Matan Sandori

#11240of 53,634
24.5Total CVSS
Vulnerabilities · 3
Medium
1
Critical
2
PT-2026-30584
5.3
2026-04-06
Heriklyma · Cppwebframework · CVE-2026-5638
Name of the Vulnerable Software and Affected Versions HerikLyma CPPWebFramework versions up to 3.1 Description A path traversal issue exists in HerikLyma CPPWebFramework up to version 3.1 due to manipulation of some unknown processing. Remote exploitation is possible. The exploit is publicly available. Recommendations Update to a newer version of HerikLyma CPPWebFramework that addresses this path traversal issue.
PT-2026-21488
9.8
2026-02-23
Unknown · Higuma Web-Audio-Recorder-Js · CVE-2026-2964
**Name of the Vulnerable Software and Affected Versions** higuma web-audio-recorder-js versions 0.1 and 0.1.1 **Description** A flaw exists in the `extend` function within the `lib/WebAudioRecorder.js` library, specifically in the Dynamic Config Handling component. This allows for improper modification of object prototype attributes. The issue is remotely exploitable, but requires a high level of complexity to successfully execute. The exploit is publicly available. The vendor was notified but did not respond. **Recommendations** Update to a newer version of higuma web-audio-recorder-js that addresses this issue. As a temporary workaround, consider avoiding the use of the `extend` function within the `lib/WebAudioRecorder.js` library.
PT-2025-35943
9.4
2025-09-04
Dotcms · Dotcms · CVE-2025-8311
**Name of the Vulnerable Software and Affected Versions** dotCMS versions 24.03.22 and after **Description** A Boolean-based blind SQL injection vulnerability exists in the `/api/v1/contenttype` endpoint. The endpoint utilizes the `sites` query parameter, which accepts a comma-separated list of site identifiers or keys. The `sites` parameter is directly concatenated into a SQL query without proper sanitization, allowing an authenticated attacker with low privileges to extract data from the database, perform privilege escalation, or trigger denial-of-service conditions. Exploitation was verified using tools such as SQLMap, enabling full database exfiltration and potential denial-of-service conditions via crafted payloads. **Recommendations** Update to dotCMS version 25.08.14 or later. Update to dotCMS version 25.07.10-1v2 LTS or later. Update to dotCMS version 24.12.27v10 LTS or later. Update to dotCMS version 24.04.24v21 LTS or later.