CVE-2025-4845 FreeFloat FTP Server TRACE Command buffer overflow

A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TRACE Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclose...

CVE-2025-4819

A vulnerability classified as problematic has been found in yproject RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack...

CVE-2025-4818 SourceCodester Doctor's Appointment System GET Parameter delete-doctor.php sql injection

A vulnerability was found in SourceCodester Doctor's Appointment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/delete-doctor.php of the component GET Parameter Handler. The manipulation of the argument ID leads to sql injection. The attac...

CVE-2025-4792 FreeFloat FTP Server MDELETE Command buffer overflow

A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. This issue affects some unknown processing of the component MDELETE Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosed to the public and...

Security Bulletin: Astronomer with IBM is vulnerable to remote attacks due to the crewjam saml package (CVE-2020-27846).

Summary crewjam saml is used by Astronomer with IBM as part of identity verification. Vulnerability Details CVEID:CVE-2020-27846 DESCRIPTION: crewjam saml could allow a remote attacker to bypass security restrictions, caused by a signature verification vulnerability. By sending a specially-crafte...

PT-2025-20986 · Microsoft · Office Excel

Name of the Vulnerable Software and Affected Versions: Microsoft Office Excel affected versions not specified Description: The issue allows an unauthorized attacker to execute code locally due to a 'type confusion' vulnerability, where a resource is accessed using an incompatible type. This...

CVE-2025-4537 yangzongzhuan RuoYi-Vue Password login.vue sensitive information in a cookie

A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive...

CVE-2025-4535

A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information...

PT-2025-20656 · Sungrow · Sungrow Logger1000

Name of the Vulnerable Software and Affected Versions: SunGrow Logger1000 version 01 A Description: A problematic issue has been found in the software, affecting some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of ...

CVE-2025-4503 Campcodes Sales and Inventory System customer_update.php sql injection

A vulnerability was found in Campcodes Sales and Inventory System 1.0 and classified as critical. This issue affects some unknown processing of the file /pages/customerupdate.php. The manipulation of the argument ID leads to sql injection. The attack may be initiated remotely. The exploit has bee...

PT-2025-20630 · Unknown · Sourcecodester Online College Library System

Name of the Vulnerable Software and Affected Versions: SourceCodester Online College Library System version 1.0 Description: A critical vulnerability was found in the SourceCodester Online College Library System. The issue is related to an unknown function of the file /index.php, where the...

PT-2025-20459 · Unknown · Project Worlds Car Rental Project

Name of the Vulnerable Software and Affected Versions: Project Worlds Car Rental Project version 1.0 Description: A critical vulnerability has been found in the Project Worlds Car Rental Project. The issue affects an unknown function of the file /signup.php. The manipulation of the fname argument...

CVE-2025-4293

A vulnerability was found in MRCMS 3.1.3 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/group/edit.do of the component Group Edit Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been...

CVE-2025-4332

A vulnerability was found in PHPGurukul Company Visitor Management System 2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /visitor-detail.php. The manipulation of the argument editid/remark leads to sql injection. The attack may be launched remotel...

CVE-2025-4248

CVE-2025-4248 affects SourceCodester Simple To-Do List System 1.0. The vulnerability arises in the file /complete_task.php where manipulating the ID parameter enables SQL injection. Multiple connected sources confirm remote exploitation and public disclosure of the exploit. Impact is described ac...

CVE-2025-4193

A vulnerability was found in itsourcecode Restaurant Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/categoryupdate.php. The manipulation of the argument Category leads to sql injection. The attack may be launched remotely...

CVE-2025-47244

CVE-2025-47244 affects Inedo ProGet (versions 2024.22 and earlier). The vulnerability stems from the C# reflection layer, which can be abused by remote attackers to reach restricted functionality, potentially causing a denial of service (e.g., looping RestartWeb) or exposing sensitive information...

The vulnerability of the Git-based software platform for collaborative code development on GitLab EE/CE lies in its unlimited resource distribution, which allows attackers to trigger service interruptions.

The vulnerability of the Git-based software platform for collaborative code development in GitLab EE/CE relates to the unlimited distribution of resources. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

PT-2025-18748 · Flowring Technology · Agentflow

Name of the Vulnerable Software and Affected Versions: Agentflow from Flowring Technology affected versions not specified Description: The issue allows unauthenticated remote attackers to perform password brute force attacks by bypassing account lockout protection. Recommendations: At the moment,...

CVE-2025-4160 PCMan FTP Server LS Command buffer overflow

A vulnerability was found in PCMan FTP Server up to 2.0.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component LS Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the...