Kenwood DMX958XR Command Injection Vulnerability (CNVD-2025-20422)

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. The Kenwood DMX958XR suffers from a command injection vulnerability that can be exploited by an attacker to execute code in a root context...

Unspecified Vulnerability in Kenwood DMX958XR

The Kenwood DMX958XR is an in-car infotainment system from Kenwood. A security vulnerability exists in the Kenwood DMX958XR, which can be exploited by attackers to cause a software downgrade...

WordPress WooCommerce Purchase Orders plugin Arbitrary File Deletion Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. The WordPress WooCommerce Purchase Orders plugin suffers from an arbitrary file deletion vulnerability that stems from the program failing to properly filter for special element...

Mattermost Confluence Plugin 安全漏洞

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause the plugin to crash...

Linux Distros Unpatched Vulnerability : CVE-2020-10684

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansiblefacts as a subkey of...

The vulnerability of the StyleElement class in the SVG image processing library canvg allows an attacker to execute a “ prototype pollution ” attack.

The vulnerability of the StyleElement class in the SVG image processing library is related to uncontrolled changes to prototype attributes of objects. Exploiting this vulnerability could allow a malicious actor to execute a “prototype pollution” attack...

CVE-2025-40686 Reflected Cross-Site Scripting (XSS) vulnerability in Human Resource Management System

Reflected Cross-Site Scripting XSS in Human Resource Management System version 1.0. This vulnerability could allow an attacker to execute JavaScript code in the victim's browser by sending a malicious URL through the 'employeeid' parameter in/detailview.php...

CVE-2025-8275

A vulnerability, which was classified as problematic, has been found in bsc Peru Cocktails App 1.0.0 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component bsc.devy.perucocktails. The manipulation leads to improper export of android...

CVE-2025-45406

A stored cross-site scripting XSS vulnerability in CodeIgniter4 v4.6.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the debugbartime parameter. NOTE: this is disputed by the Supplier because attackers cannot influence the value of debugbartime, and...

CVE-2025-48733 DuraComm DP-10iN-100-MU Missing Authentication for Critical Function

DuraComm SPM-500 DP-10iN-100-MU lacks access controls for a function that should require user authentication. This could allow an attacker to repeatedly reboot the device...

gitk: git script execution flaw

There's a vulnerability in gitk where an user can be tricked to run malicious scripts supplied by the attacker when running gitk filename command. When successfully exploited this vulnerability may result in arbitrary code execution...

PT-2025-30333 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS vulnerability exists in the chat transfer function. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the operator name...

CVE-2025-7889

A vulnerability was found in CallApp Caller ID App up to 2.0.4 on Android. It has been classified as problematic. Affected is an unknown function of the file AndroidManifest.xml of the component caller.id.phone.number.block. The manipulation leads to improper export of android application...

OAuth Dynamic Client Registration Permissive Metadata Field

OAuth Dynamic Client Registration allows for various metadata fields such as 'clientname', 'websiteuri' during the registration process. When the OAuth server accepts permissive values for such fields, such as ones starting with javascript://, an attacker could exploit this to perform Cross-Site...

CVE-2024-49784

IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data with AES encryption and CBC mode. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data values...

CVE-2025-42992 Multiple Privilege Escalation Vulnerabilities in SAPCAR

SAPCAR allows an attacker logged in with high privileges to create a malicious SAR archive in SAPCAR. This could enable the attacker to exploit critical files and directory permissions without breaking signature validation, resulting in potential privilege escalation. This has high impact on...

PT-2025-28526 · Microsoft · Windows Mbt Transport Driver +1

Name of the Vulnerable Software and Affected Versions: Windows MBT Transport driver affected versions not specified Description: The issue is related to an integer underflow, also known as a wrap or wraparound, in the Windows MBT Transport driver. This allows an authorized attacker to elevate...

PT-2025-28507 · Microsoft · Windows Virtualization-Based Security +2

Name of the Vulnerable Software and Affected Versions: Windows Virtualization-Based Security VBS Enclave affected versions not specified Description: The issue is related to a protection mechanism failure in Windows Virtualization-Based Security VBS Enclave, allowing an authorized attacker to...

The vulnerability of the ext4_ind_migrate() function in the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the ext4indmigrate function in the Linux operating system is related to insufficient locking mechanisms. Exploiting this vulnerability could allow an attacker to trigger a service failure...

The vulnerability of the net/mlx5 component in the Linux operating system, which allows a hacker to cause a service failure.

The vulnerability of the net/mlx5 component in the Linux operating system is related to deficiencies in handling exceptional states. Exploiting this vulnerability can allow an attacker to cause a service failure...