PbootCMS 访问控制错误漏洞

PbootCMS is an open-source enterprise website content management system developed using the PHP language. Versions of PbootCMS 3.2.12 and earlier contain a security vulnerability related to access control. This vulnerability stems from an unknown function in the Backend component file...

EUVD-2025-205482

A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affected is the function Upload of the file Admin/Home/Controller/ProductImageController.class.php of the component Backend. Such manipulation of the argument File leads to unrestricted upload. It is...

CVE-2025-14722

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

CVE-2025-14722

CVE-2025-14722 affects vion707 DMadmin (Backend) with a Cross-Site Scripting vulnerability in the Add function of Admin/Controller/AddonsController.class.php. A remote attacker can manipulate input to trigger XSS; exploits have been publicly disclosed. Affected versions are prior to 3403cafdb4253...

CVE-2025-14722 vion707 DMadmin Backend AddonsController.class.php add cross site scripting

A vulnerability was determined in vion707 DMadmin up to 3403cafdb42537a648c30bf8cbc8148ec60437d1. This impacts the function Add of the file Admin/Controller/AddonsController.class.php of the component Backend. Executing manipulation can lead to cross site scripting. The attack can be executed...

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

CVE-2025-60739

Cross Site Request Forgery CSRF vulnerability in Ilevia EVE X1 Server Firmware Version v4.7.18.0.eden and before, Logic Version v6.00 - 20250721 allows a remote attacker to execute arbitrary code via the /bhwebbackend component...

EUVD-2024-33324

Malicious code in bioql PyPI...

EUVD-2022-3078

Malicious code in bioql PyPI...

EUVD-2025-6658

Malicious code in bioql PyPI...

EUVD-2024-31819

Malicious code in bioql PyPI...

EUVD-2024-32018

Malicious code in bioql PyPI...

EUVD-2025-10065

Malicious code in bioql PyPI...

EUVD-2025-1645

Malicious code in bioql PyPI...

CVE-2025-11136

A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit h...

GHSA-QMGV-J263-QR33 Langchain-Chatchat has a Path Traversal vulnerability

A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function uploadtempdocs of the file /knowledgebase/uploadtempdocs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to...

PT-2025-26443 · Unknown · Automated Voting System

Name of the Vulnerable Software and Affected Versions: code-projects Automated Voting System version 1.0 Description: A problematic vulnerability has been found in the Automated Voting System. It affects an unknown function of the file /vote.php in the Backend component. The manipulation leads to...

CVE-2025-5695

A vulnerability has been found in Teledyne FLIR AX8 up to 1.46.16. This impacts the function subscribetospot/subscribetodelta/subscribetoalarm of the file /usr/www/application/models/subscriptions.php of the component Backend. Such manipulation leads to command injection. It is possible to launch...

Teledyne FLIR AX8 命令注入漏洞

Teledyne FLIR AX8 is a series of thermal surveillance cameras from Teledyne FLIR USA. A command injection vulnerability exists in Teledyne FLIR AX8 version 1.46.16 and earlier, which stems from a command injection in the file /usr/www/application/models/subscriptions.php in the component Backend...

CVE-2025-0398

A vulnerability has been found in longpi1 warehouse 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /resources/..;/inport/updateInport of the component Backend. The manipulation of the argument remark leads to cross site scripting. The...