A security issue was discovered within Verve Asset Manager allowing unauthorized read-only users to read, update, and delete users via the API. More information : https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1759.html
HTML injection vulnerability found in Fairsketch’s RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter ‘first_name’ in...
Zohocorp ManageEngine Analytics Plus versions 6170 and below are vulnerable to Unauthenticated SQL Injection due to the improper filter configuration. More information : https://www.manageengine.com/analytics-plus/CVE-2025-8324.html
HTML injection vulnerability found in Fairsketch’s RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter ‘reply_message’ in...
HTML injection vulnerability found in Fairsketch’s RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter ‘custom_field_1’ in...
HTML injection vulnerability found in Fairsketch’s RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter ‘title’ in...
Improper Restriction of Excessive Authentication Attempts, Client-Side Enforcement of Server-Side Security, Reliance on Untrusted Inputs in a Security Decision vulnerability in Turkguven Software Technologies Inc. Perfektive allows Brute Force, Authentication Bypass, Functionality Bypass.This issue...
HTML injection vulnerability found in Fairsketch’s RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter ‘title’ in’/projects/save’....
HTML injection vulnerability found in Fairsketch’s RISE CRM Framework v3.8.1, which consist of an HTML code injection due to lack of proper validation of user inputs by sending a POST request in parameter ‘title’...
Improper Neutralization of Input During Web Page Generation (XSS or ‘Cross-site Scripting’) vulnerability in Aryom Software High Technology Systems Inc. KVKNET allows Reflected XSS.This issue affects KVKNET: before 2.1.8. More information : https://www.usom.gov.tr/bildirim/tr-25-0386
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Folder Message Count and Size report. More information : https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7430.html
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Public Folders report. More information : https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7632.html
Zohocorp ManageEngine Exchange Reporter Plus versions 5723 and below are vulnerable to the Stored XSS Vulnerability in the Custom report. More information : https://www.manageengine.com/products/exchange-reports/advisory/CVE-2025-7633.html
The Blocksy Companion plugin for WordPress is vulnerable to authenticated arbitrary file upload in all versions up to, and including, 2.1.19. This is due to insufficient file type validation detecting SVG files, allowing double...