CVE-2025-7865 thinkgem JeeSite XSS Filter EncodeUtils.java xssFilter cross site scripting

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross...

CVE-2025-7785

CVE-2025-7785 affects thinkgem JeeSite up to version 5.12.0. The vulnerability lies in the sso function of SsoController.java, where manipulation of the redirect parameter enables an open redirect. The issue is remotely exploitable and has been publicly disclosed. A patch is available (commit: 3d...

PT-2025-31878 · Libtiff +2 · Libtiff +2

Name of the Vulnerable Software and Affected Versions: libtiff version 4.6.0 Description: A problematic issue exists in libtiff due to a null pointer dereference in the PS Lvl2page function within the tiff2ps component file tools/tiff2ps.c. The issue occurs when the DEFER STRILE LOAD option is...

CVE-2025-7546

A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file bfd/elf.c. The manipulation leads to out-of-bounds write. It is possible to launch the attack on the local host. The exploit has bee...

CVE-2025-6773

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...

CVE-2025-6773

A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function uploadtoinputdir of the file lightrag/api/routers/documentroutes.py of the component File Upload. The manipulation of the argument file.filename leads to path...

CVE-2025-6451

The CVE-2025-6451 entry concerns code-projects’ Simple Online Hotel Reservation System 1.0. Multiple connected sources confirm a SQL injection in the file /admin/delete_pending.php via the transaction_id parameter, allowing remote exploitation. The issue stems from lack of validation/sanitization...

CVE-2025-6152

A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotel...

CVE-2025-6152

CVE-2025-6152 affects Steel Browser up to version 0.1.3. The vulnerability lies in the handleFileUpload function (api/src/modules/files/files.routes.ts), where mis-handling of the filename argument enables path traversal. This could allow an attacker to access unintended files and was described a...

CVE-2025-41233

Description: VMware AVI Load Balancer contains an authenticated blind SQL Injection vulnerability. VMware has evaluated the severity of the issue to be in the Moderate severity range https://www.broadcom.com/support/vmware-services/security-response with a maximum CVSSv3 base score of 6.8...

CVE-2025-5935

Open5GS up to version 2.7.3 is affected. The issue lies in the AMF/MME component, specifically the function common_register_state in src/mme/emm-sm.c, where manipulating the ran_ue_id argument can cause a denial of service. The vulnerability can be triggered remotely and public exploitation has b...

CVE-2025-5645

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of ...

PT-2025-23656 · Open5Gs · Open5Gs

Name of the Vulnerable Software and Affected Versions: Open5GS versions up to 2.7.3 Description: A vulnerability was found in the function gmm state authentication/emm state authentication of the component AMF/MME. The manipulation leads to reachable assertion. It is possible to launch the attack...

PT-2025-23502 · Nekernal · Nekernal

Name of the Vulnerable Software and Affected Versions: NeKernal version 0.0.2 Description: NeKernal is a free and open-source operating system stack. It has a 1-byte heap overflow in the rt copy memory function, which unconditionally writes a null terminator at dstlen. When len equals the size of...

PT-2025-27715

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.13.0-rc3-syzkaller-gdfa94ce54f41 Description: A use-after-free issue has been identified in the Linux kernel, specifically in the page pool recycle in ring function. This issue was reported by syzbot and is...

The vulnerability of the web_acl_mgmt_Rules_Apply_post() function in PLANET Technology’s microcontroller software allows a perpetrator to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the webaclmgmtRulesApplypost function of the PLANET Technology microprogramming device is related to the issue of the operation exceeding the buffer boundaries in memory when processing the parameter ruleNamekey. Exploiting this vulnerability could allow an attacker to...

CVE-2024-8135

A vulnerability classified as critical has been found in Go-Tribe gotribe up to cd3ccd32cd77852c9ea73f986eaf8c301cfb6310. Affected is the function Sign of the file pkg/token/token.go. The manipulation of the argument config.key leads to hard-coded credentials. Continious delivery with rolling...

CVE-2024-34354

CMSaaSStarter is a SaaS template/boilerplate built with SvelteKit, Tailwind, and Supabase. Any forks of the CMSaaSStarter template before commit 7904d416d2c72ec75f42fbf51e9e64fa74062ee6 are impacted. The issue is the user JWT Token is not verified on server session. You should take the patch...

CVE-2024-8334

A vulnerability was found in master-nan Sweet-CMS up to 5f441e022b8876f07cde709c77b5be6d2f262e3f. It has been rated as problematic. This issue affects the function LogHandler of the file middleware/log.go. The manipulation leads to improper output neutralization for logs. The attack may be...

CVE-2024-48357

LyLme Spage 1.2.0 through 1.6.0 is vulnerable to SQL Injection via /admin/apply.php...