exploitdb

The Exploit Database Git Repository This is an official repos...

CVE-2025-62365

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

Exploit for CVE-2025-61456

🛡️ CVE Disclosure: CVE-2025-61456 — Reflected XSS in E-commerc...

Exploit for CVE-2025-61455

🛡️ CVE Disclosure: CVE-2025-61455 — SQL Injection in E-commerc...

CVE-2025-11656

A weakness has been identified in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown function of the file /assets/editNotes.php. Executing manipulation of the argument File can lead to unrestricted upload. The attack can be launche...

LibreNMS is vulnerable to Reflected-XSS in `report_this` function

Summary Reflected-XSS in reportthis function in librenms/includes/functions.php Details Recently, it was discovered that the reportthis function had improper filtering htmlentities function was incorrectly used in a href environment, which caused the projectissues parameter to trigger an XSS...

CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

EUVD-2025-34114

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

CVE-2025-62365

CVE-2025-62365 affects LibreNMS (LibreNMS/librenms) prior to version 25.7.0. The vulnerability is a reflected XSS in the function report_this (librenms/includes/functions.php) caused by improper filtering of user input, specifically the incorrect use of htmlentities in a href context, which allow...

CVE-2025-62365 LibreNMS vulnerable to Reflected-XSS in `report_this` function

LibreNMS is an open-source, PHP/MySQL/SNMP-based network monitoring system. Prior to 25.7.0, there is a reflected-XSS in reportthis function in librenms/includes/functions.php. The reportthis function had improper filtering htmlentities function was incorrectly use in a href environment, which...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference via the isSensitiveSpec function which calls grpcomni.CreateResource without checking if the resource's metadata field is nil. An attacker can cause a server crash and disrupt service availability by sending emp...

CVE-2025-48043

Incorrect Authorization vulnerability in ash-project ash allows Authentication Bypass. This vulnerability is associated with program files lib/ash/policy/authorizer/authorizer.ex and program routines 'Elixir.Ash.Policy.Authorizer':strictfilters/2. This issue affects ash: from pkg:hex/ash@0 before...

CVE-2025-60378

Stored HTML injection in RISE Ultimate Project Manager & CRM allows authenticated users to inject arbitrary HTML into invoices and messages. Injected content renders in emails, PDFs, and messaging/chat modules sent to clients or team members, enabling phishing, credential theft, and business emai...

Malicious Package

Overview scr-cloud-project is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

EUVD-2025-33941

Malicious code in scr-cloud-project npm...

Malicious code in scr-cloud-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c714f60369d28f727a675effd525b4208077e225e46026b537d7606d48708a9a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-48341 Malicious code in scr-cloud-project (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware c714f60369d28f727a675effd525b4208077e225e46026b537d7606d48708a9a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

EUVD-2025-33942

Malicious code in project-serum npm...

Malicious code in project-serum (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 0c390d6d9b15f1fb2c2ad9b8e802cff831ed02b6028b111d2937705df46f3fdc Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...