PT-2025-27620 · WordPress · Vikinger +1

Name of the Vulnerable Software and Affected Versions: Vikinger theme for WordPress versions up to, and including, 1.9.32 Description: The issue is related to insufficient file path validation in the vikinger delete activity media ajax function. This allows authenticated attackers with...

PT-2025-27590 · WordPress · The Home Villas | Real Estate Wordpress Theme

Name of the Vulnerable Software and Affected Versions: The Home Villas | Real Estate WordPress Theme versions up to, and including, 2.8 Description: The issue is related to insufficient file path validation in the wp rem cs widget file delete function, allowing authenticated attackers with...

PT-2025-27633 · Unknown · Linkwarden

Name of the Vulnerable Software and Affected Versions: Linkwarden version 2.10.2 Description: The issue concerns a File Path Disclosure Vulnerability in Linkwarden, a self-hosted, open-source collaborative bookmark manager. In the affected version, the server accepts links of the format...

CVE-2025-6880

A vulnerability classified as critical has been found in SourceCodester Best Salon Management System 1.0. Affected is an unknown function of the file /panel/edit-tax.php. The manipulation of the argument editid leads to sql injection. It is possible to launch the attack remotely. The exploit has...

CVE-2025-6864

A vulnerability, which was classified as problematic, has been found in SeaCMS up to 13.2. Affected by this issue is some unknown functionality of the file /admintype.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to...

Langchain-Chatchat vulnerable to path traversal

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

CVE-2025-6855 chatchat-space Langchain-Chatchat file path traversal

A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may ...

SourceCodester Simple Company Website 注入漏洞

SourceCodester Simple Company Website is a simple company website from SourceCodester, Inc. An injection vulnerability exists in SourceCodester Simple Company Website version 1.0, which originates from a SQL injection due to the incorrect operation of the parameter Username in the file...

CVE-2025-6755

CVE-2025-6755 concerns the WordPress plugin “Game Users Share Buttons” where all versions up to 1.3.0 are vulnerable to arbitrary file deletion due to insufficient file path validation in ajaxDeleteTheme(). An attacker with Subscriber-level privileges can supply crafted values for the themeNameId...

Online Hotel Reservation System demo.php File SQL Injection Vulnerability

Online Hotel Reservation System is a simple online hotel reservation system. Online Hotel Reservation System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Start in the file /reservation/demo.php. The...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data by the parameter Insira o novo tipo in the file /html/matPat/adicionartipoEntrada.php No detailed...

WeGIA 安全漏洞

WeGIA is a web manager for welfare organizations. WeGIA suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data in the file /html/matPat/adicionartipoSaida.php, no details of the vulnerability are provided at this time...

External Control of File Name or Path

Overview ServiceStack.Text is a set of JSON, JSV and CSV text serializers Affected versions of this package are vulnerable to External Control of File Name or Path in the url parameter to the GetErrorResponse method. An attacker can relay NTLM credentials in the context of the current user by...

External Control of File Name or Path

Overview ServiceStack is a simple and fast alternative to WCF, MVC and Web API in one cohesive framework for all your services and web apps. Affected versions of this package are vulnerable to External Control of File Name or Path in the url parameter to the GetErrorResponse method. An attacker c...

SourceCodester Best Salon Management System 注入漏洞

SourceCodester Best Salon Management System is an open source salon management system from SourceCodester. SourceCodester Best Salon Management System version 1.0 suffers from an injection vulnerability that stems from improper handling of the parameters fromdate/todate in the file...

PT-2025-26822 · WordPress · Everest Forms

Name of the Vulnerable Software and Affected Versions: The Everest Forms Pro plugin for WordPress versions up to, and including, 1.9.4 Description: The issue is related to insufficient file path validation in the delete entry files function, allowing unauthenticated attackers to delete arbitrary...

UBUNTU-CVE-2025-6545

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

Path Traversal

pythona2a is vulnerable to Path traversal. The vulnerability is due to improper validation or sanitization of user-supplied file paths in the createworkflow function, allows an attacker to access arbitrary files on the server by crafting malicious input that traverses directories...

The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX allows a perpetrator to re-record any files.

The vulnerability of the SLNX PC Client of the embedded application and document management tool RICOH Streamline NX relates to improper external manipulation of file names or file paths. Exploiting this vulnerability allows a malicious actor to re-record arbitrary files...

PHPGurukul Art Gallery Management System 注入漏洞

Art Gallery Management System is an art gallery management system. Art Gallery Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of an externally-entered SQL statement in the parameter editid in the file /admin/edit-art-medium-detail.php. A...