19145 matches found
CVE-2025-65840
PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...
Security Bulletin: Multiple vulnerabilities in IBM Cognos Controller
Summary Multiple vulnerabilities were addressed in IBM Cognos Controller 11.0.1 FP7 Vulnerability Details CVEID:CVE-2025-50106 DESCRIPTION: Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions th...
EUVD-2025-200056
Malicious code in kubernetes-controller-tools npm...
Malicious code in kubernetes-controller-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42961dff6a9f6fd9e6dce1e6906ba8e15d64622a3856a65dc61ec9fd6974252b The package kubernetes-controller-tools was found to contain malicious code...
MAL-2025-191513 Malicious code in kubernetes-controller-tools (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 42961dff6a9f6fd9e6dce1e6906ba8e15d64622a3856a65dc61ec9fd6974252b The package kubernetes-controller-tools was found to contain malicious code...
CVE-2025-66384
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmpname...
CVE-2025-13809
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13783
A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...
EUVD-2025-199956
A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate the attack remotely. The explo...
CVE-2025-13810
A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing a manipulation results in path traversal. It is possible to initiate the attack remotely. The...
CVE-2025-13809 orionsec orion-ops SSH Connection MachineInfoController.java server-side request forgery
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
EUVD-2025-199957
A vulnerability has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this issue is some unknown functionality of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineInfoController.java of the component SSH Connection...
CVE-2025-13809
Summary: CVE-2025-13809 affects orionsec orion-ops (SSH Connection Handler) via the MachineInfoController, where manipulating arguments host/sshPort/username/password/authType can trigger server-side request forgery. The vulnerability is described across multiple sources as exploitable from remot...
CVE-2025-13808
A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This...
CVE-2025-13808
A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This...
CVE-2025-13807
A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...
CVE-2025-13808 orionsec orion-ops User Profile UserController.java update improper authorization
A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This...
CVE-2025-13808 orionsec orion-ops User Profile UserController.java update improper authorization
A flaw has been found in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected by this vulnerability is the function update of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/UserController.java of the component User Profile Handler. This...
CVE-2025-13807 orionsec orion-ops API MachineKeyController.java MachineKeyController improper authorization
A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...
CVE-2025-13782
A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The manipulation of the argument ids leads to sql...