11 matches found
CVE-2026-12066 PbootCMS Password MemberController.php retrieve password recovery
A security flaw has been discovered in PbootCMS up to 3.2.12. This vulnerability affects the function retrieve of the file apps/home/controller/MemberController.php of the component Password Handler. The manipulation of the argument username/password/email/checkcode results in weak password...
JeeWMS 安全漏洞
JeeWMS is a JAVA-based warehouse management system developed by JeeWMS Corporation in China. There is a security vulnerability in JeeWMS. This vulnerability stems from incorrect operations with parameters such as dbType/dbDriver/dbUrl/dbUsername/dbPassword in the JimuReport test-connection Endpoi...
itsourcecode Courier Management System 注入漏洞
itsourcecode Courier Management System is an open-source courier management system developed by itsourcecode. Version 1.0 of the itsourcecode Courier Management System has a vulnerability related to parameter handling in the file/printpdets.php, which may lead to SQL injection attacks...
Agent Zero 代码问题漏洞
Agent Zero is an artificial intelligence framework developed by Jan Tomášek himself. Version 0.9.7 of Agent Zero contains a code vulnerability caused by incorrect handling of parameters in the file python/helpers/documentquery.py. This vulnerability could lead to server-side request forgery...
CVE-2025-52970
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...
CVE-2025-52970
A improper handling of parameters in Fortinet FortiWeb versions 7.6.3 and below, versions 7.4.7 and below, versions 7.2.10 and below, and 7.0.10 and below may allow an unauthenticated remote attacker with non-public information pertaining to the device and targeted user to gain admin privileges o...
CVE-2025-52970
Fortinet FortiWeb is affected by CVE-2025-52970 due to improper handling of parameters in FortiWeb versions 7.6.3 and below, 7.4.7 and below, 7.2.10 and below, and 7.0.10 and below. An unauthenticated remote attacker with non-public device information can gain admin privileges via a specially cra...
Mitel MiCollab和Mitel MiVoice 代码注入漏洞
Mitel MiCollab and Mitel MiVoice are both products of Mitel Canada.Mitel MiCollab is a mobile application that provides voice, video, messaging, audio conferencing, and team collaboration for employees.Mitel MiVoice is an IP-capable telephone. A security vulnerability exists in Mitel MiCollab...
Schneider Electric Modicon Illegal Breakpoint Parameter Denial of Service Vulnerability
The Schneider Electric Modicon M580, M340 is a programmable automation controller. An illegal breakpoint parameter handling vulnerability exists in the Schneider Electric Modicon M580, M340, which allows remote attackers to exploit the vulnerability by submitting a special request, which can be...
ShopsN open source online store full system PayOrderController page there are code execution vulnerabilities
ShopsN free version of the B2C e-commerce is a Shanghai Yisu Network Technology Co., Ltd. in line with the enterprise-level commercial standards full-featured really allow free commercial use of open source online store full network system. ShopsN v2.3.5 official version of the PayOrderController...
niushop_b2c Pay.php has xml entity injection vulnerability
Niushop open source mall National first commercial free four-in-one completely open source 100% open source The country's first set of B2B2C multi-user mall + micro letter micro-distribution + e-commerce platform investment operation + iOS, Android multi-platform client PHP open source e-commerce...