orion-ops 安全漏洞

orion-ops is a one-stop automated operation and maintenance and automated deployment platform by Jiahang Li, an individual developer. A security vulnerability exists in orion-ops, which stems from the misuse of the parameters host/sshPort/username/password/authType in the file...

PT-2025-48414

A vulnerability was found in jsnjfz WebStack-Guns 1.0. This affects the function renderPicture of the file src/main/java/com/jsnjfz/manage/modular/system/controller/KaptchaController.java. Performing manipulation results in path traversal. It is possible to initiate the attack remotely. The explo...

WebStack-Guns 路径遍历漏洞

WebStack-Guns is Dana Keeling individual developer of an open source web site navigation website project , backend based on Guns and Springboot. WebStack-Guns 1.0 version of a path traversal vulnerability , the vulnerability stems from the file KaptchaController.java function renderPicture...

orion-ops 安全漏洞

orion-ops is a one-stop automated O&M and automated deployment platform by the individual developer, Jiahang Li. A security vulnerability exists in orion-ops, which stems from the incorrect manipulation of the parameter ID in the file UserController.java, which could lead to improper authorizatio...

CVE-2025-65840

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...

CVE-2025-65840

PublicCMS V5.202506.b is vulnerable to Cross Site Request Forgery CSRF in the CkEditorAdminController...

PT-2025-48411

A vulnerability was detected in orionsec orion-ops up to 5925824997a3109651bbde07460958a7be249ed1. Affected is the function MachineKeyController of the file orion-ops-api/orion-ops-web/src/main/java/cn/orionsec/ops/controller/MachineKeyController.java of the component API. The manipulation result...

Portworx Half-Blind SSRF in kube-controller-manager

CVSS Rating: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:N/A:N - Medium 5.8 A half-blind Server Side Request Forgery SSRF vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This was patched for other in-tree StorageClasses GlusterFS, Quobyte, StorageOS, and...

EUVD-2025-199924

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

EUVD-2025-199916

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The manipulation of the argument ids leads to sql...

CVE-2025-13783

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

CVE-2025-13783 taosir WTCMS CommentadminController CommentadminController.class.php delete sql injection

A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument...

CVE-2025-13783

CVE-2025-13783 affects taosir WTCMS (CommentadminController) via SQL injection in the check/uncheck/delete path of application/Comment/Controller/CommentadminController.class.php. A remote attacker could exploit by manipulating the ids argument; exploits have been publicly released. Affected vers...

CVE-2025-13782 taosir WTCMS SlideController SlideController.class.php delete sql injection

A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The manipulation of the argument ids leads to sql...

CVE-2025-13782

Affects taosir WTCMS (SlideController component). The delete function in application/Admin/Controller/SlideController.class.php accepts an ids parameter and can be abused to perform SQL injection. This is exploitable remotely; public exploit is referenced. Affected versions are prior to 01a5f68a3...

PT-2025-48385

Name of the Vulnerable Software and Affected Versions taosir WTCMS versions up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 Description A security flaw exists in taosir WTCMS. The issue affects the check/uncheck/delete function within the...

wtcms SQL注入漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Individual Developer. An SQL injection vulnerability exists in wtcms, which stems from incorrect manipulation of the parameter ids in the file application/Admin/Controller/SlideController.class.php, which could lead to SQL injectio...

PT-2025-48382

Name of the Vulnerable Software and Affected Versions taosir WTCMS versions prior to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665 Description A flaw exists in taosir WTCMS related to the delete function within the SlideController.class.php file of the SlideController component. Manipulation of the id...

wtcms SQL注入漏洞

wtcms is a ThinkPHP-based content management system CMS by Taosir Individual Developer. An SQL injection vulnerability exists in wtcms, which stems from incorrect manipulation of the parameter ids in the file application/Comment/Controller/CommentadminController.class.php, which could lead to SQL...

CVE-2025-3261

ThingsBoard in versions prior to v4.2.1 allows an authenticated user to upload malicious SVG images via the "Image Gallery", leading to a Stored Cross-Site Scripting XSS vulnerability. The exploit can be triggered when any user accesses the public API endpoint of the malicious SVG images, or if t...