CVE-2025-8554

CVE-2025-8554 affects atjiu pybbs up to version 6.0.0. The issue is a cross-site scripting vulnerability caused by manipulation of the Username argument in the file /admin/user/list. Exploitation can be remote and the patch is available as a specific fix identified by the patch hash 2fe4a51afbce0...

CVE-2025-8550 atjiu pybbs list cross site scripting

A vulnerability was found in atjiu pybbs up to 6.0.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/topic/list. The manipulation of the argument Username leads to cross site scripting. The attack can be launched remotely. The...

CVE-2025-8510

A vulnerability classified as problematic has been found in Portabilis i-Educar 2.10. This affects the function Gerar of the file ieducar/intranet/educarmatriculalst.php. The manipulation of the argument refcodaluno leads to cross site scripting. It is possible to initiate the attack remotely. Th...

CVE-2025-7953

A vulnerability, which was classified as problematic, has been found in Sanluan PublicCMS up to 5.202506.a. This issue affects some unknown processing of the file publiccms-parent/publiccms/src/main/webapp/resource/plugins/pdfjs/viewer.html. The manipulation of the argument File leads to open...

CVE-2025-7865 thinkgem JeeSite XSS Filter EncodeUtils.java xssFilter cross site scripting

A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross...

CVE-2025-7797

A vulnerability was found in GPAC up to 2.4. It has been rated as problematic. Affected by this issue is the function gfdashdownloadinitsegment of the file src/mediatools/dashclient.c. The manipulation of the argument baseiniturl leads to null pointer dereference. The attack may be launched...

CVE-2025-7545

GNU Binutils 2.45 contains a heap-based buffer overflow in the function copy_section (binutils/objcopy.c). The issue requires local access to exploit. Public disclosure of the exploit exists. A patch identified as 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944 has been released and should be applied to...

CVE-2025-7435

CVE-2025-7435 affects LiveHelperChat lhc-php-resque Extension (up to commit ee1270b35625f552425e32a6a3061cd54b5085c4). The vulnerability arises from manipulation of the queue name argument in the List Handler (unknown subpath: /site_admin/lhcphpresque/list/), enabling cross-site scripting. It can...

PT-2025-27351 · Code Projects · Code-Projects Simple Forum

Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A critical issue has been found in the processing of the file /forum1.php, allowing unrestricted upload through the manipulation of the File argument. This can be initiated remotely. The...

PT-2025-28021

Name of the Vulnerable Software and Affected Versions: HDF5 version 1.14.6 Description: A problematic issue has been found in HDF5, affecting the function H5FL malloc of the file src/H5FL.c. This issue leads to a memory leak and requires local attacking to exploit. The exploit has been disclosed ...

CVE-2025-5895

A vulnerability was found in Metabase 54.10. It has been classified as problematic. This affects the function parseDataUri of the file frontend/src/metabase/lib/dom.js. The manipulation leads to inefficient regular expression complexity. It is possible to initiate the attack remotely. The exploit...

CVE-2025-5245

The CVE-2025-5245 entry pertains to GNU Binutils up to version 2.44, affecting the objdump component. The flaw is in the debug_type_samep function inside /binutils/debug.c, where improper data handling leads to memory corruption. This enables a local attacker to exploit the vulnerability, and pub...

CVE-2025-21609

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2015-10072

A vulnerability classified as problematic was found in NREL api-umbrella-web 0.7.1. This vulnerability affects unknown code of the component Flash Message Handler. The manipulation leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 0.8.0 is able to address...

CVE-2014-125004

A vulnerability has been found in FFmpeg 2.0 and classified as problematic. This vulnerability affects the function decodehextile of the file libavcodec/vmnc.c. The manipulation leads to memory corruption. The attack can be initiated remotely. It is recommended to apply a patch to fix this issue...

BountyBench: Dollar Impact of AI Agent Attackers and Defenders on Real-World Cybersecurity Systems

AI agents have the potential to significantly alter the cybersecurity landscape. To help us understand this change, we introduce the first framework to capture offensive and defensive cyber-capabilities in evolving real-world systems. Instantiating this framework with BountyBench, we set up 25...

CVE-2025-20667

In Modem, there is a possible information disclosure due to incorrect error handling. This could lead to remote information disclosure, if a UE has connected to a rogue base station controlled by the attacker, with no additional execution privileges needed. User interaction is not needed for...

CVE-2025-4215 gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos

A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to laun...

PT-2025-16193 · Crushftp · Crushftp

Name of the Vulnerable Software and Affected Versions: CrushFTP versions 9.x through 11.3.1 Description: The issue allows for Server-Side Request Forgery SSRF via the host and port parameters in a command=telnetSocket request to the "/WebInterface/function/" URI. This vulnerability can be exploit...

CVE-2025-30164

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...