Ictrun

#9454of 53,622
29.3Total CVSS
Vulnerabilities · 4
Low
1
High
2
Critical
1
PT-2026-49148
8.3
2026-06-14
Ruijie · Eg105G-P · CVE-2026-12197
**Name of the Vulnerable Software and Affected Versions** Ruijie EG105G-P version 2.340 **Description** An issue exists in the JSON-RPC Diagnose Endpoint component where the `nslookup()` function within the '/cgi-bin/luci/api/diagnose' endpoint is susceptible to command injection. This occurs when the `params.target` argument is manipulated, allowing a remote attacker to execute arbitrary commands on the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2025-46957
9.8
2025-11-14
Unknown · Ury-Erp Ury · CVE-2025-13168
**Name of the Vulnerable Software and Affected Versions** ury-erp ury versions up to 0.2.0 **Description** A weakness exists in ury-erp ury that allows for SQL injection. This issue is related to the manipulation of the `search term` argument within the `overrided past order list` function located in the file `ury/ury/api/pos extend.py`. Remote exploitation is possible, and an exploit has been publicly released. **Recommendations** Upgrade to version 0.2.1 or later to address this issue.
PT-2025-46863
7.5
2025-11-13
Unknown · Cameasy Liketea · CVE-2025-13121
**Name of the Vulnerable Software and Affected Versions** cameasy Liketea version 1.0.0 **Description** A security issue exists in cameasy Liketea 1.0.0. The `list` function within the file `laravel/app/Http/Controllers/Front/StoreController.php` of the API Endpoint component is susceptible to SQL injection. Manipulation of the `lng/lat` argument can trigger this issue, and the attack can be performed remotely. The exploit has been publicly disclosed. **Recommendations** Apply a fix to the `list` function in the file `laravel/app/Http/Controllers/Front/StoreController.php` to prevent SQL injection through the `lng/lat` argument.
PT-2025-45581
3.7
2025-11-09
Evershop · Evershop · CVE-2025-12919
**Name of the Vulnerable Software and Affected Versions** EverShop versions up to 2.0.1 **Description** A flaw exists in EverShop related to improper control of resource identifiers. The issue is located in an unknown function within the `/src/modules/oms/graphql/types/Order/Order.resolvers.js` file of the Order Handler component. Manipulation of the `uuid` argument can trigger the issue. The attack can be performed remotely and is considered to have high complexity and difficult exploitability. The exploit is publicly available. The vendor was contacted but did not respond. **Recommendations** Versions prior to 2.0.1 should be updated.