High - CVE-2025-7218 - A vulnerability was found in Campcodes Payroll...
A vulnerability was found in Campcodes Payroll Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /ajax.php?action=delete_position. The...
High - CVE-2025-7219 - A vulnerability was found in Campcodes Payroll...
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /ajax.php?action=delete_allowances. The...
High - CVE-2025-7220 - A vulnerability was found in Campcodes Payroll...
A vulnerability was found in Campcodes Payroll Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file...
NA - CVE-2025-7378 - An improper Input Validation vulnerability...
An improper Input Validation vulnerability allows injecting arbitrary values of the NAS configuration file in ASUSTOR ADM. This could potentially lead to system misconfiguration and break the...
NA - CVE-2025-27027 - Restricted shell rbash evasion in Radiflow iSAP...
Restricted shell rbash evasion in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) allows the user vpuser to start a full-feature shell. A user with vpuser credentials that opens an SSH...
NA - CVE-2025-27028 - The Linux deprivileged user vpuser in Radiflow...
The Linux deprivileged user vpuser in Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) can read the entire file system content, including files belonging to other users and having restricted...
NA - CVE-2025-3497 - The Linux distribution underlying the Radiflow...
The Linux distribution underlying the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) is obsolete and reached end of life (EOL) on June 30, 2024. Thus, any unmitigated vulnerability could...
NA - CVE-2025-3498 - An unauthenticated user with management network...
An unauthenticated user with management network access can get and modify the Radiflow iSAP Smart Collector (CentOS 7 - VSAP 1.20) configuration. The device has two web servers that expose...
NA - CVE-2025-3499 - The device has two web servers that expose...
The device has two web servers that expose unauthenticated REST APIs on the management network (TCP ports 8084 and 8086). Exploiting OS command injection through these APIs, an attacker can send...
NA - CVE-2025-7379 - A security bypass vulnerability allows...
A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and...