18797 matches found
Stack-based Buffer Overflow
Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow via the sgpipelinedescdefaults function. An attacker can execute arbitrary code or cause a crash by supplying crafted input that triggers a stack-based buffer overflow. Remediation A fix was pushed into the...
CVE-2025-15156
CVE-2025-15156 affects omec-project UPF up to 2.1.3-dev. The PFCP Session Establishment Request Handler’s handleSessionEstablishmentRequest permits a null pointer dereference; the issue can be triggered remotely. Exploit is published; multiple sources note a lack of a fixed version for the patche...
WordPress HR Management Lite plugin <= 3.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by benzdeus in WordPress Plugin HR Management Lite versions = 3.6...
CVE-2025-15138
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and...
EUVD-2025-205510
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2025-15138 prasathmani TinyFileManager tinyfilemanager.php path traversal
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and...
CVE-2025-15120
A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the file /sys/sysDepartRole/getDeptRoleList. This manipulation of the argument departId causes improper authorization. The attack is possible to be carried out remotely. A high degree of complexity is need...
EUVD-2025-205481
A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an unknown function of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php. This manipulation causes unrestricted upload. It is possible to initiate the attack remotely. The exploit h...
Use of Hard-coded Cryptographic Key
Overview Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the config.yml file. An attacker can gain unauthorized access to sensitive information by exploiting the presence of a hard-coded cryptographic key. Remediation A fix was pushed into the master...
WordPress Shortcodes and extra features for Phlox theme plugin <= 2.17.15 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Shortcodes and extra features for Phlox theme versions = 2.17.15...
CVE-2025-15045
A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-15053 code-projects Student Information System searchresults.php sql injection
A flaw has been found in code-projects Student Information System 1.0. This issue affects some unknown processing of the file /searchresults.php. Executing manipulation of the argument searchbox can lead to sql injection. The attack may be performed from remote. The exploit has been published and...
CVE-2025-14994
A flaw has been found in Tenda FH1201 and FH1206 1.2.0.14408/1.2.0.88155. This impacts the function strcat of the file /goform/webtypelibrary of the component HTTP Request Handler. This manipulation of the argument webSiteId causes stack-based buffer overflow. The attack is possible to be carried...
CVE-2025-14962
A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used...
CVE-2025-14953
A flaw has been found in Open5GS up to 2.7.5. This impacts the function ogspfcphandlecreatepdr in the library lib/pfcp/handler.c of the component FAR-ID Handler. Executing a manipulation can lead to null pointer dereference. The attack may be performed from remote. The attack requires a high leve...
PT-2025-52483
Name of the Vulnerable Software and Affected Versions Open5GS versions up to 2.7.5 Description A flaw exists in Open5GS impacting the ogs pfcp handle create pdr function within the lib/pfcp/handler.c library of the FAR-ID Handler component. This can lead to a null pointer dereference, potentially...
Improper Input Validation
Overview Affected versions of this package are vulnerable to Improper Input Validation in the parseFlowDesc function after PFCP association, when processing a PFCP Session Establishment Request containing a malformed Flow-Description. An attacker can cause the process to panic and terminate by...
PT-2025-52279
Name of the Vulnerable Software and Affected Versions SourceCodester Client Database Management System version 1.0 Description A flaw exists in SourceCodester Client Database Management System 1.0 within the Leads Generation Module. The issue affects the file /user leads.php and allows for...
CVE-2025-14836
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...
CVE-2025-14836
A flaw has been found in ZZCMS 2025. Affected by this vulnerability is an unknown functionality of the file /reg/usersave.php of the component User Data Storage Module. This manipulation causes cleartext storage in a file or on disk. Remote exploitation of the attack is possible. The exploit has...