CVE-2025-9822 Secret data extraction via elfinder

SummaryA user with administrator rights can change the configuration of the mautic application and extract secrets that are not normally available. ImpactAn administrator who usually does not have access to certain parameters, such as database credentials, can disclose them...

PT-2024-20860 · Unknown · 3Dsecure 2.0

Name of the Vulnerable Software and Affected Versions: 3DSecure 2.0 versions 3 and earlier Description: The issue allows form action hijacking via the threeDsMethod.jsp endpoint with the threeDSMethodData parameter or the threeDSMethodNotificationURL parameter. This enables modification of the...

PT-2023-28780 · Moosocial · Moosocial

Name of the Vulnerable Software and Affected Versions: mooSocial version 3.1.8 Description: The issue concerns external service interaction on the post function. When executed, the server sends HTTP and DNS requests to an external server. The parameters affected are multiple, including messageTex...

Waverider Systems Perlshop - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/43158/info Perlshop is prone to multiple input-validation vulnerabilities including a nondescript input-validation vulnerability, multiple cross-site scripting vulnerabilities, and a directory-traversal vulnerability because it fails to sufficiently...