946 matches found
CVE-2025-8859 code-projects eBlog Site File Upload save-slider.php unrestricted upload
A vulnerability was identified in code-projects eBlog Site 1.0. Affected by this vulnerability is an unknown functionality of the file /native/admin/save-slider.php of the component File Upload Module. The manipulation leads to unrestricted upload. The attack can be launched remotely. The exploit...
UBUNTU-CVE-2025-8845
A vulnerability was identified in NASM Netwide Assember 2.17rc0. This issue affects the function assemblefile of the file nasm.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be...
PT-2025-32535 · Unknown · Zlt2000 Microservices-Platform
Name of the Vulnerable Software and Affected Versions: zlt2000 microservices-platform versions through 6.0.0 Description: A vulnerability exists in the Upload function located in zlt-business/file-center/src/main/java/com/central/file/controller/FileController.java. This manipulation allows for...
PT-2025-32547 · Wukongopensource · Wukongcrm
Name of the Vulnerable Software and Affected Versions: WuKongOpenSource WukongCRM version 11.0 Description: A vulnerability exists in WuKongOpenSource WukongCRM 11.0, specifically within an unknown part of the /adminFile/upload file of the API Response Handler component. This allows for informati...
CVE-2025-8512
A vulnerability, which was classified as problematic, has been found in TVB Big Big Shop App 2.9.0 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component hk.com.tvb.bigbigshop. The manipulation leads to improper export of android application...
CVE-2025-8367 Portabilis i-Educar funcionario_vinculo_lst.php cross site scripting
A vulnerability classified as problematic has been found in Portabilis i-Educar 2.9. This affects an unknown part of the file /intranet/funcionariovinculolst.php. The manipulation of the argument nome leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has...
CVE-2025-7788
CVE-2025-7788 affects Xuxueli xxl-job up to 3.1.1. The vulnerable component is the commandJobHandler function in SampleXxlJob.java, enabling OS command injection with remote access. Exploit-public disclosures exist. Remediation: upgrade to a version beyond 3.1.1 and, as a workaround, restrict acc...
CVE-2025-7595
A vulnerability was found in code-projects Job Diary 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /view-cad.php. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the...
CVE-2025-7135
A vulnerability, which was classified as critical, has been found in Campcodes Online Recruitment Management System 1.0. This issue affects some unknown processing of the file /admin/ajax.php?action=savevacancy. The manipulation of the argument ID leads to sql injection. The attack may be initiat...
CVE-2025-7093 Belkin F9K1122 webs formSetLanguage stack-based overflow
A vulnerability was found in Belkin F9K1122 1.00.33. It has been declared as critical. Affected by this vulnerability is the function formSetLanguage of the file /goform/formSetLanguage of the component webs. The manipulation of the argument webpage leads to stack-based buffer overflow. The attac...
CVE-2025-7080
A vulnerability, which was classified as problematic, was found in Done-0 Jank up to 322caebbad10568460364b9667aa62c3080bfc17. Affected is an unknown function of the file internal/utils/jwtutils.go of the component JWT Token Handler. The manipulation of the argument accessSecret/refreshSecret wit...
PT-2025-26549 · Unknown · Code-Projects Online Bidding System
Name of the Vulnerable Software and Affected Versions: code-projects Online Bidding System version 1.0 Description: A critical vulnerability was found in the code-projects Online Bidding System. The vulnerability affects an unknown functionality of the file /administrator. The manipulation of the...
CVE-2025-6270
A vulnerability, which was classified as critical, has been found in HDF5 up to 1.14.6. Affected by this issue is the function H5FSsectfindnode of the file H5FSsection.c. The manipulation leads to heap-based buffer overflow. It is possible to launch the attack on the local host. The exploit has...
CVE-2024-7904
A vulnerability was found in DedeBIZ 6.3.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file admin/filemanagecontrol.php of the component File Extension Handler. The manipulation of the argument upfile1 leads to unrestricted upload. The attack may be...
CVE-2023-3599
A vulnerability was found in SourceCodester Best Fee Management System 1.0. It has been rated as critical. Affected by this issue is the function saveuser of the file adminclass.php of the component Add User Handler. The manipulation leads to improper access controls. The attack may be launched...
CVE-2025-4323
A vulnerability, which was classified as problematic, has been found in MRCMS 3.1.2. Affected by this issue is some unknown functionality of the component Edit Article Page. The manipulation of the argument Title leads to cross site scripting. The attack may be launched remotely. The exploit has...
PYSEC-2025-171
A vulnerability, which was classified as critical, was found in Open Asset Import Library Assimp 5.4.3. Affected is the function Assimp::MD3Importer::ValidateSurfaceHeaderOffsets of the file code/AssetLib/MD3/MD3Loader.cpp of the component File Handler. The manipulation leads to heap-based buffer...
CVE-2025-3003
A vulnerability, which was classified as critical, was found in ESAFENET CDG 3. Affected is an unknown function of the file /CDGServer3/UserAjax. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the...
CVE-2025-2999
CVE-2025-2999 affects PyTorch 2.6.0, specifically the function torch.nn.utils.rnn.unpack_sequence, where manipulation leads to memory corruption. Exploitation requires local access; the exploit has been disclosed publicly. Multiple external sources in connected documents corroborate the local att...
PYSEC-2025-190
A vulnerability was found in PyTorch 2.6.0+cu124. It has been rated as problematic. Affected by this issue is the function nnqSigmoid of the component Quantized Sigmoid Module. The manipulation of the argument scale/zeropoint leads to improper initialization. The attack needs to be approached...