Storing Passwords in a Recoverable Format vulnerability in Automated Logic WebCTRL on Windows, Carrier i-Vu on Windows. Storing Passwords in a Recoverable Format vulnerability (CWE-257) in the Web session management component allows an attacker to access stored passwords in a recoverable format which makes them subject to password reuse attacks by malicious users.This issue affects WebCTRL: from 6.0 through 9.0; i-Vu: from 6.0 through 9.0.

Unrestricted Upload of File with Dangerous Type vulnerability in Solvera Software Services Trade Inc. Teknoera allows File Content Injection.This issue affects Teknoera: through 01102025.

Authorization Bypass Through User-Controlled Key vulnerability in Solvera Software Services Trade Inc. Teknoera allows Exploitation of Trusted Identifiers.This issue affects Teknoera: through 01102025.

Quick.Cart is vulnerable to Local File Inclusion and Path Traversal issues in the theme selection mechanism. Quick.Cart allows a privileged user to upload arbitrary file contents while only validating the filename extension. This allows an attacker to include and execute uploaded PHP code, resulting in Remote Code Execution on the server. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Quick.Cart is vulnerable to reflected XSS via the sSort parameter. An attacker can craft a malicious URL which, when opened, results in arbitrary JavaScript execution in the victim’s browser. The vendor was notified early about this vulnerability, but didn't respond with the details of vulnerability or vulnerable version range. Only version 6.7 was tested and confirmed as vulnerable, other versions were not tested and might also be vulnerable.

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection.This issue affects Education Management System: through 23.09.2025.

MeetingHub developed by HAMASTAR Technology has a Missing Authentication vulnerability, allowing unauthenticated remote attackers to access specific API functions and obtain meeting-related information.

ACE vulnerability in configuration file processing by QOS.CH logback-core up to and including version 1.5.24 in Java applications, allows an attacker to instantiate classes already present on the class path by compromising an existing logback configuration file. The instantiation of a potentially malicious Java class requires that said class is present on the user's class-path. In addition, the attacker must have write access to a configuration file. However, after successful instantiation, the instance is very likely to be discarded with no further ado.

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows SQL Injection.This issue affects Hotel Guest Hotspot: through 22012026.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Aida Computer Information Technology Inc. Hotel Guest Hotspot allows Reflected XSS.This issue affects Hotel Guest Hotspot: through 22012026.  NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that bypass cycle detection.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.

Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. The CVE was never used.