CVE-2025-6755

CVE-2025-6755 concerns the WordPress plugin “Game Users Share Buttons” where all versions up to 1.3.0 are vulnerable to arbitrary file deletion due to insufficient file path validation in ajaxDeleteTheme(). An attacker with Subscriber-level privileges can supply crafted values for the themeNameId...

Online Hotel Reservation System demo.php File SQL Injection Vulnerability

Online Hotel Reservation System is a simple online hotel reservation system. Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Start in the file /reservation/demo.php. The...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /html/matPat/adicionartipoSaida.php, no details of the vulnerability are provided at this time...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Insira o novo tipo in the file /html/matPat/adicionartipoEntrada.php No detailed...

External Control of File Name or Path

Overview ServiceStack is a simple and fast alternative to WCF, MVC and Web API in one cohesive framework for all your services and web apps. Affected versions of this package are vulnerable to External Control of File Name or Path in the url parameter to the GetErrorResponse method. An attacker c...

External Control of File Name or Path

Overview ServiceStack.Text is a set of JSON, JSV and CSV text serializers Affected versions of this package are vulnerable to External Control of File Name or Path in the url parameter to the GetErrorResponse method. An attacker can relay NTLM credentials in the context of the current user by...

PT-2025-26822 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms Pro plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the delete entry files function, allowing unauthenticated attackers to delete arbitrary...

SourceCodester Best Salon Management System 注入漏洞

SourceCodester Best Salon Management System is an open source salon management system from SourceCodester. SourceCodester Best Salon Management System version 1.0 suffers from an injection vulnerability that stems from improper handling of the parameters fromdate/todate in the file...

UBUNTU-CVE-2025-6545

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

Path Traversal

pythona2a is vulnerable to Path traversal. The vulnerability is due to improper validation or sanitization of user-supplied file paths in the createworkflow function, allows an attacker to access arbitrary files on the server by crafting malicious input that traverses directories...

PHPGurukul Art Gallery Management System 注入漏洞

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in the parameter editid in the file /admin/edit-art-medium-detail.php. A...

CVE-2025-6321

A vulnerability has been found in PHPGurukul Pre-School Enrollment System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/add-subadmin.php. The manipulation of the argument sadminusername leads to sql injection. The attack can be...

CVE-2025-45890

Directory Traversal vulnerability in novel plus before v.5.1.0 allows a remote attacker to execute arbitrary code via the filePath parameter...

CVE-2025-45890

Summary: CVE-2025-45890 affects novel plus prior to 5.1.0, enabling a remote attacker to trigger directory traversal and arbitrary code execution via the filePath parameter. The vulnerability is supported by multiple feeds (NVD/Red Hat/CIRCL) with the same vulnerable vector and indicates a high-s...

novel-plus 安全漏洞

novel-plus is a novel reading software by xxy individual developer. A security vulnerability exists in novel-plus versions prior to 5.1.0, which stems from an unvalidated filePath parameter that could lead to a directory traversal attack...

Denial Of Service (DoS)

Salt is vulnerable to Denial Of Service DoS. The vulnerability is due to unsanitized input handling due to the pubret method using an unvalidated jid value to construct a file path, which can be exploited to cause worker process hangs through crafted read operations...

Directory Traversal

Salt is vulnerable to a Directory traversal. The vulnerability is due to improper validation of file paths during cache creation, allowing attackers to write or overwrite files outside the intended cache directory...

CVE-2025-6065

The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which c...

PT-2025-25482 · WordPress · Image Resizer On The Fly

Name of the Vulnerable Software and Affected Versions: Image Resizer On The Fly plugin for WordPress versions up to, and including, 1.1 Description: The issue is related to insufficient file path validation in the 'delete' task, allowing unauthenticated attackers to delete arbitrary files on the...

RICOH Streamline NX V3 PC Client 安全漏洞

RICOH Streamline NX V3 PC Client is a complete solution for large-scale, integrated management of devices from Ricoh RICOH Japan. A security vulnerability exists in RICOH Streamline NX V3 PC Client versions 3.5.0 through 3.242.0, which originates from a file name or path external control, and cou...