CVE-2023-20960

In launchDeepLinkIntentToRight of SettingsHomepageActivity.java, there is a possible way to launch arbitrary activities due to improper input validation. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for exploitation.Product...

CVE-2022-20549

In authToken2AidlVec of KeyMintUtils.cpp, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Android...

CVE-2022-20199

In multiple locations of NfcService.java, there is a possible disclosure of NFC tags due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-13Androi...

CVE-2025-48206

The nsbackup extension through 13.0.0 for TYPO3 allows XSS...

CVE-2025-48201

The CVE-2025-48201 entry concerns the TYPO3 ns_backup (Backup Plus) extension up to version 13.0.0, which exposes a Predictable Resource Location. The vulnerability allows an unauthenticated remote user to download created backups and configuration files, due to predictable resource paths. Affect...

TYPO3 安全漏洞

TYPO3 is a free and open source content management system framework CMS/CMF from the Swiss TYPO3 Association. A security vulnerability exists in TYPO3 version 13.0.0 and earlier, which stems from allowing command injection...

WordPress WPBot Pro Wordpress Chatbot plugin <= 13.6.5 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Tran Nguyen Bao KhanhVCI - VNPT in WordPress Plugin WPBot Pro Wordpress Chatbot versions = 13.6.5...

WordPress plugin WPBot Pro Wordpress Chatbot 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin Jetpack 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-44073

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admincommentnews.php...

CVE-2025-44073

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component admincommentnews.php...

CVE-2025-44073

SeaCMS v13.3 is affected by a SQL injection in the admin_comment_news.php component. The vulnerability allows unauthenticated, network-based exploitation with high impact on confidentiality, integrity, and availability (CVSS 3.1: 9.8, CRITICAL). Root cause details are not elaborated beyond the SQ...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS v13.3, which stems from mishandling of the adminmanager.php component, which could lead to SQL...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS v13.3, which stems from mishandling of the admintopic.php component, which could lead to SQL...

CVE-2025-44072

SeaCMS v13.3 was discovered to contain a SQL injection vulnerability via the component adminmanager.php...

CVE-2025-29647

SeaCMS v13.3 has a SQL injection vulnerability in the component admintempvideo.php...

SeaCMS 安全漏洞

SeaCMS is a free, open source web content management system written in PHP by SeaCMS, Inc. The system is primarily designed to manage video-on-demand resources. A security vulnerability exists in SeaCMS version 13.3, which stems from a SQL injection vulnerability in the admintempvideo.php compone...

CVE-2024-12766

CVE-2024-12766 affects parisneo/lollms-webui (V13/feather). A Server-Side Request Forgery (SSRF) exists in POST /api/proxy, allowing an attacker to use the victim server’s credentials to reach arbitrary resources by passing a JSON payload such as {"url":"http://steal.target"}. Multiple security c...

LoLLMs Web UI 安全漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by Saifeddine ALOUI Individual Developer. A security vulnerability exists in LoLLMs Web UI version V13, which stems from a lack of authentication checks in the offload endpoint and could lead to unauthorized director...

LoLLMs Web UI 资源管理错误漏洞

LoLLMs Web UI is a web user interface for large languages and multimodal systems by the individual developer Saifeddine ALOUI. A resource management error vulnerability exists in LoLLMs Web UI version v13, which stems from a denial-of-service attack that could result from improper handling of...