CVE-2025-5651

CVE-2025-5651 affects code-projects Traffic Offense Reporting System 1.0. The vulnerability is caused by cross-site scripting in saveuser.php due to improper handling of input parameters (user_id/username/email/name/position), enabling injection of arbitrary scripts. Reports across multiple sourc...

CVE-2025-5610

CodeAstro Real Estate Management System 1.0 contains a SQL injection vulnerability in the /submitpropertydelete.php file, caused by unsafely manipulating the ID parameter. The issue is exploitable remotely, with exploitation details disclosed publicly. Multiple sources corroborate the existence a...

CVE-2025-44115

A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config=edit=core=title. The manipulation of the value of title leads to cross-site scripting...

PT-2025-23735 · Unknown · Phpgurukul Rail Pass Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Rail Pass Management System version 1.0 Description: A critical issue has been found in the PHPGurukul Rail Pass Management System, affecting some unknown functionality of the file /admin/pass-bwdates-reports-details.php. The...

CVE-2025-5513 quequnlong shiyi-blog add cross site scripting

A vulnerability has been found in quequnlong shiyi-blog up to 1.2.1 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /dev-api/api/comment/add. The manipulation of the argument content leads to cross site scripting. The attack can be launched...

BIT-DRUPAL-2024-11942 Drupal core - Moderately critical - Improper error handling - SA-CORE-2024-002

A vulnerability in Drupal Core allows File Manipulation.This issue affects Drupal Core: from 10.0.0 before 10.2.10...

CVE-2025-5498

A vulnerability was found in slackero phpwcms up to 1.9.45/1.10.8. It has been rated as critical. This issue affects the function filegetcontents/isfile of the file include/inclib/content/cnt21.readform.inc.php of the component Custom Source Tab. The manipulation of the argument cpagecustom leads...

The vulnerability of the do_update_vps() function in the Avast Business Antivirus for Linux antivirus tool allows attackers to perform spoofing attacks.

The vulnerability of the doupdatevps function in the Avast Business Antivirus for Linux antivirus tool is related to the use of files and directories accessible from external sources. Exploiting this vulnerability could allow attackers to carry out spoofing attacks by manipulating update files...

PT-2025-23613

Name of the Vulnerable Software and Affected Versions slackero phpwcms versions 1.9.45 and earlier, slackero phpwcms versions 1.10.8 and earlier Description A critical issue affects the function file get contents/is file of the file include/inc lib/content/cnt21.readform.inc.php in the Custom...

CVE-2025-1750

An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llamaindex version v0.12.19. This vulnerability allows an attacker to manipulate the refdocid parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code...

CVE-2025-1750

CVE-2025-1750 affects run-llama/llama_index v0.12.19, via an SQL injection in the DuckDBVectorStore.delete path that lets an attacker manipulate ref_doc_id to read/write arbitrary server files and potentially achieve remote code execution (RCE). Public analyses corroborate the risk and point to t...

CVE-2025-1750 SQL Injection in run-llama/llama_index

An SQL injection vulnerability exists in the delete function of DuckDBVectorStore in run-llama/llamaindex version v0.12.19. This vulnerability allows an attacker to manipulate the refdocid parameter, enabling them to read and write arbitrary files on the server, potentially leading to remote code...

CVE-2024-40112

A Local File Inclusion LFI vulnerability exists in Sitecom WLX-2006 Wall Mount Range Extender N300 v1.5 and before, which allows an attacker to manipulate the "language" cookie to include arbitrary files from the server. This vulnerability can be exploited to disclose sensitive information...

CVE-2025-44115

CVE-2025-44115 affects Cotonti Siena v0.9.25. The vulnerability is a cross-site scripting (XSS) flaw in the admin endpoint at /admin.php?m=config&n=edit&o=core&p=title where the value of the title parameter can be manipulated to inject script. According to connected sources, exploitation requires...

CVE-2025-44115

A vulnerability has been found in Cotonti Siena v0.9.25. Affected by this vulnerability is the file /admin.php?m=config&n=edit&o=core&p=title. The manipulation of the value of title leads to cross-site scripting...

CVE-2025-5161

A vulnerability classified as problematic was found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this vulnerability is the function operationDailyOut of the file /safeEvent/download. The manipulation of the argument filename leads to path traversal. The attack can be launched remotel...

CVE-2025-5205

A vulnerability classified as critical has been found in 1000 Projects Daily College Class Work Report Book 1.0. Affected is an unknown function of the file /dcwrentry.php. The manipulation of the argument Date leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-5162 H3C SecCenter SMP-E1114P02 importFile unrestricted upload

A vulnerability, which was classified as critical, has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected by this issue is some unknown functionality of the file /safeEvent/importFile/. The manipulation of the argument logGeneralFile/logGeneralFile2 leads to unrestricted upload. Th...

CVE-2025-5160 H3C SecCenter SMP-E1114P02 download path traversal

A vulnerability classified as problematic has been found in H3C SecCenter SMP-E1114P02 up to 20250513. Affected is the function Download of the file /packetCaptureStrategy/download. The manipulation of the argument Name leads to path traversal. It is possible to launch the attack remotely. The...

PT-2025-22869 · H3C · H3C Seccenter Smp-E1114P02

Name of the Vulnerable Software and Affected Versions: H3C SecCenter SMP-E1114P02 up to 20250513 Description: A critical issue affects the function fileContent of the file /cfgFile/fileContent. The manipulation of the argument filePath leads to path traversal. This issue can be exploited remotely...