FastBee 代码问题漏洞

FastBee is an IoT platform open-sourced by FastBee in China. A code issue vulnerability exists in FastBee 2.1 and earlier versions, which originates from a misuse of the file springboot/fastbee-server/sip-server/src/main/java/com/fastbee/sip/handler/req /ReqAbstractHandler.java could lead to an X...

moga-mall 代码问题漏洞

moga-mall is a microservices architecture based e-commerce platform by h-moses individual developers. A code issue vulnerability exists in moga-mall 392d631a5ef15962a9bddeeb9f1269b9085473fa and earlier versions, which originates from the file...

XCMS 代码问题漏洞

XCMS is a CMS website builder system by JackQ individual developers. A code issue vulnerability exists in XCMS, which stems from an incorrect operation of the file Public/javascripts/admin/plupload-2.1.2/examples/upload.php, which could lead to unlimited uploads...

XCMS 代码问题漏洞

XCMS is a CMS website builder system by JackQ Individual Developer. A code issue vulnerability exists in jackq XCMS, which stems from an incorrect manipulation of the parameter File in the file Admin/Home/Controller/ProductImageController.class.php, which could lead to unlimited uploads...

Sim Studio 安全漏洞

Sim Studio is an AI agent workflow builder for Sim Studio open source. A security vulnerability exists in Sim Studio 0.5.27 and earlier versions, which stems from incorrect manipulation of the parameter INTERNALAPISECRET in the file apps/sim/lib/auth/internal.ts, which could lead to improper...

NetBT Consulting Services E-Fatura 代码问题漏洞

NetBT Consulting Services E-Fatura is an enterprise financial software from NetBT Consulting Services, Turkey. A code issue vulnerability exists in NetBT Consulting Services E-Fatura versions prior to 1.2.15, which stems from an un-referenced search path or element that could lead to the...

Hasura GraphQL Engine 代码问题漏洞

Hasura GraphQL Engine is a very fast GraphQL server from Hasura open source. A code issue vulnerability exists in Hasura GraphQL Engine version 1.3.3, which stems from a remote schema URL injection that could lead to server-side request forgery...

Kentico Xperience 代码问题漏洞

Kentico Xperience is a digital experience platform from Kentico. Kentico Xperience suffers from a file upload vulnerability that stems from a lack of valid validation of uploaded files in the MVC form file upload component. The vulnerability can be exploited to remotely execute arbitrary code by...

CVE-2025-67285

A SQL injection vulnerability was found in the '/cts/admin/?page=zone' file of ITSourcecode COVID Tracking System Using QR-Code v1.0. The reason for this issue is that attackers inject malicious code from the parameter 'id' and use it directly in SQL queries without the need for appropriate...

Llama-Based Source Code Vulnerability Detection: Prompt Engineering Vs Fine Tuning

The significant increase in software production, driven by the acceleration of development cycles over the past two decades, has led to a steady rise in software vulnerabilities, as shown by statistics published yearly by the CVE program. The automation of the source code vulnerability detection...

1shot (>=0.0.3 <=0.0.9), @4via6/relay (>=1.0.0 <=1.1.3) +219 more potentially affected by CVE-2025-66032 via @anthropic-ai/claude-code (>=0.2.126 <=1.0.90)

@anthropic-ai/claude-code NPM version =0.2.126, =0.0.3, =1.0.0, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.0.1, =0.0.55, =0.0.69 - @brandongtr/rule-agent-cli =1.0.1-beta.0 and more Source cves: CVE-2025-66032 Source advisory: OSV:GHSA-XQ4M-MC3C-VVG3...

CVE-2025-13875 Yohann0617 oci-helper OCI Configuration Upload OciServiceImpl.java addCfg path traversal

A weakness has been identified in Yohann0617 oci-helper up to 3.2.4. This issue affects the function addCfg of the file src/main/java/com/yohann/ocihelper/service/impl/OciServiceImpl.java of the component OCI Configuration Upload. Executing manipulation of the argument File can lead to path...

Nature Easy Soft Network Technology ZenTao 代码问题漏洞

Nature Easy Soft Network Technology ZenTao is a set of open source project management software from China's Nature Easy Soft Network Technology Nature Easy Soft Network Technology. The software includes product management, project management, quality management and document management functions. ...

Retrieval-Augmented Few-Shot Prompting Versus Fine-Tuning for Code Vulnerability Detection

Few-shot prompting has emerged as a practical alternative to fine-tuning for leveraging the capabilities of large language models LLMs in specialized tasks. However, its effectiveness depends heavily on the selection and quality of in-context examples, particularly in complex domains. In this wor...

PT-2025-48126

Smart Video Doorbell firmware versions prior to 2.01.078 contain an active debug code vulnerability that allows an attacker to connect via Telnet and gain access to the device...

WordPress plugin Responsive Lightbox & Gallery 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A code issue...

CVE-2025-54660

An active debug code vulnerability in Fortinet FortiClientWindows 7.4.0 through 7.4.3, FortiClientWindows 7.2.0 through 7.2.10, FortiClientWindows 7.0 all versions may allow a local attacker to run the application step by step and retrieve the saved VPN user password...

EUVD-2025-179453

Malicious code in csv-envconfig-achernar-stratigraphy npm...

CVE-2025-12924 rymcu forest BankController.java GlobalResult authorization

A vulnerability was identified in rymcu forest up to de53ce79db9faa2efc4e79ce1077a302c42a1224. This issue affects the function GlobalResult of the file src/main/java/com/rymcu/forest/web/api/bank/BankController.java. The manipulation leads to missing authorization. The attack may be initiated...

Arbitrary Code Execution

@anthropic-ai/claude-code is vulnerable to Arbitrary Code Execution. The vulnerability is due to the automatic execution of Yarn plugins when running yarn --version, which allows an attacker to bypass the directory trust dialog and execute code before the user confirms trust in the directory...