Projeqtor 代码问题漏洞

Projeqtor is an open source PHP-based project management software from the Projeqtor community. The software is used to organize various functions required for multiple projects and is suitable for IT projects. A code issue vulnerability exists in Projeqtor 12.0.2 and earlier versions, which stem...

Chitu 代码问题漏洞

Chitu is thu-pacman open source a high performance reasoning framework for large language models. A code issue vulnerability exists in Chitu version 0.1.0, which stems from the fact that incorrect manipulation of the parameter ckptpath/quantckptdir can lead to deserialization issues...

MAL-2025-3034 Malicious code in @hongfangze/calc (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 62ce8da37d7e1e8677cceb4a5db36f031470df22a7996162be8d54154076796a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

IBM Jazz Reporting Service 代码问题漏洞

IBM Jazz Reporting Service is a suite of ready-to-use reporting components from International Business Machines IBM. The product includes features such as report generation, data collection and lifecycle queries. A code issue vulnerability exists in IBM Jazz Reporting Service that stems from a...

Bluestar Micro Mall 代码问题漏洞

Bluestar Micro Mall is a shopping mall system from Bluestar, Inc. A code issue vulnerability exists in Bluestar Micro Mall version 1.0, which stems from an incorrect manipulation of the parameter File that can lead to unlimited uploads...

CVE-2025-2857

Firefox on Windows was vulnerable to a sandbox-escape in the IPC code where a compromised child process could cause the parent to return an unintentionally powerful handle. This pattern mirrors the Chrome/CVE-2025-2783 lineage and was exploited in the wild. The issue affected Firefox on Windows o...

gnuplot 代码问题漏洞

gnuplot is a command-line interactive tool by Leon Sorokin, a personal developer, that allows users to enter commands to convert data and data functions into easily viewable flat or three-dimensional graphics. A code issue vulnerability exists in gnuplot, which stems from the CANVAStext function...

Digiwin ERP 代码问题漏洞

Digiwin ERP is an e-commerce platform from China Dingxin Digiwin. A code issue vulnerability exists in Digiwin ERP version 5.1, which originates from an unrestricted upload and could lead to a remote attack...

Yue Lao Blind Box 代码问题漏洞

Yue Lao Blind Box 月老瞎盒 is a take-off program by imsue individual developers. A code issue vulnerability exists in Yue Lao Blind Box version 4.0 and prior versions, which stems from an incorrect manipulation of the parameter data that can lead to unlimited uploads...

LzCMS 代码问题漏洞

LzCMS is a simple blogging system by the individual developer of phplaozhang. A code issue vulnerability exists in LzCMS 1.1.4 and earlier versions, which stems from improper operation of the File parameter in the /admin/upload/upimage.html file, which may result in arbitrary file uploads...

Microsoft Dataverse 代码问题漏洞

Microsoft Dataverse is a cloud-based data platform from Microsoft Corporation USA. It is used to share, save, cite, explore and analyze research data. Microsoft Dataverse has a code issue vulnerability that stems from an attacker's ability to remotely execute code by exploiting the vulnerability...

tj-actions/changed-files GitHub Action Embedded Malicious Code Vulnerability

tj-actions/changed-files GitHub Action contains an embedded malicious code vulnerability that allows a remote attacker to discover secrets by reading Github Actions Workflow Logs. These secrets may include, but are not limited to, valid AWS access keys, GitHub personal access tokens PATs, npm...

IROAD FX2 代码问题漏洞

IROAD FX2 is a car recorder from IROAD. A code issue vulnerability exists in IROAD FX2 20250308 and prior versions, which stems from an unrestricted upload and requires an attack to be launched on the local network...

CVE-2025-28932

Cross-Site Request Forgery CSRF vulnerability in BCS Website Solutions Insert Code insert-code allows Stored XSS.This issue affects Insert Code: from n/a through = 2.4...

Mozilla Thunderbird Code Issue Vulnerability

Mozilla Thunderbird is the United States Mozilla Foundation's set of independent from the Mozilla Application Suite e-mail client software. The program supports IMAP, POP mail protocols and HTML mail format. A code issue vulnerability exists in Mozilla Thunderbird versions prior to 136 and prior ...

CVE-2025-25680

LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuyaipcdirectconnect function of the anykaipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera...

Stoque Zeev.it 代码问题漏洞

Stoque Zeev.it is a workflow automation platform from Stoque, Inc. A code issue vulnerability exists in Stoque Zeev.it version 4.24, which stems from server-side request forgery and could lead to remote attacks...

Microsoft Visual Studio Code 代码问题漏洞

Microsoft Visual Studio Code is an open source code editor from Microsoft USA. A code issue vulnerability exists in Microsoft Visual Studio Code. An attacker can exploit this vulnerability to elevate privileges. No information about this vulnerability is available at this time, so stay tuned to...

zzskzy Warehouse Refinement Management System 代码问题漏洞

zzskzy Warehouse Refinement Management System is a Warehouse Refinement Management System from Zhengzhou Time and Space zzskzy Company in China. A code issue vulnerability exists in zzskzy Warehouse Refinement Management System version 3.1, which stems from an incorrect manipulation of the...

CVE-2025-1967

A vulnerability, which was classified as problematic, has been found in code-projects Blood Bank Management System 1.0. Affected by this issue is some unknown functionality of the file /userdashboard/donor.php. The manipulation of the argument name leads to cross site scripting. The attack may be...