Chandler Rose

Researcher fromTrustStack Security
#10070of 53,634
27.4Total CVSS
Vulnerabilities · 4
Medium
2
High
1
Critical
1
PT-2025-33851
6.5
2025-08-19
Logicdata · Logicdata Ecommerce Framework · CVE-2025-52337
Name of the Vulnerable Software and Affected Versions: LogicData eCommerce Framework version 5.0.9.7000 Description: An authenticated arbitrary file upload issue exists in the Content Explorer feature. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-17676
7.5
2025-04-23
Nih · Nih Brics · CVE-2025-27580
**Name of the Vulnerable Software and Affected Versions** NIH BRICS (aka Biomedical Research Informatics Computing System) versions 14.0.0 through 14.0.0-67 **Description** The issue allows unauthenticated users with a Common Access Card (CAC) to escalate privileges and compromise any account, including administrators, due to the generation of predictable tokens. These tokens depend on the `username`, time, and a fixed string. **Recommendations** For versions 14.0.0 through 14.0.0-67, consider restricting access to sensitive areas of the system until a patch is available to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-17677
4.3
2025-04-23
Nih · Nih Brics · CVE-2025-27581
**Name of the Vulnerable Software and Affected Versions** NIH BRICS (aka Biomedical Research Informatics Computing System) versions 14.0.0-67 and earlier **Description** The issue allows users without the InET role to access the InET module by making direct requests to known endpoints. **Recommendations** For versions 14.0.0-67 and earlier, restrict access to the InET module to minimize the risk of exploitation. As a temporary workaround, consider disabling direct requests to known endpoints until a patch is available.
PT-2025-2967
9.1
2025-01-16
Opexus · Opexus Foiaxpress Public Access Link · CVE-2024-53553
**Name of the Vulnerable Software and Affected Versions** OPEXUS FOIAXPRESS PUBLIC ACCESS LINK version 11.1.0 **Description** An issue in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK allows attackers to bypass authentication via crafted web requests. **Recommendations** For OPEXUS FOIAXPRESS PUBLIC ACCESS LINK version 11.1.0, consider restricting access to the web interface until a patch is available. As a temporary workaround, review and monitor all web requests to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.