CVE-2026-3025 ShuoRen Smart Heating Integrated Management Platform ExampleNodeService.asmx unrestricted upload

A flaw has been found in ShuoRen Smart Heating Integrated Management Platform 1.0.0. Affected by this vulnerability is an unknown functionality of the file /MP/Service/Webservice/ExampleNodeService.asmx. Executing a manipulation of the argument File can lead to unrestricted upload. It is possible...

PT-2026-20609

Name of the Vulnerable Software and Affected Versions Breeze - WordPress Cache Plugin versions through 2.2.21 Description The Breeze - WordPress Cache Plugin is affected by an issue allowing unauthorized cache clearing. The REST API endpoint /wp-json/breeze/v1/clear-all-cache is registered withou...

CVE-2025-14086

A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made public and could be...

EUVD-2025-200225

Unauthorized access vulnerability in TCMAN GIM v11 version 20250304. This vulnerability allows an unauthenticated attacker to determine whether a user exists on the system by using the 'pda:userId' and 'pda:newPassword' parameters with 'soapaction UnlockUser’ in '/WS/PDAWebService.asmx'...

CVE-2025-41348

SQL injection vulnerability in WinPlus v24.11.27 by Informática del Este. This vulnerability allows an attacker recover, create, update an delete databases by sendng a POST request using the parameters 'val1' and 'cont in '/WinplusPortal/ws/sWinplus.svc/json/getacumperpost'...

CVE-2025-40645

CVE-2025-40645 relates to ViDay/Viday. An unauthenticated attacker can retrieve sensitive customer information by issuing an HTTP GET to /api/reserva/web/clients with the phone parameter. Technical details from sources: CVSS v4.0 base score 8.7 (HIGH) with NETWORK attack vector, LOW attack comple...

Mercatus ERP 安全漏洞

Mercatus ERP is an enterprise resource planning system from Mercatus Inc. in the United States. A security vulnerability exists in Mercatus ERP version 2.00.019, which stems from an improperly controlled resource identifier in file /basico/webservice/imprimir-danfe/id...

PT-2025-35186

Name of the Vulnerable Software and Affected Versions: E4 Sistemas Mercatus ERP version 2.00.019 Description: A security flaw exists in E4 Sistemas Mercatus ERP 2.00.019, involving improper control of resource identifiers due to manipulation of an unknown function within the...

CVE-2021-40851

TCMAN GIM is vulnerable to a lack of authorization in all available webservice methods listed in /PC/WebService.asmx. The exploitation of this vulnerability might allow a remote attacker to obtain information...

CVE-2021-40850

TCMAN GIM is vulnerable to a SQL injection vulnerability inside several available webservice methods in /PC/WebService.asmx...

Tcman Gim SQL注入漏洞

Tcman Gim is a facility management software from Tcman Spain designed for use on mobile devices. TCMAN GIM suffers from a SQL injection vulnerability that can be exploited via the "/PC/WebService.asmx" page...

File Containment Vulnerability in Hangzhou Ancai Network Reimbursement System

Hangzhou Ancai Network Reimbursement System is an online reimbursement system that supports online bill of lading and online approval for employees, bidding farewell to paper transmission and improving the timeliness, safety and standardization of information transmission. A file inclusion...