CVE-2025-1958

A vulnerability, which was classified as critical, has been found in aaluoxiang oasystem 1.0. This issue affects some unknown processing of the file src/main/resources/mappers/address-mapper.xml. The manipulation of the argument outtype leads to sql injection. The attack may be initiated remotely...

CVE-2025-1818

A vulnerability, which was classified as critical, has been found in zj1983 zz up to 2024-8. This issue affects some unknown processing of the file src/main/java/com/futvan/z/system/zfile/ZfileAction.upload. The manipulation of the argument file leads to unrestricted upload. The attack may be...

CVE-2025-1556

A vulnerability, which was classified as problematic, has been found in westboy CicadasCMS 1.0. This issue affects some unknown processing of the file /system of the component Template Management. The manipulation leads to deserialization. The attack may be initiated remotely. The exploit has bee...

CVE-2025-22920

A heap buffer overflow vulnerability in FFmpeg before commit 4bf784c allows attackers to trigger a memory corruption via supplying a crafted media file in avformat when processing tile grid group streams. This can lead to a Denial of Service DoS...

Label Studio has a Path Traversal Vulnerability via image Field

Description A path traversal vulnerability in Label Studio SDK versions prior to 1.0.10 allows unauthorized file access outside the intended directory structure. Label Studio versions before 1.16.0 specified SDK versions prior to 1.0.10 as dependencies, and the issue was confirmed in Label Studio...

CVE-2025-1157

A vulnerability was found in Allims lab.online up to 20250201 and classified as critical. This issue affects some unknown processing of the file /model/modelrecuperarsenha.php. The manipulation of the argument recuperacao leads to sql injection. The attack may be initiated remotely. The exploit h...

CVE-2022-2951

Altair HyperView Player versions 2021.1.0.27 and prior are vulnerable to improper validation of array index vulnerability during processing of H3D files. A DWORD value from a PoC file is extracted and used as an index to write to a buffer, leading to memory corruption...

CVE-2022-2561

This vulnerability allows remote attackers to execute arbitrary code on affected installations of OPC Labs QuickOPC 2022.1. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2024-21480

Memory corruption while playing audio file having large-sized input buffer...

CVE-2024-23142

A maliciously crafted CATPART, STP, and MODEL file, when parsed in atfdwgconsumer.dll, rosex64vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current process...

Relative Path Traversal

org.apache.solr, solr-core is vulnerable to Relative Path Traversal. The vulnerability is due to a lack of input sanitization in the "configset upload" API, which allows the arbitrary filepath write-access when processing ZIP files...

PT-2025-4051 · Unknown · Esafenet Cdg V5

Name of the Vulnerable Software and Affected Versions: ESAFENET CDG V5 Description: A critical issue has been found in ESAFENET CDG V5, affecting some unknown processing of the file /sdDoneDetail.jsp. The manipulation of the flowId argument leads to SQL injection. The attack may be initiated...

USN-7228-1: LibreOffice vulnerabilities

Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to create arbitrary files ending with ".ttf"...

DEBIAN-CVE-2024-27856

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

UBUNTU-CVE-2024-27856

The issue was addressed with improved checks. This issue is fixed in Safari 17.5, iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5, tvOS 17.5, visionOS 1.2, watchOS 10.5. Processing a file may lead to unexpected app termination or arbitrary code execution...

CVE-2024-13036

CVE-2024-13036: Affects code-projects Chat System 1.0. The vulnerability lies in /admin/update_room.php where manipulation of the id/name/password parameters enables SQL injection due to insufficient input validation. The attack can be initiated remotely and an exploit has been disclosed publicly...

CVE-2024-11820

CVE-2024-11820 affects the open-source project Code-Projects Crud Operation System 1.0 . The vulnerability is a cross-site scripting (XSS) flaw in the handling of the saddress parameter of the file /add.php . The root cause is indicated as the manipulation of this argument leading to XSS. The iss...

CVE-2024-11742

A vulnerability, which was classified as problematic, has been found in SourceCodester Best House Rental Management System 1.0. This issue affects some unknown processing of the file /rental/ajax.php?action=savetenant. The manipulation of the argument lastname/firstname/middlename leads to cross...

Hugging Face Transformers 代码问题漏洞

Hugging Face Transformers is advanced natural language processing built for Jax, PyTorch and TensorFlow. A code issue vulnerability exists in Hugging Face Transformers that stems from improper data validation in model file processing, which could lead to untrusted data deserialization and allow a...

CVE-2024-11256

CVE-2024-11256 details (NORMAL) : Affects 1000 Projects Portfolio Management System MCA 1.0. The vulnerability is a SQL injection in the login.php flow caused by unsafely handling the username parameter, enabling remote abuse. Descriptions consistently classify this as critical with potential rem...