CVE-2025-10273

A vulnerability was identified in erjinzhi 10OA 1.0. Affected by this vulnerability is an unknown functionality of the file /view/file.aspx. Such manipulation of the argument File leads to path traversal. The exploit is publicly available and might be used. The vendor was contacted early about th...

PT-2025-37356

Name of the Vulnerable Software and Affected Versions: cdevroe unmark versions up to 1.9.3 Description: A vulnerability exists in cdevroe unmark up to version 1.9.3. The issue affects an unknown part of the file /application/controllers/Marks.php and allows for server-side request forgery through...

CVE-2025-55316

External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally...

Online Fire Reporting System 跨站脚本漏洞

Online Fire Reporting System is an online fire reporting system developed by Carlo Montero, an individual developer. A cross-site scripting vulnerability exists in Online Fire Reporting System version 1.2, which stems from insufficient input validation of the parameters fullname, location, and...

CVE-2025-10096

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

CVE-2025-55316

External control of file name or path in Azure Arc allows an authorized attacker to elevate privileges locally...

TYPO3 CMS exposes sensitive information in an error message

Error messages containing sensitive information in the File Abstraction Layer in TYPO3 CMS versions 9.0.0-9.5.54, 10.0.0-10.4.53, 11.0.0-11.5.47, 12.0.0-12.4.36, and 13.0.0-13.4.17 allow backend users to disclose full file paths via failed low-level file-system operations...

CVE-2025-10134

CVE-2025-10134 affects Goza – Nonprofit Charity WordPress Theme up to version 3.2.2. The flaw is in the alone_import_pack_restore_data() function, where insufficient file path validation allows an unauthenticated attacker to delete arbitrary server files (e.g., wp-config.php), with potential remo...

TYPO3 9.0.0 < 9.5.55 ELTS / 10.0.0 < 10.4.54 ELTS / 11.0.0 < 11.5.48 ELTS / 12.0.0 < 12.4.37 / 13.0.0 < 13.4.18 (TYPO3-CORE-SA-2025-020)

The version of TYPO3 installed on the remote host is 9.0.0 prior to 9.5.55 ELTS / 10.0.0 prior to 10.4.54 ELTS / 11.0.0 prior to 11.5.48 ELTS / 12.0.0 prior to 12.4.37 / 13.0.0 prior to 13.4.18. It is, therefore, affected by a vulnerability as referenced in the TYPO3-CORE-SA-2025-020 advisory. -...

CVE-2025-10097

A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely...

CVE-2025-10096

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

CVE-2025-10096

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

CVE-2025-10096

The CVE-2025-10096 issue affects SimStudioAI sim versions up to 1.0.0, with the vulnerability residing in the file apps/sim/app/api/files/parse/route.ts. By manipulating the filePath argument, an attacker could trigger a server-side request forgery (SSRF) remotely. Public exploitation has been di...

CVE-2025-10096 SimStudioAI sim route.ts server-side request forgery

A vulnerability was determined in SimStudioAI sim up to 1.0.0. This affects an unknown function of the file apps/sim/app/api/files/parse/route.ts. Executing manipulation of the argument filePath can lead to server-side request forgery. The attack can be executed remotely. The exploit has been...

PT-2025-36526

Name of the Vulnerable Software and Affected Versions: itsourcecode Student Information Management System version 1.0 Description: A security flaw exists in itsourcecode Student Information Management System 1.0. The issue involves SQL injection stemming from the manipulation of the ID argument...

PT-2025-36480

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 1.0.0 Description: A vulnerability exists in SimStudioAI sim that allows for server-side request forgery. The issue is related to the manipulation of the filePath argument within a file located at...

CVE-2025-10072

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/IDSTUDENT/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and cou...

CVE-2025-10026

A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unittesting/templates/-complexheader.php. The manipulation of the argument scripts results in cross site scripting. It ...

CVE-2025-10066

A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/dymanictable.php. Such manipulation of the argument scripts leads to cross site scripting. The...

PT-2025-36402

Name of the Vulnerable Software and Affected Versions: itsourcecode POS Point of Sale System version 1.0 Description: A vulnerability exists in itsourcecode POS Point of Sale System that allows for cross site scripting. The vulnerability affects unknown code within the file...