CVE-2025-12290

CVE-2025-12290 affects Sui Shang Information Technology Suishang Enterprise-Level B2B2C Multi-User Mall System 1.0. The vulnerability is a cross-site scripting in the file /i/359 created by manipulating the keywords argument. It is exploitable remotely, with exploitation details publicly disclose...

CVE-2025-12266 Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection

A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The...

Suishang Enterprise-Level B2B2C Multi-User Mall System 安全漏洞

Suishang Enterprise-Level B2B2C Multi-User Mall System is an e-commerce system software from China Suishang Company. A security vulnerability exists in Suishang Enterprise-Level B2B2C Multi-User Mall System version 1.0, which originates from the incorrect operation of the parameter keywords in th...

TOTOLINK A3300R 安全漏洞

TOTOLINK A3300R is a dual-band wireless router manufactured by China's Gion Electronics TOTOLINK, mainly used for home and small network environments. The TOTOLINK A3300R suffers from a buffer overflow vulnerability that originates from the parameter ip of the function setDmzCfg in the file...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

CVE-2025-60729

PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the validThemeFilePath function...

PT-2025-43461

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A flaw exists where a file path filter designed to restrict access to sensitive directories can be bypassed due to incorrect unicode normalization. This could allow a local user to gain elevated...

CVE-2025-8050

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

TencentOS Server 3: .NET 8.0 (TSSA-2025:0820)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0820 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2025-8050

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-8050 External Control of File vulnerability has been discovered in opentext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to access files hosted on the server. This issue affects Flipper: 3.1.2...

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...

CVE-2025-8048 External Control of File path vulnerability has been discovered on Openext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...

CVE-2025-8048 External Control of File path vulnerability has been discovered on Openext Flipper.

External Control of File Name or Path vulnerability in opentext Flipper allows Path Traversal. The vulnerability could allow a user to submit a stored local file path and then download the specified file from the system by requesting the stored document ID. This issue affects Flipper: 3.1.2...

JLSEC-2025-152 ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamf_read_header in /libavformat/ia...

ffmpeg 7.1 is vulnerable to Null Pointer Dereference in function iamfreadheader in /libavformat/iamfdec.c...

CVE-2025-11941

CVE-2025-11941 affects e107 CMS up to version 2.3.3. The vulnerability is in the Avatar Handler, specifically file /e107_admin/image.php?mode=main&action=avatar, where manipulation of the multiaction[] parameter triggers path traversal. Attacks can be launched remotely and the exploit is public. ...

CVE-2025-11914

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. Affected by this issue is the function Download of the file /DeviceFileReport.do?Action=Download. Performing manipulation of the argument FilePath results in path traversal. The attack may be initiated remotely. The...

EUVD-2025-34942

Malicious code in srccomponentsqcreportindextsx npm...

CVE-2025-60514

Tillywork v0.1.3 and below is vulnerable to SQL Injection in app/common/helpers/query.builder.helper.ts...

CVE-2025-48044

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/policy.ex and program routines 'Elixir.Ash.Policy.Policy':expression/2. This issue affects ash: from pkg:hex/[email protected] before pkg:hex/[email protected]...