Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

wget https://raw.github...

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

CVE-2025-14836

A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...

CVE-2025-1031

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-40892

A Stored Cross-Site Scripting vulnerability was discovered in the Reports functionality due to improper validation of an input parameter. An authenticated user with report privileges can define a malicious report containing a JavaScript payload, or a victim can be socially engineered to import a...

EUVD-2025-204080

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

CVE-2025-60079

Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through = 1.0.9...

PT-2025-52137

Missing Authorization vulnerability in bPlugins Parallax Section block parallax-section allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Parallax Section block: from n/a through = 1.0.9...

PT-2025-52165

Missing Authorization vulnerability in StylemixThemes MasterStudy LMS Pro masterstudy-lms-learning-management-system-pro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects MasterStudy LMS Pro: from n/a through 4.7.16...

CVE-2025-64634

Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through = 7.13.2...

CVE-2025-11775

An out-of-bounds read vulnerability has been identified in the asComSvc service. This vulnerability can be triggered by sending specially crafted requests, which may lead to a service crash or partial loss of functionality. This vulnerability only affects ASUS motherboard series products. Refer t...

Radiometer Products 安全漏洞

Radiometer Products is a line of medical diagnostic instruments from the Danish company Radiometer. A security vulnerability exists in Radiometer Products that stems from a weakness in the design of the application software access control implementation that could result in a physical accessor...

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Attributes functionality...

EUVD-2025-203593

Missing Authorization vulnerability in ThemeFusion Avada avada allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Avada: from n/a through = 7.13.1...

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Attributes functionality...

CVE-2025-65589

nopCommerce 4.90.0 is vulnerable to Cross Site Scripting XSS via the Attributes functionality...

CVE-2025-65589

CVE-2025-65589 affects nopCommerce 4.90.0. The vulnerability is a Cross-Site Scripting (XSS) flaw in the Attributes functionality, enabling attacker-supplied script to be executed in pages viewed by other users. CVSS v3.1 base score 6.1 (Medium) with Network attack vector, Low attack complexity, ...

PT-2025-51770

Name of the Vulnerable Software and Affected Versions nopCommerce version 4.90.0 Description The software is susceptible to Cross Site Scripting XSS through its Currencies functionality. The issue allows for potential malicious code injection via this feature. Recommendations At the moment, there...

Information Leakage in Grafana Alerting

In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...

PT-2025-51185

A security flaw has been discovered in Shenzhen Sixun Software Sixun Shanghui Group Business Management System 4.10.24.3. Affected by this issue is some unknown functionality of the file /ExportFiles/. The manipulation results in files or directories accessible. The attack may be launched remotel...