CVE-2025-10096

The CVE-2025-10096 issue affects SimStudioAI sim versions up to 1.0.0, with the vulnerability residing in the file apps/sim/app/api/files/parse/route.ts. By manipulating the filePath argument, an attacker could trigger a server-side request forgery (SSRF) remotely. Public exploitation has been di...

PT-2025-36526

Name of the Vulnerable Software and Affected Versions: itsourcecode Student Information Management System version 1.0 Description: A security flaw exists in itsourcecode Student Information Management System 1.0. The issue involves SQL injection stemming from the manipulation of the ID argument...

PT-2025-36480

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim versions up to 1.0.0 Description: A vulnerability exists in SimStudioAI sim that allows for server-side request forgery. The issue is related to the manipulation of the filePath argument within a file located at...

CVE-2025-10072

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /matricula/IDSTUDENT/enturmar/. Performing manipulation results in improper access controls. It is possible to initiate the attack remotely. The exploit has been made public and cou...

CVE-2025-10026

A vulnerability was found in itsourcecode POS Point of Sale System 1.0. Affected by this vulnerability is an unknown functionality of the file /inventory/main/vendors/datatables/unittesting/templates/-complexheader.php. The manipulation of the argument scripts results in cross site scripting. It ...

CVE-2025-10066

A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/dymanictable.php. Such manipulation of the argument scripts leads to cross site scripting. The...

PT-2025-36402

Name of the Vulnerable Software and Affected Versions: itsourcecode POS Point of Sale System version 1.0 Description: A vulnerability exists in itsourcecode POS Point of Sale System that allows for cross site scripting. The vulnerability affects unknown code within the file...

CVE-2025-9919

A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploi...

External Control of File Name or Path

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to External Control of File Name or Path due to the vault secret lookup not accounting for the Windows file...

Insecure parsing of Windows paths with a \??\ prefix in path/filepath

...

Incorrect detection of reserved device names on Windows in path/filepath

...

CVE-2025-9806

A vulnerability was determined in Tenda F1202 1.2.0.9/1.2.0.14/1.2.0.20. Impacted is an unknown function of the file /etcro/shadow of the component Administrative Interface. This manipulation with the input Fireitup causes hard-coded credentials. The attack can only be executed locally. A high...

CVE-2025-9931 Jinher OA POST Request login!changePassWord.action cross site scripting

A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploi...

CVE-2025-9809

Out-of-bounds write in cdfsopencuetrack in libretro libretro-common latest on all platforms allows remote attackers to execute arbitrary code via a crafted .cue file with a file path exceeding PATHMAXLENGTH that is copied using memcpy into a fixed-size buffer...

CVE-2025-9924

A vulnerability has been found in projectworlds Travel Management System 1.0. This vulnerability affects unknown code of the file /enquiry.php. The manipulation of the argument t2 leads to sql injection. Remote exploitation of the attack is possible. The exploit has been disclosed to the public a...

CVE-2025-9919

A vulnerability was identified in 1000projects Beauty Parlour Management System 1.0. This affects an unknown function of the file /admin/bwdates-reports-details.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. The exploi...

Jenkins Git client Plugin file system information disclosure vulnerability

In Jenkins Git client Plugin 6.3.2 and earlier, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check for the existence of an...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...

CVE-2025-58458

In Jenkins Git client Plugin 6.3.2 and earlier, except 6.1.4 and 6.2.1, Git URL field form validation responses differ based on whether the specified file path exists on the controller when specifying amazon-s3 protocol for use with JGit, allowing attackers with Overall/Read permission to check f...