PT-2025-23415 · Jeewms · Jeewms

Name of the Vulnerable Software and Affected Versions: JeeWMS up to 20250504 Description: A critical issue was found in the File Handler component, specifically affecting the filedeal function of the /systemController/filedeal.do file. This leads to improper access controls, allowing remote...

CVE-2025-5178

A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files leads to unrestricted upload. It is possible to launc...

CVE-2025-5138

A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

CVE-2025-5178

A vulnerability classified as critical has been found in Realce Tecnologia Queue Ticket Kiosk up to 20250517. Affected is an unknown function of the file /adm/ajax.php of the component Image File Handler. The manipulation of the argument files leads to unrestricted upload. It is possible to launc...

GHSA-55G9-6C2X-GF8Q HumanSignal label-studio-ml-backend Deserialization of Untrusted Data vulnerability

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

CVE-2025-5173

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

CVE-2025-5173

A vulnerability has been found in HumanSignal label-studio-ml-backend up to 9fb7f4aa186612806af2becfb621f6ed8d9fdbaf and classified as problematic. Affected by this vulnerability is the function load of the file label-studio-ml-backend/labelstudioml/examples/yolo/utils/neuralnets.py of the...

CVE-2025-5173

CVE-2025-5173 affects HumanSignal label-studio-ml-backend, specifically the PT File Handler's neural_nets.py load function. The vulnerability arises from manipulation of the path argument, leading to deserialization. This is described as a local attack with the affected release up to 9fb7f4aa1866...

PT-2025-22920 · Realce Tecnologia · Realce Tecnologia Queue Ticket Kiosk

Name of the Vulnerable Software and Affected Versions: Realce Tecnologia Queue Ticket Kiosk up to 20250517 Description: A critical vulnerability has been found in the Image File Handler component of the affected software, specifically in an unknown function of the file /adm/ajax.php. The...

CVE-2025-5138

A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

CVE-2025-5138

CVE-2025-5138 affects Bitwarden up to version 2.25.1. The vulnerability arises in the PDF File Handler component and enables cross-site scripting. Exploitation is possible remotely and, per linked sources, the exploit has been disclosed. Several connected sources corroborate an XSS flaw and note ...

CVE-2025-5138 Bitwarden PDF File cross site scripting

A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

CVE-2025-5138 Bitwarden PDF File cross site scripting

A vulnerability was found in Bitwarden up to 2.25.1. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component PDF File Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclos...

PT-2025-22853 · Bitwarden · Bitwarden

Name of the Vulnerable Software and Affected Versions: Bitwarden versions up to 2.25.1 Description: A vulnerability was found in the PDF File Handler component of Bitwarden, leading to cross-site scripting. The attack can be launched remotely, and the exploit has been disclosed to the public. The...

Bitwarden 代码注入漏洞

Bitwarden is an open source password manager from Bitwarden Inc. in the United States. A code injection vulnerability exists in Bitwarden 2.25.1 and earlier versions, which stems from a misbehavior of the component PDF File Handler resulting in cross-site scripting...

CVE-2025-5108

A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unrestricted upload. The attack may be...

CVE-2025-5108

CVE-2025-5108 affects zongzhige ShopXO 6.5.0. The issue is in the Upload function of app/admin/controller/Payment.php (ZIP File Handler); manipulation of the params argument enables unrestricted file upload. Exploitation is possible remotely with no user interaction, and multiple sources note pub...

CVE-2024-3430

A vulnerability was found in QKSMS up to 3.9.4 on Android. It has been classified as problematic. This affects an unknown part of the file androidmanifest.xml of the component Backup File Handler. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is possible ...

CVE-2024-7738

A vulnerability, which was classified as problematic, has been found in yzane vscode-markdown-pdf 1.5.0. Affected by this issue is some unknown functionality of the component Markdown File Handler. The manipulation leads to pathname traversal. Attacking locally is a requirement. The exploit has...

CVE-2024-1191

A vulnerability was found in Hyper CdCatalog 2.3.1. It has been classified as problematic. This affects an unknown part of the component HCF File Handler. The manipulation leads to denial of service. An attack has to be approached locally. The exploit has been disclosed to the public and may be...