Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

devcode-it — Vulnerabilities & Security Advisories 16

Browse all 16 CVE security advisories affecting devcode-it. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Devcode-it develops enterprise software solutions with a core focus on application development and deployment platforms. Historically, their products have been susceptible to multiple remote code execution (RCE) vulnerabilities, cross-site scripting (XSS) flaws, and privilege escalation issues. The organization has accumulated 16 CVEs to date, with several critical RCE vulnerabilities allowing unauthorized system access. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities in their software suggests a need for enhanced security testing and input validation practices. Their products remain targeted by attackers seeking to exploit these weaknesses for unauthorized access or system compromise.

Top products by devcode-it: openstamanager
CVE IDTitleCVSSSeverityPublished
CVE-2026-35470 OpenSTAManager has a SQL Injection via righe Parameter in confronta_righe Modals — openstamanagerCWE-89 8.8 High2026-04-06
CVE-2026-35168 OpenSTAManager: SQL Injection via Aggiornamenti Module — openstamanagerCWE-89 8.8 High2026-04-02
CVE-2026-28805 OpenSTAManager: Time-Based Blind SQL Injection via `options[stato]` Parameter — openstamanagerCWE-89 8.8 High2026-04-02
CVE-2026-29782 OpenSTAManager: Remote Code Execution via Insecure Deserialization in OAuth2 — openstamanagerCWE-502 7.2 High2026-04-02
CVE-2026-27012 Unauthenticated privilege escalation in OpenSTAManager via modules/utenti/actions.php — openstamanagerCWE-306 9.8 Critical2026-03-03
CVE-2026-24415 OpenSTAManager affected by reflected XSS in modifica_iva.php via righe parameter — openstamanagerCWE-79 6.1AIMediumAI2026-03-03
CVE-2025-69212 OpenSTAManager has an OS Command Injection in P7M File Processing — openstamanagerCWE-78 8.8AIHighAI2026-02-06
CVE-2025-69214 OpenSTAManager has a SQL Injection in ajax_select.php (componenti endpoint) — openstamanagerCWE-89 8.8AIHighAI2026-02-06
CVE-2025-69216 OpenSTAManager has an SQL Injection in Scadenzario Print Template — openstamanagerCWE-89 6.5AIMediumAI2026-02-06
CVE-2026-24416 OpenSTAManager has a Time-Based Blind SQL Injection in Article Pricing Module — openstamanagerCWE-89 9.1AICriticalAI2026-02-06
CVE-2026-24417 OpenSTAManager has a Time-Based Blind SQL Injection with Amplified Denial of Service — openstamanagerCWE-89 9.1AICriticalAI2026-02-06
CVE-2026-24418 OpenSTAManager has an SQL Injection vulnerability in the Scadenzario bulk operations module — openstamanagerCWE-89 8.1AIHighAI2026-02-06
CVE-2026-24419 OpenSTAManager has an SQL Injection in the Prima Nota module — openstamanagerCWE-89 9.1AICriticalAI2026-02-06
CVE-2025-69215 OpenSTAManager has an SQL Injection in the Stampe Module — openstamanagerCWE-89 8.8AIHighAI2026-02-04
CVE-2025-69213 OpenSTAManager has a SQL Injection in ajax_complete.php (get_sedi endpoint) — openstamanagerCWE-89 8.8AIHighAI2026-02-04
CVE-2025-65103 OpenSTAManager has an authenticated SQL Injection vulnerability in API via 'display' parameter — openstamanagerCWE-89 8.8 High2025-11-19

This page lists every published CVE security advisory associated with devcode-it. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.