CVE-2025-46738

An authenticated attacker can maliciously modify layout data files in the SEL-5033 installation directory to execute arbitrary code...

CVE-2025-40627

CVE-2025-40627 affects AbanteCart v1.4.0. It describes a Reflected Cross‑Site Scripting (XSS) vulnerability in the /eyes? endpoint that lets an attacker deliver JavaScript to a victim’s browser, potentially stealing session cookies or acting on behalf of the user. The vulnerability is documented ...

📄 RDPGuard 9.9.9 Privilege Escalation

RDPGuard version 9.9.9 suffers from a privilege escalation vulnerability. Exploit Title: RDPGuard 9.9.9 - Privilege Escalation SYSTEM Discovered by: Ahmet Ümit BAYRAM Discovered Date: 09.05.2025 Vendor Homepage: https://rdpguard.com Software Link: https://rdpguard.com/download.aspx Tested Version...

Vulnerability of the zynqmp_qspi_exec_op() function in the drivers/spi/spi-zynqmp-gqspi.c module – This driver provides support for SPI devices in the Linux operating system’s kernel. It allows a hacker to cause a service failure.

Vulnerability of the zynqmpqspiexecop function in the drivers/spi/spi-zynqmp-gqspi.c module – The drivers for SPI devices in the Linux operating system involve reusing previously freed memory. Exploiting this vulnerability could allow an attacker to cause a service failure...

CVE-2025-1329

IBM CICS TX Standard 11.1 and IBM CICS TX Advanced 10.1 and 11.1 could allow a local user to execute arbitrary code on the system due to failure to handle DNS return requests by the gethostbyaddr function...

CVE-2025-37822

In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL execute out-of-line buffer is used to single-step the replaced instructions for uprobes. The RISC-V port was missing a proper fence.i i$ flushing after...

CVE-2025-37822 riscv: uprobes: Add missing fence.i after building the XOL buffer

In the Linux kernel, the following vulnerability has been resolved: riscv: uprobes: Add missing fence.i after building the XOL buffer The XOL execute out-of-line buffer is used to single-step the replaced instructions for uprobes. The RISC-V port was missing a proper fence.i i$ flushing after...

Ensure That the Sticky Bit Is Set for Globally Writable Directories

The sticky bit of a common file is ignored by the kernel. The sticky bit shows up as the execute permission flag of a directory and is indicated with t. If the sticky bit set is for a directory, a user who is not root or the directory owner cannot delete files or directories in the directory,...

CVE-2025-0855

The PGS Core plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.8.0 via deserialization of untrusted input in the 'importheader' function. This makes it possible for unauthenticated attackers to inject a PHP Object. No known POP chain is present in...

kernel: mm: call the security_mmap_file() LSM hook in remap_file_pages()

A flaw was found in the remapfilepages function in mm/mmap.c in the Linux kernel, where it does not properly restrict execute access. This vulnerability allows local users to bypass intended SELinux W^X policy restrictions...

CVE-2025-26241

A SQL injection vulnerability in the "Search" functionality of "tickets.php" page in osTicket =1.17.5 allows authenticated attackers to execute arbitrary SQL commands via the "keywords" and "topicid" URL parameters combination...

FoxCMS 安全漏洞

FoxCMS is a free commercial open source content management system from China Qianxu FoxCMS company. A security vulnerability exists in FoxCMS v1.2.5, which originates from improper handling of the executeCommand method in DataBackup.php, which may lead to SQL injection attacks...

CVE-2025-26241

The CVE-2025-26241 entry describes a SQL injection in osTicket’s Search function (tickets.php) for versions

Langflow Missing Authentication Vulnerability

Langflow contains a missing authentication vulnerability in the /api/v1/validate/code endpoint that allows a remote, unauthenticated attacker to execute arbitrary code via crafted HTTP requests...

CVE-2025-24351

A vulnerability in the “Remote Logging” functionality of the web application of ctrlX OS allows a remote authenticated low-privileged attacker to execute arbitrary OS commands in the context of user “root” via a crafted HTTP request...

CVE-2025-44868

Wavlink WL-WN530H4 20220801 was found to contain a command injection vulnerability in the pingtest function of the adm.cgi via the pingIp parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44860

TOTOLINK CA300-POE V6.2c.884B20180522 was found to contain a command injection vulnerability in the msgprocess function via the Port parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-44846

TOTOLINK CA600-PoE V5.3c.6665B20180820 was found to contain a command injection vulnerability in the recvUpgradeNewFw function via the fwUrl parameter. This vulnerability allows attackers to execute arbitrary commands via a crafted request...

CVE-2025-46579

There is a DDE injection vulnerability in the GoldenDB database product. Attackers can inject DDE expressions through the interface, and when users download and open the affected file, the DDE commands can be executed...

CVE-2025-28076

Multiple SQL injection vulnerabilities in EasyVirt DCScope = 8.6.4 and CO2Scope = 1.3.4 allows remote authenticated attackers to execute arbitrary SQL commands via the 1 timeago, 2 user, 3 filter, 4 target, 5 p1, 6 p2, 7 p3, 8 p4, 9 p5, 10 p6, 11 p7, 12 p8, 13 p9, 14 p10, 15 p11, 16 p12, 17 p13, ...