Company Name: Hemi VDP Company HackerOne URL: https://hackerone.com/hemi_labs_vdp Submitted By:aaravhexLink to Submitters Profile:https://hackerone.com/aaravhex Report Title:Cloudflare WAF Bypass - Origin IP...
Vulnerability Summary: CVE-2025-30524 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in origincode Product Catalog...
Vulnerability Summary: CVE-2025-28924 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in NotFound ZenphotoPress allows Reflected XSS....
Vulnerability Summary: CVE-2025-28942 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Trust Payments Trust...
Vulnerability Summary: CVE-2025-2819 There is a risk of unauthorized file uploads in GT-SoftControl and potential file overwrites due to insufficient...
Vulnerability Summary: CVE-2025-2820 An authenticated attacker can compromise the availability of the device via the network Affected Endpoints: No affected...
Vulnerability Summary: CVE-2025-27405 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in...
Vulnerability Summary: CVE-2025-27406 Icinga Reporting is the central component for reporting related functionality in the monitoring web frontend and framework...
Vulnerability Summary: CVE-2025-30225 Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting...
Vulnerability Summary: CVE-2025-2825 CrushFTP versions 10.0.0 through 10.8.3 and 11.0.0 through 11.3.0 are affected by a vulnerability that may result...
Vulnerability Summary: CVE-2025-2783 Incorrect handle provided in unspecified circumstances in Mojo in Google Chrome on Windows prior to 134.0.6998.177 allowed...
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
The Information provided at the time of posting was detected as "Cobalt Strike". Depending on when you are viewing this...
Vulnerability Summary: CVE-2025-30164 Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in...
Vulnerability Summary: CVE-2025-30351 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0...
Vulnerability Summary: CVE-2025-2562 Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user...
Vulnerability Summary: CVE-2025-30350 Directus is a real-time API and App dashboard for managing SQL database content. The `@directus/storage-driver-s3` package starting...
Vulnerability Summary: CVE-2025-2499 Client side access control bypass in the permission component in Devolutions Remote Desktop Manager on Windows. An...
Vulnerability Summary: CVE-2025-30353 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.12.0...
Vulnerability Summary: CVE-2025-31160 atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application...
Vulnerability Summary: CVE-2025-2528 Improper authorization in application password policy in Devolutions Remote Desktop Manager on Windows allows an authenticated user...
Vulnerability Summary: CVE-2025-30352 Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 9.0.0-alpha.4...
Vulnerability Summary: CVE-2025-20229 In Splunk Enterprise versions below 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.104, 9.2.2406.108,...
