CVE-2025-12203

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...

MaxSite CMS 代码问题漏洞

MaxSite CMS is a Russian open source web content management system from MaxSite CMS. A code issue vulnerability exists in MaxSite CMS version 109 and prior versions, which originates from the incorrect operation of the parameter X-Requested-FileName/ in the file...

PrivateBin 安全漏洞

PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin versions 1.7.7 through 2.0.1, which stems from an uncleaned attachment filename and could lead to an HTML injection attack...

Linux Distros Unpatched Vulnerability : CVE-2025-40067

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - fs/ntfs3: reject index allocation if $BITMAP is empty but blocks exist Index allocation requires at least one bit in the $BITMAP attribute to track usage of ind...

kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...

kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...

CVE-2025-12055

HYDRA X, MIP 2 and FEDRA 2 of MPDV Mikrolab GmbH suffer from an unauthenticated local file disclosure vulnerability in all releases until Maintenance Pack 36 with Servicepack 8 week 36/2025, which allows an attacker to read arbitrary files from the Windows operating system. The "Filename" paramet...

CVE-2025-12055

MPDV Mikrolab HYDRA X, MIP 2 and FEDRA 2 are affected by an unauthenticated local file disclosure bug up to Maintenance Pack 36 with Servicepack 8 (week 36/2025). The issue stems from improper validation of the Filename parameter in the public $SCHEMAS$ resource, allowing an attacker to read arbi...

CVE-2025-12203

A weakness has been identified in givanz Vvveb up to 1.0.7.3. This issue affects the function sanitizeFileName of the file system/functions.php of the component Code Editor. Executing a manipulation of the argument File can lead to path traversal. The attack can be launched remotely. The exploit...

MPDV Mikrolab多款产品 安全漏洞

MPDV Mikrolab HYDRA X and others are products of MPDV Mikrolab, Germany.MPDV Mikrolab HYDRA X is a platform-based manufacturing execution system.MPDV Mikrolab MIP 2 is an industrial manufacturing integration platform.MPDV Mikrolab FEDRA 2 is an industrial manufacturing integration MPDV Mikrolab...

PT-2025-43887

Name of the Vulnerable Software and Affected Versions HYDRA X, MIP 2, and FEDRA 2 versions prior to Maintenance Pack 36 with Servicepack 8 week 36/2025 Description HYDRA X, MIP 2, and FEDRA 2 are affected by a local file disclosure issue. An unauthenticated attacker can read arbitrary files from...

CVE-2025-10579

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpupworking' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with...

EUVD-2025-35914

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpupworking' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with...

CVE-2025-10579

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpupworking' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with...

CVE-2025-10579 BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpupworking' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with...

CVE-2025-10579 BackWPup <= 5.5.0 - Missing Authorization to Sensitive Information Exposure

The BackWPup – WordPress Backup & Restore Plugin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'backwpupworking' AJAX action in all versions up to, and including, 5.5.0. This makes it possible for authenticated attackers, with...

CVE-2025-10579

CVE-2025-10579 affects the BackWPup – WordPress Backup & Restore Plugin for WordPress. The root cause is a missing capability check on the Ajax action backwpup_working, allowing authenticated users with Subscriber-level access or higher to retrieve a backup file name while a backup is running. Im...

CVE-2025-60938

Emoncms 11.7.3 has a remote code execution vulnerability in the firmware upload feature that allows authenticated users to execute arbitrary commands on the target system. The vulnerability stems from insufficient input validation of user-controlled parameters including filename, port, baudrate,...

WordPress plugin Edge CPT 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

PT-2025-43699

Name of the Vulnerable Software and Affected Versions BackWPup – WordPress Backup & Restore Plugin versions prior to 5.5.1 Description The BackWPup – WordPress Backup & Restore Plugin for WordPress is susceptible to unauthorized data access. A missing capability check on the backwpup working AJAX...