CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

CVE-2025-58769 auth0-PHP: Improper File Type Handling in Bulk User Import

auth0-PHP is an SDK for Auth0 Authentication and Management APIs. In versions 3.3.0 through 8.16.0, the Bulk User Import endpoint in applications built with the SDK does not validate the file-path wrapper or value. Without proper validation, affected applications may accept arbitrary file paths o...

Auth0-PHP 安全漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 3.3.0 through 8.16.0, which stems from an unvalidated file path wrapper or value that could lead to the acceptance of arbitrary file paths or URLs...

PT-2025-40296

Name of the Vulnerable Software and Affected Versions auth0-PHP versions 3.3.0 through 8.16.0 Description The Bulk User Import endpoint does not validate file path wrappers or values, potentially allowing acceptance of arbitrary file paths or URLs. This affects applications directly using the...

NewStart CGSL MAIN 6.06 : perl Multiple Vulnerabilities (NS-SA-2025-0211)

The remote NewStart CGSL host, running version MAIN 6.06, has perl packages installed that are affected by multiple vulnerabilities: - Heap-based buffer overflow in the pack function in Perl before 5.26.2 allows context-dependent attackers to execute arbitrary code via a large item count...

CVE-2025-11147

CVE-2025-11147: Reflected XSS in Apt-Cacher-NG 3.2.1. The vulnerability allows script execution in /html/.html. Affected product is Apt-Cacher-NG; root cause is reflected XSS, with multiple sources noting no information on a vendor patch in some advisories, and others indicating patch status vari...

CVE-2025-11061 Campcodes Online Learning Management System edit_student.php sql injection

A vulnerability was found in Campcodes Online Learning Management System 1.0. This affects an unknown part of the file /admin/editstudent.php. Performing manipulation of the argument cys results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public...

PT-2025-39739

Name of the Vulnerable Software and Affected Versions Campcodes Online Learning Management System version 1.0 Description A SQL injection issue exists in Campcodes Online Learning Management System version 1.0. The issue is located in the file /admin/de activate.php and affects an unknown functio...

CVE-2025-11034

A vulnerability was found in Dibo Data Decision Making System up to 2.7.0. The affected element is the function downloadImpTemplet of the file /common/dep/commondep.action.jsp. The manipulation of the argument filePath results in path traversal. It is possible to launch the attack remotely. The...

CVE-2025-10307 Backuply – Backup, Restore, Migrate and Clone <= 1.4.8 - Authenticated (Admin+) Arbitrary File Deletion

The Backuply – Backup, Restore, Migrate and Clone plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete backup functionality in all versions up to, and including, 1.4.8. This makes it possible for authenticated attackers, with...

Fortinet FortiWeb _cmf_get_config_file_path Directory Traversal Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Fortinet FortiWeb. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementation of the cmfgetconfigfilepath method. The issue results from the...

PT-2025-39671

Name of the Vulnerable Software and Affected Versions kidaze CourseSelectionSystem versions prior to 42cd892b40a18d50bd4ed1905fa89f939173a464 Description A flaw exists in kidaze CourseSelectionSystem that allows for SQL injection. The issue is due to the manipulation of the cbe argument within an...

PT-2025-39689

Name of the Vulnerable Software and Affected Versions WAYOS versions 22.03.17 LQ 04, LQ 05, LQ 06, LQ 07, and LQ 09 Description A flaw exists in WAYOS that allows for command injection. This occurs due to the manipulation of the Name argument within an unknown function of the /usb paswd.asp file...

CVE-2025-10965 LazyAGI LazyLLM server.py lazyllm_call deserialization

A security vulnerability has been detected in LazyAGI LazyLLM up to 0.6.1. Affected by this issue is the function lazyllmcall of the file lazyllm/components/deploy/relay/server.py. Such manipulation leads to deserialization. The attack can be launched remotely. The exploit has been disclosed...

CVE-2025-10837

A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Affected by this vulnerability is an unknown functionality of the file /ordersimple/order.php. The manipulation of the argument ID leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-10842

A vulnerability was detected in code-projects Online Bidding System 1.0. Affected is an unknown function of the file /administrator/wew.php. Performing manipulation of the argument ID results in sql injection. The attack may be initiated remotely. The exploit is now public and may be used...

Simple Food Ordering System order.php File Cross-Site Scripting Vulnerability

Simple Food Ordering System is a simple food ordering system. Simple Food Ordering System suffers from a cross-site scripting vulnerability that stems from the lack of effective filtering and escaping of user-supplied data by the parameter ID in the file /ordersimple/order.php, which can be...

Do Not Configure Deprecated Options for the SSH Service

Currently, the SSH service communication protocols are classified into the first generation and the second generation. The configuration options of the SSH service of different versions are incompatible. In addition, the configuration options of some earlier versions are deprecated in the new...

CVE-2025-56816

Datart 1.0.0-rc.3 is vulnerable to Directory Traversal. The configuration file handling of the application allows attackers to upload arbitrary YAML files to the config/jdbc-driver-ext.yml path. The application parses this file using SnakeYAML's unsafe load or loadAs method without input...