CVE-2025-26074

Orkes Conductor v3.21.11 allows remote attackers to execute arbitrary OS commands through unrestricted access to Java classes...

CVE-2025-26074

Orkes Conductor v3.21.11 is affected. The issue arises from unrestricted access to Java classes, enabling remote command execution via the ScriptEvaluator path (inline JavaScript injection). Impact is OS command execution with high severity per CVSS, with network attack vector and no user interac...

Conductor 安全漏洞

Conductor is an event-driven orchestration platform for the Orkes community. A security vulnerability exists in Conductor version v3.21.11, which stems from unrestricted access to Java classes and could lead to the execution of arbitrary OS commands...

CVE-2025-50350

PHPGurukul Pre-School Enrollment System Project v1.0 is vulnerable to Directory Traversal in manage-classes.php...

PT-2025-26987 · Unknown · Phpgurukul Pre-School Enrollment System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Pre-School Enrollment System Project version 1.0 Description: The issue concerns a Directory Traversal vulnerability in the manage-classes.php file. Recommendations: For PHPGurukul Pre-School Enrollment System Project version 1.0,...

When Forgetting Triggers Backdoors: a Clean Unlearning Attack

Machine unlearning has emerged as a key component in ensuring Right to be Forgotten, enabling the removal of specific data points from trained models. However, even when the unlearning is performed without poisoning the forget-set clean unlearning, it can be exploited for stealthy attacks that...

New Characterization of Full Weight Spectrum One-Orbit Cyclic Subspace Codes

In this paper, we determine the weight distributions of a family of FWS codes and exhibit some equivalence classes of FWS codes under certain conditions. Furthermore, we provide a complete classification for $r$-FWS codes...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: netsched: Prevent the creation of classes with TCHROOT. The function qdisctreereducebacklog uses TCHROOT as a termination condition when traversing the qdisc tree to update parent backlogs. However, if a class is created with...

CVE-2025-5723

A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting...

CVE-2025-5723 SourceCodester Student Result Management System Classes Page classes cross site scripting

A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting...

CVE-2025-5723 SourceCodester Student Result Management System Classes Page classes cross site scripting

A vulnerability was found in SourceCodester Student Result Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /script/academic/classes of the component Classes Page. The manipulation of the argument Class Name leads to cross site scripting...

SourceCodester Student Result Management System 代码注入漏洞

SourceCodester Student Result Management System is a SourceCodester open source student result management system . A code injection vulnerability exists in SourceCodester Student Result Management System version 1.0, which originates from cross-site scripting due to incorrect manipulation of the...

Membership Inference Attacks for Unseen Classes

Shadow model attacks are the state-of-the-art approach for membership inference attacks on machine learning models. However, these attacks typically assume an adversary has access to a background nonmember data distribution that matches the distribution the target model was trained on. We initiat...

DRUPAL-CONTRIB-2025-075

This module provides a format filter, which allows you to "disable" certain HTML elements e.g. remove their src attribute specified by the user. These elements will be enabled again, once the COOKiES banner is accepted. The module doesn't sufficiently check whether to convert "data-src" attribute...

CVE-2024-10382

There exists a code execution vulnerability in the Car App Android Jetpack Library. CarAppService uses deserialization logic that allows construction of arbitrary java classes. This can lead to arbitrary code execution when combined with specific Java deserialization gadgets. An attacker needs to...

CVE-2023-5836

A vulnerability was found in SourceCodester Task Reminder System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file classes/Users.php?f=delete. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

CVE-2023-38334

Omnis Studio 10.22.00 has incorrect access control. It advertises an irreversible feature for locking classes within Omnis libraries: it should be no longer possible to delete, view, change, copy, rename, duplicate, or print a locked class. Due to implementation issues, locked classes in Omnis...

CVE-2021-45458

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their passwor...

CVE-2021-24323

When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfilteredhtml is disabled...

CVE-2020-11975

Apache Unomi allows conditions to use OGNL scripting which offers the possibility to call static Java classes from the JDK that could execute code with the permission level of the running Java process...