CVE-2026-3826
IFTOP developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVE-2026-3825
IFTOP developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-3824
IFTOP developed by WellChoose has an Open redirect vulnerability, allowing authenticated remote attackers to craft a URL that tricks users into visiting malicious website.
CVE-2026-1429
Single Sign-On Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing authenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2026-1428
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2026-1427
Single Sign-On Portal System developed by WellChoose has a OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the server.
CVE-2025-8914
Organization Portal System developed by WellChoose has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read database contents.
CVE-2025-8913
Organization Portal System developed by WellChoose has a Local File Inclusion vulnerability, allowing unauthenticated remote attackers to execute arbitrary code on the server.
CVE-2025-8912
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing unauthenticated remote attackers to exploit Absolute Path Traversal to download arbitrary system files.
CVE-2025-8911
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2025-8910
Organization Portal System developed by WellChoose has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
CVE-2025-8909
Organization Portal System developed by WellChoose has an Arbitrary File Reading vulnerability, allowing remote attackers with regular privileges to exploit Absolute Path Traversal to download arbitrary system files.