6.9
CVE-2025-66573 - Solstice Pod API Session Key Extraction via API Endpoint
Solstice Pod API (version 5.5, 6.2) contains an unauthenticated API endpoint (`/api/config`) that exposes sensitive information such as the session key, server version, product details, and display name. Unauthorized users can extract live session information by accessing this endpoint without authβ¦
6.9
CVE-2025-66572 - Loaded Commerce 6.6 Client-Side Template Injection(CSTI)
Loaded Commerce 6.6 contains a client-side template injection vulnerability that allows unauthenticated attackers to execute code on the server via the search parameter.
9.3
CVE-2025-66571 - UNA CMS 9.0.0-RC1 - 14.0.0-RC4 PHP Object Injection
UNA CMS versions 9.0.0-RC1 - 14.0.0-RC4 contain a PHP object injection vulnerability in BxBaseMenuSetAclLevel.php where the profile_id POST parameter is passed to PHP unserialize() without proper handling, allowing remote, unauthenticated attackers to inject arbitrary PHP objects and potentially wrβ¦
8.8
CVE-2025-66555 - AirKeyboard iOS App 1.0.5 - Remote Input Injection
AirKeyboard iOS App 1.0.5 contains a missing authentication vulnerability that allows unauthenticated attackers to type arbitrary keystrokes directly into the victim's iOS device in real-time without user interaction, resulting in full remote input control.
8.5
CVE-2024-58278 - IndigoSTAR Software - perl2exe <= V30.10C - Arbitrary Code Execution
perl2exe <= V30.10C contains an arbitrary code execution vulnerability that allows local authenticated attackers to execute malicious scripts. Attackers can control the 0th argument of packed executables to execute another executable, allowing them to bypass restrictions and gain unauthorized accesβ¦
8.7
CVE-2024-58277 - R Radio Network FM Transmitter 1.07 System Settings Disclosure
R Radio Network FM Transmitter 1.07 allows unauthenticated attackers to access the admin user's password through the system.cgi endpoint, enabling authentication bypass and FM station setup access.
8.7
CVE-2024-58276 - Obi08-Enrollment System 1.0 login.php SQL Injection
Obi08/Enrollment System 1.0 contains a SQL injection vulnerability in the keyword parameter of /get_subject.php that allows unauthenticated attackers to execute arbitrary SQL queries. Attackers can use UNION-based injection to extract sensitive information from the users table including usernames aβ¦
8.7
CVE-2024-58275 - Easywall 0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server.
5.3
CVE-2023-53735 - WEBIGniter 28.7.23 Cross-Site Scripting (XSS) in User Creation Process
WEBIGniter 28.7.23 contains a cross-site scripting vulnerability in the user creation process that allows unauthenticated attackers to execute malicious JavaScript code, enabling potential XSS attacks.
8.7
CVE-2023-53734 - dawa-pharma-1.0 - SQL Injection via Email Parameter
dawa-pharma-1.0 allows unauthenticated attackers to execute SQL queries on the server, allowing them to access sensitive information and potentially gain administrative access.