CVE/Research Publications

1. CVE-2025-11235 - Progress MOVEit Transfer - Unverified Password Change
2. CVE-2025-43862 - DIFY - Unauthorized Access and Modification of APP Orchestration
3. CVE-2025-32795 - DIFY - Insecure User Role Access Control for APP Editing
4. CVE-2025-32796 - DIFY - Unauthorized APP Enable/Disable via API
5. CVE-2025-32790 - DIFY - Insecure User Role Access Control for APP DSL Exporting
6. CVE-2025-43854 - DIFY - DIFY vulnerable to Clickjacking Attack
7. CVE-2025-2129 - Mage-AI - Insecure Default Authentication Setup Leading to Zero-Click RCE
8. CVE-2023-39610 - TP-Link Tapo C100 - HTTP Denial-Of-Service
9. CVE-2023-2479 - Appium Desktop - Zero-Click Remote Code Execution
10. CVE-2022-1177 - OPENEMR - Accounting User Can Download Patient Reports
11. CVE-2022-1178 - OPENEMR - Stored Cross Site Scripting
12. CVE-2022-1179 - OPENEMR - Non-Privilege User Can Created New Rule and Lead to Stored Cross Site Scripting
13. CVE-2022-1180 - OPENEMR - Reflected Cross Site Scripting
14. CVE-2022-1181 - OPENEMR - Stored Cross Site Scripting
15. CVE-2022-1459 - OPENEMR - Non-Privilege User Can View Patient’s Disclosures
16. CVE-2022-1461 - OPENEMR - Non Privilege User can Enable or Disable Registered
17. CVE-2022-2493 - OPENEMR - Missing Function Level Access Control
18. CVE-2021-39192 - Ghost CMS >= 4.0.0 & <= 4.9.0 - Privilege escalation: all users can access Admin-level API keys