CVE-2026-40329

Masa CMS is affected by a SQL injection in the beanFeed.cfc component (getQuery handling of the sortBy parameter) in versions 7.5.2 and earlier. The vulnerability arises from insufficient sanitization/parameterization of sortBy, allowing an unauthenticated remote attacker to execute arbitrary SQL...

PT-2026-28504

Name of the Vulnerable Software and Affected Versions Lychee versions prior to 7.5.2 Description Lychee is a free, open-source photo-management tool. Prior to version 7.5.2, the Server-Side Request Forgery SSRF protection in PhotoUrlRule.php could be bypassed using DNS rebinding. The IP validatio...

CVE-2025-47579

Deserialization of Untrusted Data vulnerability in ThemeGoods Photography. This issue affects Photography: from n/a through 7.5.2...

Personify360 e-Business Information Disclosure Vulnerability (CNVD-2017-13143)

Personify360 e-Business is a Web-based member management system from Personify, Inc. A security vulnerability exists in Personify360 e-Business versions 7.5.2 through 7.6.1. The vulnerability can be exploited by an attacker to add vendor accounts or read vendor account data including: user names...