291 matches found
GLSA-202511-06 : libpng: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-202511-06 libpng: Multiple vulnerabilities Multiple vulnerabilities have been discovered in libpng. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description block directly fro...
ROS-20251125-04
A vulnerability in OpenBao's secret management and encryption system is related to the fact that the software stores sensitive information in log files. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to confidential information...
PT-2025-47540
Name of the Vulnerable Software and Affected Versions freeprojectscodes Sports Club Management System version 1.0 Description A flaw exists in freeprojectscodes Sports Club Management System 1.0 that allows for SQL injection. The issue is located in an unknown function within the...
CVE-2025-13299
The CVE-2025-13299 entry concerns itsourcecode Web-Based Internet Laboratory Management System 1.0. Several connected sources (CNVD-2025-29439, RH/CVE-2025-13299, CNNVD-202511-1860, PT-2025-47203) confirm a SQL injection vulnerability in the file /user/controller.php. Attack surface: remote explo...
CVE-2025-13200
A vulnerability was determined in SourceCodester Farm Management System 1.0. Affected by this vulnerability is an unknown functionality. This manipulation causes exposure of information through directory listing. The attack is possible to be carried out remotely. The exploit has been publicly...
PT-2025-47057
Name of the Vulnerable Software and Affected Versions Simple Cafe Ordering System version 1.0 Description A SQL injection issue exists in Simple Cafe Ordering System 1.0. The issue is related to the manipulation of the Username parameter within the /login.php file. This manipulation can be...
CVE-2025-13181
A vulnerability was determined in pojoin h3blog 1.0. The affected element is an unknown function of the file /admin/cms/material/add. Executing a manipulation of the argument Name can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclos...
EUVD-2025-38271
A vulnerability was determined in DedeBIZ up to 6.3.2. Affected by this vulnerability is an unknown functionality of the file /admin/specadd.php. This manipulation of the argument flags causes sql injection. The attack is possible to be carried out remotely. The exploit has been publicly disclose...
CVE-2025-12860
Summary: CVE-2025-12860 affects DedeBIZ up to version 6.3.2. An SQL injection can be triggered by manipulating the orderby parameter in /admin/freelist_main.php. The vulnerability is exploitable remotely and the public exploit is available. Multiple connected sources corroborate the issue and its...
CVE-2025-11914
The CVE-2025-11914 entry concerns Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The Vulnerable component is the Download function at /DeviceFileReport.do?Action=Download, where manipulating the FilePath argument enables path traversal. The attack could be initiated remotely, and public expl...
CVE-2025-11475
A vulnerability was determined in projectworlds Advanced Library Management System 1.0. Affected by this issue is some unknown functionality of the file /viewmember.php. Executing a manipulation of the argument userid can lead to sql injection. The attack can be launched remotely. The exploit has...
CVE-2025-11474
A vulnerability was found in SourceCodester Hotel and Lodge Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /editbooking.php. Performing manipulation of the argument Name results in sql injection. The attack can be initiated remotely. The exploit has...
CVE-2025-11284
CVE-2025-11284 describes a vulnerability in Zytec Dalian Zhuoyun Technology Central Authentication Service (CAS) v3, affecting the HTTP Header Handler component. The flaw arises from a vulnerable handling of the Authorization argument in the request to /index.php/auth/Ops/git, which can lead to u...
EUVD-2025-24685
Malicious code in bioql PyPI...
EUVD-2025-24645
Malicious code in bioql PyPI...
EUVD-2025-24136
Malicious code in bioql PyPI...
CVE-2025-11140
The CVE-2025-11140 issue affects Bjskzy Zhiyou ERP up to v11.0, specifically the function openForm in com.artery.richclient.RichClientService. The vulnerability arises from manipulating the argument contentString, enabling an XML External Entity (XXE) reference. It can be exploited remotely, and ...
PT-2025-39767
Name of the Vulnerable Software and Affected Versions Projectworlds Online Tours and Travels version 1.0 Description A security issue exists in Projectworlds Online Tours and Travels 1.0 related to unrestricted file upload. The issue is located in the /admin/change-image.php file, where...
CVE-2025-11079
A security flaw has been discovered in Campcodes Farm Management System 1.0. Affected by this issue is some unknown functionality. The manipulation results in file and directory information exposure. The attack may be performed from remote. The exploit has been released to the public and may be...
PT-2025-39462
Name of the Vulnerable Software and Affected Versions JeecgBoot versions through 3.8.2 Description A security flaw exists in JeecgBoot related to improper authorization. The issue is located in an unknown function within the /sys/user/exportXls file of the Filter Handler component. The flaw is...