333 matches found
PT-2025-36969
Name of the Vulnerable Software and Affected Versions: UTT 1200GW versions prior to 3.0.0-170831 Description: A security issue has been identified in UTT 1200GW. Manipulation of the loadBalanceNameOld argument in the sub 4B48F8 function within the /goform/formApLbConfig file can lead to a buffer...
CVE-2025-9264 Xuxueli xxl-job Jobs JobInfoController.java remove resource injection
A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource...
Linux Distros Unpatched Vulnerability : CVE-2025-4096
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Heap buffer overflow in HTML in Google Chrome prior to 136.0.7103.59 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page...
Linux Distros Unpatched Vulnerability : CVE-2021-35590
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 7.4.33 and prior, 7.5.23 and...
CVE-2025-7579 chinese-poetry server.js redos
A vulnerability was found in chinese-poetry 0.1. It has been rated as problematic. This issue affects some unknown processing of the file rank/server.js. The manipulation leads to inefficient regular expression complexity. The attack may be initiated remotely. The exploit has been disclosed to th...
PT-2025-28107 · Huawei +1 · Harmonyos
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: There is a risk of stack overflow when vector images are parsed during file preview. The impact of successful exploitation of this issue may affect the file preview function. Recommendations...
PT-2025-27781 · Apache · Apache Httpd
Name of the Vulnerable Software and Affected Versions: Apache httpd affected versions not specified Description: The configuration of the Apache httpd webserver is partly insecure due to unnecessary activated modules. These modules pose a risk to the webserver, enabling directory listing...
PT-2025-27503 · Totolink · Totolink A3002Ru
Name of the Vulnerable Software and Affected Versions: TOTOLINK A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability has been found in the HTTP POST Request Handler component of the TOTOLINK A3002RU router. The issue affects an unknown function of the file...
Apache NuttX Buffer Overflow Vulnerability (CNVD-2025-15708)
Apache NuttX is a real-time embedded operating system from the Apache Foundation. A buffer overflow vulnerability exists in Apache NuttX versions prior to 6.22 through 12.9.0, which stems from an application boundary error when handling untrusted input and can be exploited by an attacker to cause...
PT-2025-26574 · Htacg +1 · Tidy-Html5 +1
Name of the Vulnerable Software and Affected Versions: HTACG tidy-html5 version 5.8.0 Description: A vulnerability was found in HTACG tidy-html5, affecting the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to a reachable assertion. Attacking locally is a...
PT-2025-26235
Name of the Vulnerable Software and Affected Versions WebAssembly wabt versions 1.0.37 and earlier Description A vulnerability was found in the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to a reachable assertion. Local access is required to approach this...
PT-2025-23643 · Unknown · Quequnlong Shiyi-Blog
Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A critical issue was found in the unknown code of the file /app/sys/article/optimize. The manipulation of the url argument leads to server-side request forgery. The attack can be initiat...
PT-2025-23434 · Unknown · Chaitak-Gorai Blogbook
Name of the Vulnerable Software and Affected Versions: chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513 Description: A vulnerability has been found in chaitak-gorai Blogbook, classified as problematic. It affects an unknown functionality of the file /register script.php. The...
PT-2025-23346 · Campcodes · Campcodes Online Hospital Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Online Hospital Management System version 1.0 Description: A critical issue was found in the system, affecting some unknown functionality of the file /doctor/add-patient.php. The manipulation of the patname argument leads to SQL...
PT-2025-23085
Name of the Vulnerable Software and Affected Versions Apache Commons BeanUtils versions 1.x before 1.11.0 Apache Commons BeanUtils versions 2.x before 2.0.0-M2 Description The issue is related to improper access control in Apache Commons BeanUtils, where an attacker can access the enum's class...
CVE-2025-5198
CVE-2025-5198 describes a Cross-site Scripting (XSS) flaw in Stackrox where the vulnerability can be triggered if script code is placed in a small subset of table cells, specifically when contained in the name of a Kubernetes “Role” object applied to a secured cluster. The exploit would require c...
PT-2025-23004 · Campcodes · Campcodes Online Hospital Management System
Name of the Vulnerable Software and Affected Versions: Campcodes Online Hospital Management System version 1.0 Description: A critical issue was discovered, affecting the file /hms/admin/query-details.php. The manipulation of the adminremark argument leads to SQL injection. This issue can be...
CVE-2024-6979
Amin Aliakbari, member of the AXIS OS Bug Bounty Program, has found a broken access control which would lead to less-privileged operator- and/or viewer accounts having more privileges than designed. The risk of exploitation is very low as it requires complex steps to execute, including knowing of...
CVE-2024-44809
A remote code execution RCE vulnerability exists in the Pi Camera project, version 1.0, maintained by RECANTHA. The issue arises from improper sanitization of user input passed to the "position" GET parameter in the tilt.php script. An attacker can exploit this by sending crafted input data that...
PT-2025-22962
Name of the Vulnerable Software and Affected Versions vBulletin affected versions not specified Description The issue allows attackers to execute arbitrary PHP code by abusing Template Conditionals in the template engine. Attackers can craft template code in an alternative PHP function invocation...