Freedom Factory dGEN1 授权问题漏洞

The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of the Freedom Factory dGEN1 dated 20260221 and earlier have a licensing issue vulnerability. This vulnerability stems from incorrect operations on the AlarmService function in the com.dgen.ala...

Freedom Factory dGEN1 授权问题漏洞

The Freedom Factory dGEN1 is a Ethereum mobile device produced by the Freedom Factory company. Versions of Freedom Factory dGEN1 dated back to 20260221 and earlier contained an authorization issue vulnerability. This vulnerability stemmed from incorrect operations on the FakeAppProvider function...

RUSTSEC-2026-0030 `time_calibrator` was removed from crates.io due to malicious code

It was reported timecalibrator contained malicious code, that would try to upload .env files to a server. The malicious crate had only 1 version published at 2026-02-28 and no evidence of actual usage. The crate was removed from crates.io and the user account was locked. There were no crates...

Birtech Senseway 安全漏洞

Birtech Senseway is an environmental data monitoring platform developed by the Turkish company Birtech. Versions of Birtech Senseway from 09022026 onward contain security vulnerabilities. These vulnerabilities stem from insecure storage of sensitive information, which may lead to the retrieval of...

Ankara Host Website Software 跨站脚本漏洞

Ankara Host Website Software is a web design software developed by Ankara Host in Turkey. Versions of Ankara Host Website Software prior to 03022026 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper input during web page generation, and could lead to...

QRMenümPro Menu Panel Authorization Issue Vulnerability

QRMenümPro Menu Panel is a backend management panel for the intelligent menu system developed by the Turkish company QRMenümPro. The QRMenümPro Menu Panel versions dated 29012026 and earlier had an authorization issue vulnerability. This vulnerability stemmed from session fixation, which could le...

Bdtask SalesERP Authorization Issues Vulnerability

Bdtask SalesERP is a sales enterprise resource planning software developed by the Bangladeshi company Bdtask. Versions of Bdtask SalesERP from 20260116 onward have a licensing issue vulnerability. This vulnerability arises from incorrect operations with the parameter cisession, resulting in...

Bdtask SalesERP 安全漏洞

Bdtask SalesERP is a sales enterprise resource planning software from Bdtask Bangladesh. A security vulnerability exists in Bdtask SalesERP 20250728 and prior versions that stems from cross-site request forgery...

PT-2025-45606

Name of the Vulnerable Software and Affected Versions Looker Studio versions prior to 21 July 2025 Description A SQL injection issue exists in Looker Studio. A user with report view access can inject malicious SQL code that is executed with the permissions of the report owner. This affects report...

Restaurant Brands International assistant platform 安全漏洞

Restaurant Brands International assistant platform is a restaurant back office platform from Restaurant Brands International. A security vulnerability exists in the Restaurant Brands International assistant platform version 2025-09-06 and earlier, which stems from an unimplemented access control ...

EUVD-2025-34190

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025...

CVE-2025-10610 SQLi in SFS Winsure

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SFS Consulting Information Processing Industry and Foreign Trade Inc. Winsure allows Blind SQL Injection.This issue affects Winsure: through Version dated 21.08.2025...

PT-2025-41894

Name of the Vulnerable Software and Affected Versions Winsure versions through August 21, 2025 Description A flaw exists in Winsure that allows for Blind SQL Injection due to improper neutralization of special elements used in SQL commands. This could allow an attacker to execute arbitrary SQL co...

Dokuzsoft E-Commerce Web Design Product 跨站脚本漏洞

Dokuzsoft E-Commerce Web Design Product is an e-commerce platform website design software from Dokuzsoft Turkey. A cross-site scripting vulnerability exists in Dokuzsoft E-Commerce Web Design Product versions prior to 11.08.2025, which stems from improper input neutralization and could lead to...

Dolusoft Omaspot 安全漏洞

Dolusoft Omaspot is a network access management tool from the Turkish company Dolusoft. A security vulnerability exists in Dolusoft Omaspot versions prior to 12.09.2025, which stems from the transmission of sensitive information in clear text and could lead to interception and elevation of...

Bevy Event 安全漏洞

Bevy Event is a communication mechanism in the Bevy Engine from Bevy USA. A security vulnerability exists in Bevy Event version 2025-07-22 and earlier, which stems from a misconfiguration of SSO and could lead to account takeover...

HUSTOJ 安全漏洞

HUSTOJ is a popular OJ system by the individual developer Zhang Haobin zhblue in China. A security vulnerability exists in HUSTOJ version 2025-01-31, which stems from parameter injection and could lead to cross-site scripting attacks...

PT-2025-32503 · Linksys · Linksys Re9000 +5

Name of the Vulnerable Software and Affected Versions: Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 versions up to 20250801 Description: A vulnerability exists due to os command injection. The RP setBasicAuto function within the /goform/RP setBasicAuto file is affected. Manipulation ...

70mai M300 安全漏洞

70mai M300 is a smart logger from 70mai 70mai, a Chinese company. A security vulnerability exists in 70mai M300 20250611 and prior versions, which stems from insufficient credential protection...

TeleMessage 安全漏洞

TeleMessage is a secure and compliant messaging solution for organizations from TeleMessage Israel. A security vulnerability exists in TeleMessage version 2025-05-05 and earlier, which stems from the heap content of a JSP application containing a password sent over HTTP...