PT-2025-52720

Name of the Vulnerable Software and Affected Versions wb2osz/direwolf Dire Wolf versions up to and including 1.8, prior to commit 3658a87 Description The software contains a reachable assertion issue in the APRS MIC-E decoder function aprs mic e located in src/decode aprs.c. Processing a speciall...

CVE-2025-34437

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

CVE-2025-14801

A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...

CVE-2025-34437

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

CVE-2025-34437

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

CVE-2025-34437

Summary: AVideo versions prior to 20.1 allow any authenticated user to upload comment images to videos owned by other users due to missing ownership checks in the /comment_images endpoint. What’s affected: AVideo before 20.1 (video comment image upload path). Root cause: Authentication is validat...

EUVD-2025-203955

AVideo versions prior to 20.0 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

CVE-2025-34437 AVideo < 20.1 IDOR Arbitrary Comment Image Upload

AVideo versions prior to 20.1 permit any authenticated user to upload comment images to videos owned by other users. The endpoint validates authentication but omits ownership checks, allowing attackers to perform unauthorized uploads to arbitrary video objects...

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

CVE-2025-14801

A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...

CVE-2025-14801 xiweicheng TMS create createComment cross site scripting

A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...

CVE-2025-14801 xiweicheng TMS create createComment cross site scripting

A security vulnerability has been detected in xiweicheng TMS up to 2.28.0. This affects the function createComment of the file /admin/blog/comment/create. Such manipulation of the argument content leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos...

CVE-2025-14801

CVE-2025-14801 affects xiweicheng TMS up to 2.28.0, specifically the createComment function in /admin/blog/comment/create. The vulnerability arises from manipulation of the argument content, enabling cross-site scripting. Exploitation can be remote, and public PoC details exist. Multiple sources ...

TMS 代码注入漏洞

TMS is a channel-based team communication and collaboration + lightweight task dashboard by weicheng individual developers. A code injection vulnerability exists in TMS 2.28.0 and earlier versions, which stems from the incorrect operation of the parameter content in the file...

AVideo 安全漏洞

AVideo is an open source broadcast network creation tool from World Wide Broadcast Network. A security vulnerability exists in AVideo versions prior to 20.0, which stems from a lack of ownership checks on endpoints, and could lead to authenticated users uploading comment images to other users'...

PT-2025-51889

Name of the Vulnerable Software and Affected Versions AVideo versions prior to 20.1 Description AVideo versions prior to 20.1 allow any authenticated user to upload comment images to videos owned by other users. The ''/comment images'' endpoint validates authentication but does not verify...

EUVD-2025-203408

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...

CVE-2025-51962

CVE-2025-51962 describes an HTML Injection in MicroStudio 24.01.29’s project page comments. The vulnerability arises in the add_project_comment function, allowing remote attackers to inject arbitrary scripts/HTML via the text parameter. CVSSv3.1 base score 6.1 (Medium) with NETWORK attack vector,...

CVE-2025-51962

A HTML Injection vulnerability in the comment section of the project page in MicroStudio 24.01.29 allows remote attackers to inject arbitrary web script or HTML via the text parameter of addprojectcomment function...