MaiqueSilva

10 exploits Active since Aug 2025
CVE-2025-8791 WRITEUP MEDIUM WRITEUP
LitmusChaos Litmus < 3.19.0 - Improper Authorization via /auth/list_projects Role Argument
A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/list_projects. The manipulation of the argument role leads to improper authorization. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-8792 WRITEUP MEDIUM WRITEUP
LitmusChaos Litmus < 3.19.0 - Client-Side Enforcement of Server-Side Security
A vulnerability classified as problematic has been found in LitmusChaos Litmus up to 3.19.0. Affected is an unknown function. The manipulation leads to client-side enforcement of server-side security. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-8793 WRITEUP MEDIUM WRITEUP
LitmusChaos Litmus <3.19.0 - Info Disclosure
A vulnerability classified as problematic was found in LitmusChaos Litmus up to 3.19.0. Affected by this vulnerability is an unknown functionality. The manipulation of the argument projectID leads to improper control of resource identifiers. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 4.3
CVE-2025-8794 WRITEUP MEDIUM WRITEUP
LitmusChaos Litmus < 3.19.0 - Authorization Bypass via projectID Manipulation
A vulnerability, which was classified as problematic, has been found in LitmusChaos Litmus up to 3.19.0. Affected by this issue is some unknown functionality of the component LocalStorage Handler. The manipulation of the argument projectID leads to authorization bypass. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2025-8795 WRITEUP MEDIUM WRITEUP
LitmusChaos Litmus < 3.19.0 - Improper Access Control via ProjectID Parameter
A vulnerability, which was classified as critical, was found in LitmusChaos Litmus up to 3.19.0. This affects an unknown part of the file /auth/login. The manipulation of the argument projectID leads to improper access controls. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-8796 WRITEUP MEDIUM WRITEUP
LitmusChaos Litmus < 3.19.0 - Missing Authorization in Delete Request Handler
A vulnerability has been found in LitmusChaos Litmus up to 3.19.0 and classified as problematic. This vulnerability affects unknown code of the file /auth/delete_project/ of the component Delete Request Handler. The manipulation of the argument projectID leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.4
CVE-2025-8797 WRITEUP MEDIUM WRITEUP
LitmusChaos Litmus <3.19.0 - Privilege Escalation
A vulnerability was found in LitmusChaos Litmus up to 3.19.0 and classified as critical. This issue affects some unknown processing of the component LocalStorage Handler. The manipulation leads to permission issues. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2025-8798 WRITEUP HIGH WRITEUP
oitcode samarium <= 0.9.6 - Unrestricted File Upload in Create Product Page
A vulnerability was found in oitcode samarium up to 0.9.6. It has been classified as critical. Affected is an unknown function of the file /dashboard/product of the component Create Product Page. The manipulation leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS 7.3
CVE-2025-9416 WRITEUP LOW WRITEUP
oitcode samarium <= 0.9.6 - Cross-Site Scripting in Pages Image Handler
A security flaw has been discovered in oitcode samarium up to 0.9.6. This vulnerability affects unknown code of the file /cms/webpage/ of the component Pages Image Handler. The manipulation results in cross site scripting. The attack may be performed from a remote location. The exploit has been released to the public and may be exploited.
CVSS 2.4
CVE-2025-9422 WRITEUP LOW WRITEUP
oitcode samarium <= 0.9.6 - Cross-Site Scripting in Team Image Handler
A vulnerability was found in oitcode samarium up to 0.9.6. This impacts an unknown function of the file /dashboard/team of the component Team Image Handler. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit has been made public and could be used.
CVSS 2.4