CVE-2025-13574

A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit...

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-63952

A Cross-Site Request Forgery CSRF in the /mwapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

jshERP 安全漏洞

jshERP Huaxia ERP is a homegrown ERP system by the individual developer of China's Ji Sheng Hua. A security vulnerability exists in jshERP version 2.3.1, which originates from the user/addUser endpoint being susceptible to Fastjson deserialization attack...

Linux Distros Unpatched Vulnerability : CVE-2022-50559

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: fix memleak on platformdeviceadd fails No error handling is performed when...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

EUVD-2025-198969

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-13574

A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit...

CVE-2025-13574 code-projects Online Bidding System addcategory.php categoryadd unrestricted upload

A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit...

CVE-2025-63953

CVE-2025-63953 describes a Cross-Site Request Forgery (CSRF) in Magewell Pro Convert v1.2.213 affecting the /usapi?method=add-user endpoint. The vulnerability allows an attacker to create user accounts via a crafted GET request. Documents consistently identify the affected software/version and th...

CVE-2025-64048

YCCMS 3.4 contains a stored cross-site scripting XSS vulnerability in the article management functionality. The vulnerability exists in the add and getPost functions within the ArticleAction.class.php file due to improper neutralization of user input in the article title field...

PT-2025-47943

Name of the Vulnerable Software and Affected Versions Magewell Pro Convert version 1.2.213 Description A Cross-Site Request Forgery CSRF exists in the /mwapi?method=add-user component. This allows attackers to create accounts by sending a specially crafted GET request. The API endpoint...

Code-Projects Online Bidding System 代码问题漏洞

Code-Projects Online Bidding System is a Code-Projects open source online bidding system. Code-Projects Online Bidding System version 1.0 has a code issue vulnerability, the vulnerability stems from the file /administrator/addcategory.php function categoryadd to the parameter catimage incorrect...

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

PT-2025-47868

A weakness has been identified in code-projects Online Bidding System 1.0. This issue affects the function categoryadd of the file /administrator/addcategory.php. This manipulation of the argument catimage causes unrestricted upload. The attack is possible to be carried out remotely. The exploit...

CVE-2025-63953

A Cross-Site Request Forgery CSRF in the /usapi?method=add-user component of Magewell Pro Convert v1.2.213 allows attackers to arbitrarily create accounts via a crafted GET request...

CVE-2025-63952

CVE-2025-63952 describes a CSRF vulnerability in Magewell Pro Convert v1.2.213, specifically in the /mwapi?method=add-user endpoint, which can allow an attacker to create accounts via a crafted GET request. Multiple connected sources (Red Hat, CNNVD, CVE lists, and PT Security) confirm the issue ...

CVE-2025-64048

Affected software/component: YCCMS 3.4, specifically the article management functionality in ArticleAction.class.php. Vulnerability: Stored cross-site scripting (XSS) in the article title input. The root cause is improper neutralization/validation of user-supplied data in the add() and getPost() ...