CVE-2025-8406

ZenML 0.83.1 is affected by a path traversal flaw in PathMaterializer during data.tar.gz extraction; is_path_within_directory fails to catch symbolic/hard links, enabling arbitrary file writes and potential command execution if critical files are overwritten. Remediation present in connected docs...

CVE-2025-50468

OpenMetadata =1.4.4 is vulnerable to SQL Injection. An attacker can extract information from the database in function listCount in the DocStoreDAO interface. The entityType parameters can be used to build a SQL query...

WordPress plugin Thumbnail carousel slider SQL注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A SQL injection vulnerabili...

CVE-2024-13694

The WooCommerce Wishlist High customization, fast setup,Free Elementor Wishlist, most features plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.8.7 via the downloadpdffile function due to missing validation on a user controlled key. Th...

Sentrifugo SQL注入漏洞

Sentrifugo is a human resource management system. The system includes features such as human resource management, performance appraisal, recruitment management and asset management. A SQL injection vulnerability exists in Sentrifugo version 3.2, which originates from a SQL injection vulnerability...