CVE-2025-13784 yungifez Skuul School Management System SVG File edit cross site scripting

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

CVE-2025-13784

CVE-2025-13784 affects yungifez Skuul School Management System up to version 2.6.5. The vulnerability lies in the SVG File Handler component, specifically in the /dashboard/schools/1/edit path, where manipulation enables cross-site scripting. The issue is exploitable remotely and exploits have be...

CVE-2025-13784 yungifez Skuul School Management System SVG File edit cross site scripting

A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely...

PT-2025-48389

Name of the Vulnerable Software and Affected Versions ZenTao versions up to 21.7.6-8564 Description A flaw exists in ZenTao related to improper privilege management. The issue is located in the file::delete function within the module/file/control.php file of the File Handler component. Manipulati...

JLSEC-2025-268 A vulnerability classified as problematic was found in LibTIFF 4.3.0

A vulnerability classified as problematic was found in LibTIFF 4.3.0. Affected by this vulnerability is the TIFF File Handler of tiff2ps. Opening a malicious file leads to a denial of service. The attack can be launched remotely but requires user interaction. The exploit has been disclosed to the...

EUVD-2025-197911

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the legacy chunked upload mechanism in all versions up to, and including, 2.9.21.1. This is due to the extension blacklist not including .phar files, which can be uploaded through...

CVE-2025-13262

A vulnerability was determined in lsfusion platform up to 6.1. Affected by this vulnerability is the function UploadFileRequestHandler of the file platform/web-client/src/main/java/lsfusion/http/controller/file/UploadFileRequestHandler.java. Executing manipulation of the argument sid can lead to...

CVE-2025-13261

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...

CVE-2025-13261

A vulnerability was found in lsfusion platform up to 6.1. Affected is the function DownloadFileRequestHandler of the file web-client/src/main/java/lsfusion/http/controller/file/DownloadFileRequestHandler.java. Performing manipulation of the argument Version results in path traversal. Remote...

lsFusion 路径遍历漏洞

lsFusion is an information system development platform based on a declarative open source language from lsfusion Open Source. A path traversal vulnerability exists in lsfusion 6.1 and earlier versions, which stems from an incorrect operation of the parameter Version in the file...

PT-2025-47109

Name of the Vulnerable Software and Affected Versions lsfusion platform versions prior to 6.1 Description A flaw exists in the lsfusion platform that allows for path traversal. This issue affects the DownloadFileRequestHandler function located in the file...

CLSA-2025-1763033515 qt5-qt3d: Fix of CVE-2025-3159

CVE-2025-3159: fix heap-based buffer overflow in Assimp::ASE::Parser::ParseLV4MeshBonesVertices function of ASE File Handler...

Cross-site Scripting (XSS)

novosga/novosga is vulnerable to Cross-site Scripting XSS. The vulnerability is due to improper sanitization of user-supplied input in the logoNavbar/logoLogin parameters within the /admin component’s SVG File Handler, which allows an attacker to inject and execute arbitrary web scripts remotely...

CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...

CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...

DEBIAN-CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...

DEBIAN-CVE-2025-12204

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...

CVE-2025-12204

A security vulnerability has been detected in Kamailio 5.5. Impacted is the function rvedestroy of the file src/core/rvalue.c of the component Configuration File Handler. The manipulation leads to heap-based buffer overflow. The attack must be carried out locally. The exploit has been disclosed...

UBUNTU-CVE-2025-12205

A vulnerability was detected in Kamailio 5.5. The affected element is the function srpushyystate of the file src/core/cfg.lex of the component Configuration File Handler. The manipulation results in use after free. The attack must be initiated from a local position. The exploit is now public and...