141 matches found
Webutler 安全漏洞
Webutler is an API and data service management platform from German company Webutler. A security vulnerability exists in Webutler version v3.2, which stems from allowing authenticated administrators to upload PHP files, potentially leading to remote code execution...
Important: Red Hat Security Advisory: Red Hat AI Inference Server 3.2.2 (ROCm)
Red Hat AI Inference Server 3.2.2 ROCm is now available. Red Hat® AI Inference Server...
CVE-2025-40818
A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP4. Affected applications contain private SSL/TLS keys on the server that are not properly protected allowing any user with server access to read these keys. This could allow an authenticated attacker to...
Siemens SINEMA Remote Connect Server 安全漏洞
Siemens SINEMA Remote Connect Server is a remote network management platform from Siemens Germany. The platform is primarily used to remotely access, maintain, control and diagnose the underlying network. A security vulnerability exists in Siemens SINEMA Remote Connect Server versions prior to V3...
CVE-2025-63872
DeepSeek V3.2 has a Cross Site Scripting XSS vulnerability, which allows JavaScript execution through model-generated SVG content...
PHPGurukul Student Record System 安全漏洞
Student Record System is a software application. Student Record System suffers from a cross-site request forgery vulnerability that stems from the manage-students.php component not adequately verifying that a request is from a trusted user, which could be exploited by an attacker to cause...
PT-2025-46971
Name of the Vulnerable Software and Affected Versions PHPGurukul Student Record Management System version 3.2.0 Description The PHPGurukul Student Record Management System version 3.2.0 is susceptible to SQL Injection. This issue affects the login.php file through the id and password parameters...
CVE-2025-10295 Angel – Fashion Model Agency WordPress CMS Theme <= 3.2.3 - Authenticated (Subscriber+) Stored Cross-Site Scripting
The Angel – Fashion Model Agency WordPress CMS Theme theme for WordPress is vulnerable to Stored Cross-Site Scripting the profile media uploader in all versions up to, and including, 3.2.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
CVE-2025-64322
Incorrect Permission Assignment for Critical Resource vulnerability in Salesforce Agentforce Vibes Extension allows Manipulating Writeable Configuration Files.This issue affects Agentforce Vibes Extension: before 3.3.0...
UBUNTU-CVE-2025-64184
Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...
CVE-2025-64184 Dosage vulnerable to Directory Traversal through crafted HTTP responses
Dosage is a comic strip downloader and archiver. When downloading comic images in versions 3.1 and below, Dosage constructs target file names from different aspects of the remote comic page URL, image URL, page content, etc.. While the basename is properly stripped of directory-traversing...
CVE-2025-64320
Improper Neutralization of Input Used for LLM Prompting vulnerability in Salesforce Agentforce Vibes Extension allows Code Injection.This issue affects Agentforce Vibes Extension: before 3.2.0...
CVE-2025-62983
CVE-2025-62983 is a stored XSS in the WordPress plugin Posts By Tag (versions ≤ 3.2.1). The issue arises from improper neutralization of input during web page generation, enabling injection of malicious scripts that could be persisted and reflected to users. The vulnerability is labeled as MEDIUM...
CVE-2025-62713 Kottster app reinitialization can be re-triggered allowing command injection in development mode
Kottster is a self hosted Node.js admin panel. From versions 3.2.0 to before 3.3.2, Kottster contains a pre-authentication remote code execution RCE vulnerability when running in development mode. This affects development mode only, production deployments were never affected. This issue has been...
EUVD-2020-19341
Malware in sbrugna...
EUVD-2025-24244
Malicious code in bioql PyPI...
CVE-2025-10342 HTML injection in Perfex CRM
HTML injection vulnerability in Perfex CRM v3.2.1 consisting of a stored HTML injection due to lack of proper validation of user input by sending a POST request in the parameter 'name' at the endpoint '/subscriptions/create'...
CVE-2025-57932
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Diego Pereira PowerFolio portfolio-elementor allows Stored XSS.This issue affects PowerFolio: from n/a through = 3.2.1...
CVE-2025-59432 Timing Attack Vulnerability in SCRAM Authentication
SCRAM Salted Challenge Response Authentication Mechanism is part of the family of Simple Authentication and Security Layer SASL, RFC 4422 authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises because Arrays.equals...
CVE-2025-40746
A vulnerability has been identified in SIMATIC RTLS Locating Manager All versions V3.2. Affected products do not properly validate input for a backup script. This could allow an authenticated remote attacker with high privileges in the application to execute arbitrary code with 'NT...