CVE-2025-14908

CVE-2025-14908 affects JeecgBoot up to 3.9.0, with the vulnerability located in jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the Multi-Tenant Management Module. Improper authentication results from manipulating the a...

FastAdmin SQL注入漏洞

FastAdmin is a set of web backend development framework based on ThinkPHP and Bootstrap by Karson's personal developer. FastAdmin 1.7.0.20250506 and earlier versions exist SQL injection vulnerability, the vulnerability stems from the application/common/controller/Backend.php file...

JeecgBoot 安全漏洞

JeecgBoot is a Java low-code platform for enterprise web applications from China National Torch Jeecg. A security vulnerability exists in JeecgBoot 3.9.0 and earlier versions, which originates from a vulnerability in the file...

PT-2025-52398

Name of the Vulnerable Software and Affected Versions JeecgBoot versions up to 3.9.0 Description A security flaw exists in JeecgBoot that allows for improper authentication. The issue is related to the manipulation of the ID argument within an unknown function in the file...

PT-2025-52509

Name of the Vulnerable Software and Affected Versions FastAdmin versions prior to 1.7.0.20250506 Description A flaw exists in FastAdmin up to version 1.7.0.20250506. The issue is located within the selectpage function of the Backend.php file in the Backend Controller component. Manipulation of th...

PT-2026-26121

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains an issue where the admin tagset is not released if initialization fails during NVMe/FC controller creation. Specifically, the nvme fabrics component creates an...

CVE-2023-53914

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

CVE-2023-53923

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with fu...

CVE-2019-25229

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2019-25229 Kentico Xperience <= 12.0.29 MVC Forms Unrestricted File Upload

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2019-25229

CVE-2019-25229 concerns Kentico Xperience MVC Forms Unrestricted File Upload. Multiple connected sources describe an issue where authenticated users with only the 'Read data' permission can upload arbitrary file types through the MVC form file uploader components, by manipulating file names, enab...

usb: gadget: udc: fix use-after-free in usb_gadget_state_work

...

CVE-2025-14700

An input neutralization vulnerability in the Webhook Template component of Crafty Controller allows a remote, authenticated attacker to perform remote code execution via Server Side Template Injection...

CVE-2025-14701

An input neutralization vulnerability in the Server MOTD component of Crafty Controller allows a remote, unauthenticated attacker to perform stored XSS via server MOTD modification...

EUVD-2023-60208

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with fu...

EUVD-2023-60216

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

PT-2025-52295

An unrestricted file upload vulnerability in Kentico Xperience allows authenticated users with 'Read data' permissions to upload arbitrary file types via MVC form file uploader components. Attackers can manipulate file names and upload potentially malicious files to the system, enabling...

CVE-2023-53914

UliCMS 2023.1 contains an authentication bypass vulnerability that allows unauthenticated attackers to create admin users through mass assignment in the UserController. Attackers can send a crafted POST request to the admin index.php endpoint with specific parameters to generate an administrative...

CVE-2023-53923 UliCMS 2023.1 Privilege Escalation via Unauthenticated Admin Account Creation

UliCMS 2023.1 contains a privilege escalation vulnerability that allows unauthenticated attackers to create administrative accounts through the UserController endpoint. Attackers can send a crafted POST request to /dist/admin/index.php with specific parameters to generate a new admin user with fu...

CVE-2023-53923

UliCMS 2023.1 is affected by a privilege‑escalation vulnerability in the UserController endpoint. An unauthenticated attacker can issue a crafted POST to /dist/admin/index.php to create a new admin account with full system access. Documents identify the vulnerable component and impact (unrestrict...