CVE-2025-0452

eosphoros-ai/DB-GPT version latest is vulnerable to arbitrary file deletion on Windows systems via the '/v1/agent/hub/update' endpoint. The application fails to properly filter the '' character, which is commonly used as a separator in Windows paths. This vulnerability allows attackers to delete...

CVE-2025-2606

CVE-2025-2606 affects SourceCodester Best Church Management Software 1.0. The vulnerability arises from improper handling of the photo/photo1 parameter in /admin/app/soulwinning_crud.php, enabling unrestricted file upload. It is possible to trigger remotely, and the exploit has been disclosed pub...

CVE-2024-7631 Openshift-console: openshift console: path traversal

A flaw was found in the OpenShift Console, an endpoint for plugins to serve resources in multiple languages: /locales/resources.json. This endpoint's lng and ns parameters are used to construct a filepath in pkg/plugins/handlers unsafely.goL112 Because of this unsafe filepath construction, an...

CVE-2025-2386

CVE-2025-2386 affects PHPGurukul Local Services Search Engine Management System v1.0. The vulnerability is a SQL injection caused by manipulation of the location parameter in serviceman-search.php, reported as exploitable remotely (network). The linked sources confirm the issue but do not provide...

CVE-2025-2120

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It ...

[SECURITY] Fedora 42 Update: libxml2-2.12.10-1.fc42

This library allows to manipulate XML files. It includes support to read, modify and write XML and HTML files. There is DTDs support this includes parsing and validation even with complex DtDs, either at parse time or later once the document has been modified. The output can be a simple SAX strea...

CVE-2025-27397

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0. Affected devices do not properly limit user controlled paths to which logs are written and from where they are read. This could allow an authenticated highly-privileged remote attacker to read and write...

LoveCards 代码问题漏洞

LoveCards is an open source confession wall program by LoveCards. A code issue vulnerability exists in LoveCards 2.3.2 and earlier versions, which stems from the fact that incorrect manipulation of the parameter file can lead to unlimited uploads, potentially leading to remote attacks...

CVE-2025-2211 aitangbao springboot-manager add cross site scripting

A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit h...

Duplicate Advisory: Keras arbitrary code execution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48g7-3x6r-xfhp. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually...

GHSA-5478-V2W6-C6Q7 Duplicate Advisory: Keras arbitrary code execution vulnerability

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-48g7-3x6r-xfhp. This link is maintained to preserve external references. Original Description The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually...

PYSEC-2025-122

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

CVE-2025-1550 Arbitrary Code Execution via Crafted Keras Config for Model Loading

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

CVE-2025-1550

The Keras Model.loadmodel function permits arbitrary code execution, even with safemode=True, through a manually constructed, malicious .keras archive. By altering the config.json file within the archive, an attacker can specify arbitrary Python modules and functions, along with their arguments, ...

zzskzy Warehouse Refinement Management System 安全漏洞

zzskzy Warehouse Refinement Management System is a Warehouse Refinement Management System from Zhengzhou Time and Space zzskzy Company in China. A security vulnerability exists in zzskzy Warehouse Refinement Management System version 1.3, which stems from an incorrect manipulation of the paramete...

CVE-2025-2147

CVE-2025-2147 affects Beijing Zhide Intelligent Internet Technology Modern Farm Digital Integrated Management System 1.0. The description indicates that an unknown function can be manipulated to make files or directories accessible, with a remote attacker able to exploit the issue across multiple...

CVE-2025-2133

A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-2133 ftcms edit cross site scripting

A vulnerability classified as problematic was found in ftcms 2.1. Affected by this vulnerability is an unknown functionality of the file /admin/index.php/news/edit. The manipulation of the argument title leads to cross site scripting. The attack can be launched remotely. The exploit has been...

CVE-2025-2120

A vulnerability was found in Thinkware Car Dashcam F800 Pro up to 20250226. It has been rated as problematic. This issue affects some unknown processing of the file /tmp/hostapd.conf of the component Configuration File Handler. The manipulation leads to cleartext storage in a file or on disk. It ...

zzskzy Warehouse Refinement Management System 代码问题漏洞

zzskzy Warehouse Refinement Management System is a Warehouse Refinement Management System from Zhengzhou Time and Space zzskzy Company in China. A code issue vulnerability exists in zzskzy Warehouse Refinement Management System version 3.1, which stems from an incorrect manipulation of the...