Natan Morette

10 exploits Active since Jan 2025
CVE-2026-12206 WRITEUP MEDIUM WRITEUP
Grit42 Grit data_table_entity.rb DataTableEntity sql injection
A vulnerability was identified in Grit42 Grit up to 0.11.0. This issue affects the function Grit::Assays::DataTableEntity of the file modules/assays/backend/app/models/grit/assays/data_table_entity.rb. The manipulation leads to sql injection. The attack is possible to be carried out remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 6.3
CVE-2024-57030 WRITEUP HIGH WRITEUP
Wegia < 3.2.0 - Cross-Site Scripting via id Parameter
Wegia < 3.2.0 is vulnerable to Cross Site Scripting (XSS) in /geral/documentos_funcionario.php via the id parameter.
CVSS 8.1
CVE-2024-57033 WRITEUP MEDIUM WRITEUP
WeGIA < 3.2.0 - Cross-Site Scripting via dados_addInfo Parameter
WeGIA < 3.2.0 is vulnerable to Cross Site Scripting (XSS) via the dados_addInfo parameter of documentos_funcionario.php.
CVSS 6.1
CVE-2025-8918 WRITEUP LOW WRITEUP
Portabilis i-educar < 2.10.0 - Stored Cross-Site Scripting via neighborhood name Parameter
A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educar_instituicao_cad.php of the component Editar Page. The manipulation of the argument neighborhood name leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-8919 WRITEUP LOW WRITEUP
Portabilis i-Diario < 1.6 - Cross-Site Scripting via History Page cdigo/objetivo habilidade Argument
A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-8919 WRITEUP LOW WRITEUP
Portabilis i-Diario < 1.6 - Cross-Site Scripting via History Page cdigo/objetivo habilidade Argument
A vulnerability was determined in Portabilis i-Diario up to 1.6. Affected is an unknown function of the file /objetivos-de-aprendizagem-e-habilidades of the component History Page. The manipulation of the argument código/objetivo habilidade leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-8920 WRITEUP LOW WRITEUP
Portabilis i-Diario 1.6 - Stored Cross-Site Scripting via Planos de ensino Parameter
A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2025-8920 WRITEUP LOW WRITEUP
Portabilis i-Diario 1.6 - Stored Cross-Site Scripting via Planos de ensino Parameter
A vulnerability was identified in Portabilis i-Diario 1.6. Affected by this vulnerability is an unknown functionality of the file /dicionario-de-termos-bncc of the component Dicionário de Termos BNCC Page. The manipulation of the argument Planos de ensino leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 2.4
CVE-2026-2108 WRITEUP MEDIUM WRITEUP
jsbroks COCO Annotator <0.11.1 - DoS
A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.3
CVE-2026-2109 WRITEUP MEDIUM WRITEUP
jsbroks COCO Annotator <0.11.1 - Auth Bypass
A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.
CVSS 5.4