Edcarlos

#12545of 53,624
21.6Total CVSS
Vulnerabilities · 4
Medium
4
PT-2026-25949
5.6
2026-03-17
Duende · Duende Identityserver 4 · CVE-2026-4349
**Name of the Vulnerable Software and Affected Versions** Duende IdentityServer version 4 **Description** A security issue exists in Duende IdentityServer 4 related to improper authentication. Manipulation of the `id token hint` argument within an unknown function of the `/connect/authorize` file in the Token Renewal Endpoint component can lead to unauthorized access. The attack can be initiated remotely and is considered to have high complexity with difficult exploitability. The vendor was contacted regarding this issue but did not respond. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-41744
5.8
2025-10-13
Unknown · Totaljs Flow · CVE-2025-11655
**Name of the Vulnerable Software and Affected Versions** Total.js Flow versions prior to 673ef9144dd25d4f4fd4fdfda5af27f230198924 **Description** A security flaw exists in Total.js Flow related to the SVG File Handler component. Manipulation of this component can lead to unrestricted file upload, and the attack can be initiated remotely. The exploit has been publicly released. Continuous delivery with rolling releases is used, and the vendor did not respond to early disclosure attempts. **Recommendations** Update to a version later than 673ef9144dd25d4f4fd4fdfda5af27f230198924.
PT-2025-39359
4.8
2025-09-25
Unknown · Total.Js Cms · CVE-2025-10940
**Name of the Vulnerable Software and Affected Versions** Total.js CMS version 1.0.0 **Description** A cross site scripting issue exists in Total.js CMS version 1.0.0. The issue is located in the `layouts save` function within the `/admin/` file of the Layout Page component. Manipulation of the `HTML` argument can trigger the issue. The attack can be initiated remotely. The exploit has been made public. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-33434
5.4
2025-08-04
D Link · Dir-818Lw · CVE-2025-9003
Name of the Vulnerable Software and Affected Versions: D-Link DIR-818LW version 1.04 Description: A vulnerability exists in the DHCP Reserved Address Handler component of D-Link DIR-818LW version 1.04. The manipulation of the `Name` argument in the `/bsc lan.php` file leads to cross-site scripting. The attack can be initiated remotely. This vulnerability affects products that are no longer supported by the maintainer. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.