A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication.
This vulnerability is handled as CVE-2025-7115. The attack may be launched remotely. There is no exploit available.
Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
It is expected that this issue will be fixed in the near future.
A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication.
This vulnerability is known as CVE-2025-7114. The attack can be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting.
This vulnerability is traded as CVE-2025-7113. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module. The manipulation of the argument Função leads to cross site scripting.
The identification of this vulnerability is CVE-2025-7112. The attack may be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Curso leads to cross site scripting.
This vulnerability was named CVE-2025-7111. The attack can be initiated remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting.
This vulnerability is uniquely identified as CVE-2025-7110. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument Benefício leads to cross site scripting.
This vulnerability is handled as CVE-2025-7109. The attack may be launched remotely. Furthermore, there is an exploit available.
The vendor was contacted early about this disclosure but did not respond in any way.
A vulnerability classified as problematic was found in Communigate Pro up to 6.2.0. Affected by this vulnerability is an unknown functionality of the component WebMail. The manipulation leads to cross site scripting (Stored).
This vulnerability is known as CVE-2017-16962. The attack can be launched remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
A vulnerability classified as problematic has been found in Wibu-Systems CodeMeter up to 6.50a. Affected is an unknown function of the file actions/ChangeConfiguration.html of the component Advanced Settings. The manipulation leads to cross site scripting.
This vulnerability is traded as CVE-2017-13754. It is possible to launch the attack remotely. Furthermore, there is an exploit available.
It is recommended to upgrade the affected component.
A vulnerability was found in Jorani 0.6.5. It has been rated as problematic. Affected by this issue is some unknown functionality. The manipulation of the argument Language as part of Parameter leads to cross site scripting (Persistent).
This vulnerability is handled as CVE-2018-15917. The attack may be launched remotely. Furthermore, there is an exploit available.