Author: Angelo Barbosa

A vulnerability, which was classified as critical, has been found in Moodle up to 4.1.15/4.3.9/4.4.5/4.5.1. This issue affects some unknown processing of the component Module List Filter. The manipulation leads to sql injection. The identification of this vulnerability is CVE-2025-26533. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected...

A vulnerability classified as problematic was found in Moodle up to 4.1.15/4.3.9/4.4.5/4.5.1. This vulnerability affects unknown code of the component pdfTeX. The manipulation leads to files or directories accessible. This vulnerability was named CVE-2025-26525. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected...

A vulnerability, which was classified as critical, has been found in Lumsoft ERP 8. Affected by this issue is some unknown functionality of the file /Api/TinyMce/UploadAjaxAPI.ashx of the component ASPX File Handler. The manipulation of the argument file leads to unrestricted upload. This vulnerability is handled as CVE-2025-1646. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability classified as critical was found in Benner Connecta 1.0.5330. Affected by this vulnerability is an unknown functionality of the file /Usuarios/Usuario/EditarLogado/. The manipulation of the argument Handle leads to improper control of resource identifiers. This vulnerability is known as CVE-2025-1645. The attack can be launched remotely. There is no exploit available. The vendor was contacted early about this disclosure but did not respond in any...

A vulnerability classified as problematic has been found in Benner ModernaNet up to 1.2.0. Affected is an unknown function of the file /DadosPessoais/SG_Gravar. The manipulation of the argument idItAg leads to cross-site request forgery. This vulnerability is traded as CVE-2025-1644. It is possible to launch the attack remotely. There is no exploit available. It is recommended to upgrade the affected...