability to steal the victim's cookie-based authenticatio...

CVE-2025-22140

WeGIA is a web manager for charitable institutions. A SQL Injection vulnerability was identified in the /html/funcionario/dependentelistarum.php endpoint, specifically in the iddependente parameter. This vulnerability allows attackers to execute arbitrary SQL commands, compromising the...

CVE-2018-13445

An issue was discovered in SeaCMS 6.61. There is a CSRF vulnerability that can add a user account via adm1n/adminmanager.php?action=add...

One 安全漏洞

One is a front-end and back-end separated backend management system based on Spring Boot and Vue2 developed by lcw2004 individual developer. A security vulnerability exists in One v1.0, which stems from improper access control of component/api/user/manager, which may result in accessing sensitive...

PT-2025-1465 · Selesta · Selesta Visual Access Manager

Name of the Vulnerable Software and Affected Versions: Selesta Visual Access Manager VAM versions prior to 4.42.2 Description: An issue was discovered in Selesta Visual Access Manager VAM where an authenticated attacker can perform SQL Injection in multiple POST parameters of the "/vam/vam ep.php...

PT-2024-31969 · Frog Cms · Frog Cms

Name of the Vulnerable Software and Affected Versions: FrogCMS version 0.9.5 Description: A Cross-Site Request Forgery CSRF issue was discovered in FrogCMS. The vulnerability can be exploited via the "/admin/?/plugin/file manager/create directory" endpoint. This allows an attacker to perform...

PT-2024-14334 · Actidata · Actinas Sl 2U-8 Rdx

Name of the Vulnerable Software and Affected Versions: actidata actiNAS SL 2U-8 RDX version 3.2.03-SP1 Description: A Site-wide directory listing issue in the /fm endpoint allows remote attackers to list the files hosted by the web application. This issue enables attackers to gain unauthorized...

Datasette 安全漏洞

Datasette is an open source multifunctional tool for applications to explore and publish data A security vulnerability exists in Datasette that originates from a /-/api resource manager endpoint that discloses database and table names to an unauthenticated attacker. Affected products and versions...

AutomatedLab - A Provisioning Solution And Framework That Lets You Deploy Complex Labs On HyperV And Azure With Simple PowerShell Scripts

AutomatedLab AL enables you to setup test and lab environments on Hyper-v or Azure with multiple products or just a single VM in a very short time. There are only two requirements you need to make sure: You need the DVD ISO images and a Hyper-V host or an Azure subscription. Requirements Apart fr...