code-projects Online Farm System 注入漏洞

Online Farm System is an online farm system. Online Farm System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Username in the file /register.php. An attacker can exploit this vulnerability to execute...

PT-2025-31224 · Maptiler · Maptiler Tileserver-Php

Name of the Vulnerable Software and Affected Versions: MapTiler Tileserver-php version 2.0 Description: MapTiler Tileserver-php version 2.0 is vulnerable to Directory Traversal. The renderTile function within tileserver.php is responsible for delivering tiles stored as files on the server via web...

redis: Redis Stack Buffer Overflow

A flaw was found in Redis. Using memcpy with the strlen filepath when copying a user-supplied file path into a fixed-size stack buffer in redis-check-aof results in a stack-based buffer overflow. This flaw allows a local attacker to trigger the overflow by providing a specially crafted file path,...

GO-2025-3799 LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper

LF Edge eKuiper vulnerable to File Path Traversal leading to file replacement in github.com/lf-edge/ekuiper...

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-50185

DbGate is cross-platform database manager. In versions 6.6.0 and below, DbGate allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from arbitrary files on the system, regardless of their location or file...

CVE-2025-6989

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-6989 Kallyas <= 4.21.0 - Authenticated (Contributor+) Arbitrary Folder Deletion

The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the deletefont function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-6989

CVE-2025-6989 (KALLYAS theme for WordPress) is an authenticated (Contributor+) vulnerability in all versions up to 4.21.0 where delete_font() uses insufficient file-path validation, enabling an attacker to delete arbitrary folders on the server. The issue, with CVSS 3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:...

PT-2025-30949 · Dbgate · Dbgate +1

Name of the Vulnerable Software and Affected Versions: DbGate versions 6.6.0 and below Description: DbGate, a cross-platform database manager, allows unauthorized file access due to insufficient validation of file paths and types. A user with application-level access can retrieve data from...

PT-2025-30968 · WordPress · Kallyas

Name of the Vulnerable Software and Affected Versions: Kallyas versions prior to 4.21.1 Description: The Kallyas theme for WordPress is susceptible to arbitrary folder deletion due to inadequate file path validation within the delete font function. Authenticated attackers possessing...

Improper Access Control

org.apache.jena, jena-fuseki is vulnerable to improper access control. The vulnerability is due to insufficient validation or restriction on file path locations when administrators create database files in Apache Jena, allows creation of files outside the intended directory structure...

USN-7366-2: Rack vulnerabilities

USN-7366-1 fixed vulnerabilities in Rack. This update provides the corresponding updates for Ubuntu 25.04. Original advisory details: Nhật Thái Đỗ discovered that Rack incorrectly handled certain usernames. A remote attacker could possibly use this issue to perform CRLF injection. CVE-2025-25184...

Apache Jena Input Validation Error Vulnerability

Apache Jena is the Apache Software Foundation's open source Java framework for building semantic web and linked data applications. A file path validation vulnerability exists in Apache Jena 5.4.0 and earlier versions, which stems from a failure to validate file access paths in configuration files...

Shenzhen Libituo Technology LBT-T300-T310 安全漏洞

Shenzhen Libituo Technology LBT-T300-T310 is an industrial router from Shenzhen Libituo Technology China. A security vulnerability exists in the Shenzhen Libituo Technology LBT-T300-T310 version 2.2.3.6, which is caused by a buffer overflow due to a misbehavior of the function sub40B6F0 in the fi...

Online Library Management System /admin/student-history.php File SQL Injection Vulnerability

Online Library Management System is an online library management system. A SQL injection vulnerability exists in Online Library Management System, which originates from the lack of validation of externally-entered SQL statements in the parameter stdid in the file /admin/student-history.php. An...

TOTOLINK T6 clearPairCfg Function Command Injection Vulnerability

TOTOLINK T6 is a wireless dual-band router from China's TOTOLINK Electronics TOTOLINK that supports MQTT protocol and Telnet service. TOTOLINK T6 suffers from a command injection vulnerability that stems from the parameter ip of the function clearPairCfg in the file /cgi-bin/cstecgi.cgi in the...

CVE-2025-7868

A vulnerability was found in Portabilis i-Educar up to 2.10. This issue affects some unknown processing of the file /intranet/educarcalendariodiamotivocad.php of the component Calendar Module. The manipulation of the argument Motivo/descricao results in cross site scripting. It is possible to...

Code-Projects Church Donation System 注入漏洞

The Church Donation System is a system of church giving. The Church Donation System suffers from a SQL injection vulnerability that stems from the lack of validation of externally entered SQL statements in the parameter trcode in the file /members/offering.php. An attacker can exploit this...

Code-Projects Food Ordering Review System 注入漏洞

Code-Projects Food Ordering Review System is a Code-Projects open source food ordering review system. An injection vulnerability exists in Code-Projects Food Ordering Review System version 1.0, which originates from a SQL injection due to misuse of the parameter fname in the file...