4647 matches found
CVE-2025-7101
A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/installok.php of the component Configuration File Handler. The manipulation of the argument dbpass leads to code injection. It is possible to initiate the atta...
CVE-2025-7101 BoyunCMS Configuration File install_ok.php code injection
A vulnerability was found in BoyunCMS up to 1.4.20. It has been classified as critical. This affects an unknown part of the file /install/installok.php of the component Configuration File Handler. The manipulation of the argument dbpass leads to code injection. It is possible to initiate the atta...
CVE-2025-7101
Summary of CVE-2025-7101 (Mode C): A vulnerability in BoyunCMS up to version 1.4.20 affects the Configuration File Handler, specifically an unknown part of the file /install/install_ok.php. Manipulation of the argument db_pass leads to code injection. The vulnerability is remotely exploitable, an...
Parallels Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Client. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the AppServer...
PT-2025-28096 · Boyuncms · Boyuncms
Name of the Vulnerable Software and Affected Versions: BoyunCMS versions up to 1.4.20 Description: A critical issue affects the Configuration File Handler component, specifically an unknown part of the /install/install ok.php file. The manipulation of the db pass argument leads to code injection...
Hugging Face Transformers 安全漏洞
Hugging Face Transformers is Hugging Face's open source advanced natural language processing for Jax, PyTorch and TensorFlow. A security vulnerability exists in Hugging Face Transformers version 4.49.0, which stems from insufficient regular expression complexity in the getconfigurationfile functi...
The vulnerability of the OAM service of the Nokia Single RAN network management platform allows a attacker to execute arbitrary commands.
The vulnerability of the OAM service of the Nokia Single RAN network management platform lies in the lack of measures taken to clean data at the management level during the processing of the COMAconfig.xml file. Exploiting this vulnerability allows an attacker to execute arbitrary commands...
CVE-2025-40723
Stored Cross-Site Scripting XSS vulnerability in versions prior to Flatboard 3.2.2 of Flatboard Pro, consisting of a stored XSS due to lack of proper validation of user input, through the footertext and announcement parameters in config.php...
PT-2025-27543 · Laravel · Laravel
Name of the Vulnerable Software and Affected Versions: Monero Project's Laravel-based forum software affected versions not specified Description: A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the...
CVE-2025-6560
Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the devic...
CVE-2025-6560 Sapido Wireless Router - Exposure of Sensitive Information
Multiple wireless router models from Sapido have an Exposure of Sensitive Information vulnerability, allowing unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out of support; replacing the devic...
PT-2025-26685 · Sapido · Sapido Wireless Router
Name of the Vulnerable Software and Affected Versions: Sapido Wireless Router affected versions not specified Description: The issue allows unauthenticated remote attackers to directly access a system configuration file and obtain plaintext administrator credentials. The affected models are out o...
CVE-2025-6513
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it...
CVE-2025-6513
CVE-2025-6513 affects BRAIN2: a vulnerability where standard Windows users can access and decrypt the database-access configuration file. Technical details across connected sources indicate the issue stems from insufficient protection of the configuration file storing database credentials, enabli...
CVE-2025-6513 BRAIN2 Configuration file for database access not sufficiently secured
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it...
CVE-2025-6513 BRAIN2 Configuration file for database access not sufficiently secured
Standard Windows users can access the configuration file for database access of the BRAIN2 application and decrypt it...
PT-2025-26594 · Brain2 · Brain2
Name of the Vulnerable Software and Affected Versions: BRAIN2 versions 0.0 through 3.05 Description: The configuration file for database access of the BRAIN2 application is not sufficiently secured, allowing standard Windows users to access and decrypt it. This issue is related to the storage of...
CVE-2025-33117
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...
CVE-2025-33117 IBM QRadar SIEM command execution
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands...
IBM QRadar SIEM 安全漏洞
IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...