Indico may disclose unauthorized user details access via legacy API

Impact A legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Patches You should to update to Indico 3.3.8 as soon as possible. See the docs for instructions on how to update. Workarounds It ...

PT-2025-22898 · Tcman · Tcman'S Gim

Name of the Vulnerable Software and Affected Versions: TCMAN's GIM version 11 Description: The issue concerns time-based blind SQL injection vulnerabilities. These vulnerabilities allow an attacker to retrieve, create, update, and delete databases through the ArbolID parameter in the...

PT-2025-14613

Name of the Vulnerable Software and Affected Versions pgAdmin 4 versions prior to 9.2 Description The issue is a remote code execution security vulnerability in pgAdmin 4, affecting the Query Tool and Cloud Deployment modules. It is associated with two POST endpoints: "/sqleditor/query...

PT-2024-36214 · Hurrakify · Hurrakify

Name of the Vulnerable Software and Affected Versions: Hurrakify versions n/a through 2.4 Description: A Server-Side Request Forgery SSRF vulnerability is present in Hurrakify, enabling Server Side Request Forgery. This issue allows for the reading of application data. Recommendations: For versio...

PT-2024-28398 · Gl.Inet · X750 +19

Name of the Vulnerable Software and Affected Versions: GL-iNet products AR750/AR750S/AR300M/AR300M16/MT300N-V2/B1300/MT1300/SFT1200/X750 version 4.3.11 GL-iNet products MT3000/MT2500/AXT1800/AX1800/A1300/X300B version 4.5.16 GL-iNet products XE300 version 4.3.16 GL-iNet products E750 version 4.3....

PT-2024-7660 · Tenda · Tenda Fh1206

Name of the Vulnerable Software and Affected Versions: Tenda FH1206 version 02.03.01.35 Description: The issue is caused by a stack overflow in the fromNatlimit function via the page parameter. This allows attackers to cause a Denial of Service DoS via a crafted POST request to the affected API...

PT-2024-5874 · Hashicorp +2 · Vault Enterprise +3

Name of the Vulnerable Software and Affected Versions: Vault and Vault Enterprise versions prior to 1.15.12 Vault and Vault Enterprise versions prior to 1.16.6 Vault and Vault Enterprise versions prior to 1.17.2 Description: The issue is related to the improper handling of requests originating fr...

PT-2023-32525 · M Files · M-Files Server

Name of the Vulnerable Software and Affected Versions: M-Files server versions prior to 23.11.13156.0 Description: A possibility of unwanted server memory consumption was detected through the obsolete functionalities in the Rest API methods of the M-Files server, which allows attackers to execute...

PT-2023-11588 · Unknown · Nucleus Cms

Name of the Vulnerable Software and Affected Versions: NucleusCMS version 3.71 Description: The issue allows a remote attacker to execute arbitrary code. This is achieved via the "https://example.com/nucleus/plugins/skinfiles/?dir=rsd" API endpoint, where the dir parameter is set to rsd...

PT-2023-18530 · Kubepi · Kubepi

Name of the Vulnerable Software and Affected Versions: KubePi versions prior to 1.6.4 Description: The issue allows unauthorized access to system API interfaces, potentially leaking sensitive information. This is due to a flaw in how online applications handle routing permissions. There are no...

PT-2022-2681 · Pjsip +4 · Pjsip +4

Name of the Vulnerable Software and Affected Versions: PJSIP versions 2.12 and prior Description: The issue is related to a stack buffer overflow vulnerability in the PJSIP multimedia communication library, specifically affecting users of PJSUA2 or those who call the API endpoints pjmedia sdp pri...

PT-2022-6562 · Gitea · Gitea

Name of the Vulnerable Software and Affected Versions: Gitea versions prior to 1.5.2 Description: The issue is related to a Cross Site Request Forgery CSRF vulnerability in the Gitea Git repository management system interface. This vulnerability can be exploited by a remote attacker to perform a...