SourceCodester Online Exam Form Submission 代码问题漏洞

SourceCodester Online Exam Form Submission is a SourceCodester open source online exam submission system. A code issue vulnerability exists in SourceCodester Online Exam Form Submission version 1.0, which stems from incorrect manipulation of the parameter img in the file /register.php, which coul...

Denial Of Service (DoS)

com.liferay.portal, release.portal.bom are vulnerable to Denial Of Service DoS. The vulnerability is due to allowing unlimited file uploads through object entries attachment fields, which are stored in the documentlibrary, allowing an attacker to cause a potential Denial-of-Service DDoS attack...

PT-2025-38078

Name of the Vulnerable Software and Affected Versions: by-night sms version 1.0 Description: The /api/sms/upload/headImg endpoint allows the upload of arbitrary files. Users can upload files of any size and type. Recommendations: As a temporary workaround, consider restricting access to the...

SourceCodester Pet Grooming Management Software 代码问题漏洞

SourceCodester Pet Grooming Management Software is an open source pet grooming management system from SourceCodester. A code issue vulnerability exists in version 1.0 of SourceCodester Pet Grooming Management Software, which stems from an incorrect manipulation of the parameter websiteimage in th...

CVE-2025-57176

On Ceragon Networks / Siklu Communication EtherHaul and MultiHaul Series microwave antennas before 2026-03-10, the rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak encryption metadata only with file contents...

Ceragon EtherHaul series 代码问题漏洞

The Ceragon EtherHaul series is a point-to-point infinite link device from Ceragon USA. A security vulnerability exists in the Ceragon EtherHaul series versions 7.4.0 through 10.7.3, which stems from the rfpiped service not performing authentication or path validation, which could result in...

CVE-2025-8492

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticat...

PT-2025-37369

Siklu EtherHaul 8010 siklu-uimage-nxp-enc-10 6 2-18707-ea552dc00b devices have a static root password...

eCharge Hardy Barth Salia PLCC 代码问题漏洞

The eCharge Hardy Barth Salia PLCC is a charging post controller from eCharge Germany. A code issue vulnerability exists in eCharge Hardy Barth Salia PLCC version 2.2.0, which stems from incorrect manipulation of the parameter setrfidlist in file/api.php, which could lead to arbitrary file upload...

PT-2025-37370

Name of the Vulnerable Software and Affected Versions Ceragon Networks / Siklu Communication EtherHaul series versions 7.4.0 through 10.7.3 Description The rfpiped service on TCP port 555 allows unauthenticated file uploads to any writable location on the device. File upload packets use weak...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...

CVE-2025-10049

The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelectionimage field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level acce...

CVE-2025-10001

The Import any XML, CSV or Excel File to WordPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the import functionality in all versions up to, and including, 3.9.3. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2025-7337

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by...

CVE-2025-7337 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 7.8 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user with Developer-level access to cause a persistent denial of service affecting all users on a GitLab instance by...

PT-2025-37294

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 7.8 through 18.1.5 GitLab CE/EE versions 18.2 through 18.2.5 GitLab CE/EE versions 18.3 through 18.3.1 Description: An authenticated user with Developer-level access could cause a persistent denial of service affecting a...

CVE-2025-8492

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.22. This makes it possible for unauthenticat...

CVE-2025-8492

CVE-2025-8492 affects the WordPress plugin Salon Booking System (Free Version) up to version 10.20. The vulnerability is caused by a missing capability check in the ajax function, enabling unauthenticated attackers to execute AJAX actions, including limited file uploads. Wordfence lists a CVSS v3...

CVE-2025-8492 Salon Booking System <= 10.20 - Missing Authorization to Unauthenticated AJAX Actions Execution

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.20. This makes it possible for unauthenticat...

PT-2025-37133

The Salon Booking System, Appointment Scheduling for Salons, Spas & Small Businesses plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax function in all versions up to, and including, 10.20. This makes it possible for unauthenticat...