CVE-2025-31103

Untrusted data deserialization vulnerability exists in a-blog cms. Processing a specially crafted request may store arbitrary files on the server where the product is running. This can be leveraged to execute an arbitrary script on the server...

CVE-2025-2954

A vulnerability, which was classified as problematic, was found in mannaandpoem OpenManus up to 2025.3.13. This affects the function execute of the file app/tool/filesaver.py of the component File Handler. The manipulation leads to improper access controls. Local access is required to approach th...

Access Control Bypass

Overview openmanus is an Add your description here Affected versions of this package are vulnerable to Access Control Bypass through the execute function. An attacker can manipulate file handling operations by exploiting the improper access controls configured in the system. This is only...

CVE-2025-2332

The Export All Posts, Products, Orders, Refunds & Users plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.13 via deserialization of untrusted input in the 'returnMetaValueAsCustomerInput' function. This makes it possible for unauthenticated attacke...

CVE-2025-28254

Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions...

CVE-2024-13889

The WordPress Importer plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.8.3 via deserialization of untrusted input in the 'maybeunserialize' function. This makes it possible for authenticated attackers, with Administrator-level access and above, t...

CVE-2025-28254

Cross Site Scripting vulnerability in Leantime v3.2.1 and before allows an authenticated attacker to execute arbitrary code and obtain sensitive information via the first name field in processMentions...

CVE-2024-58105

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. This CVE address an addtional bypass not covered in CVE-2024-58104. Please note: an attacker mus...

AMD processors’ vulnerabilities, related to improper access control, allow attackers to execute arbitrary code.

The vulnerability of AMD processors is related to improper access control in the System Management Mode SMM. Exploiting this vulnerability can allow a remote attacker to execute arbitrary code...

CVE-2025-20233

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-20233 Incorrect permissions set by the “chmod“ and “makedirs“ Python functions in Splunk App for Lookup File Editing

In the Splunk App for Lookup File Editing versions below 4.0.5, a script in the app used the chmod and makedirs Python functions in a way that resulted in overly broad read and execute permissions. This could lead to improper access control for a low-privileged user...

CVE-2025-0255

HCL DevOps Deploy / HCL Launch could allow a remote privileged authenticated attacker to execute arbitrary commands on the system by sending specially crafted input containing special elements...

CVE-2021-26105

A stack-based buffer overflow vulnerability CWE-121 in the profile parser of FortiSandbox version 3.2.2 and below, version 3.1.4 and below may allow an authenticated attacker to potentially execute unauthorized code or commands via specifically crafted HTTP requests...

CVE-2025-1913

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.5.0 via deserialization of untrusted input from the 'formdata' parameter This makes it possible for authenticated attacker...

Security Bulletin: IBM Cloud Pak for Data is vulnerable to use-after-free due to systemd ( CVE-2022-2526 )

Summary Systemd is used by IBM Cloud Pak for Data as part of the base OS image. CVE-2022-2526 Vulnerability Details CVEID:CVE-2022-2526 DESCRIPTION: systemd could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free flaw due to the onstreamio function and...

CVE-2024-48818

An issue in IIT Bombay, Mumbai, India Bodhitree of cs101 version allows a remote attacker to execute arbitrary code...

CVE-2024-58104

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations. Please note: an attacker must first obtain the ability to execute low-privileged code on the...

OpenManus 命令注入漏洞

OpenManus is an application by the individual developer of mannaandpoem. A command injection vulnerability exists in OpenManus version 2025.3.13 and earlier, which stems from an os command injection in the app/tool/pythonexecute.py file, which may be attacked remotely...

CVE-2024-13921

The Order Export & Order Import for WooCommerce plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 2.6.0 via deserialization of untrusted input from the 'formdata' parameter. This makes it possible for authenticated attackers, with Administrator-level...

CVE-2024-10727

A reflected cross-site scripting XSS vulnerability exists in phpipam/phpipam versions 1.5.0 through 1.6.0. The vulnerability arises when the application receives data in an HTTP request and includes that data within the immediate response in an unsafe manner. This allows an attacker to execute...