EulerOS 2.0 SP11 : nss (EulerOS-SA-2025-1962)

According to the versions of the nss packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : After accepting an untrusted certificate, handling an empty pkcs7 sequence as part of the certificate data could have lead to a crash. This crash is...

CVE-2025-8926

The CVE-2025-8926 vulnerability affects SourceCodester COVID 19 Testing Management System 1.0, specifically the /login.php endpoint where the Username parameter is susceptible to SQL injection. Publicly disclosed exploits enable remote exploitation, potentially compromising confidentiality, integ...

Mattermost Confluence Plugin 安全漏洞

Mattermost Confluence Plugin is a plugin from Mattermost USA. Mattermost Confluence Plugin contains a security vulnerability that can be exploited by attackers to cause an editorial subscription...

CVE-2025-46093

LiquidFiles before 4.1.2 supports FTP SITE CHMOD for mode 6777 setuid and setgid, which allows FTPDrop users to execute arbitrary code as root by leveraging the Actionscript feature and the sudoers configuration...

CVE-2025-8335

A vulnerability classified as problematic has been found in code-projects Simple Car Rental System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-8227

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The...

CVE-2025-7870 Portabilis i-Diario justificativas-de-falta Endpoint cross site scripting

A vulnerability, which was classified as problematic, was found in Portabilis i-Diario 1.5.0. This affects an unknown part of the component justificativas-de-falta Endpoint. The manipulation of the argument Anexo leads to cross site scripting. It is possible to initiate the attack remotely. The...

CVE-2025-53927 MaxKB sandbox bypass

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...

CVE-2025-50101

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Optimizer. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MyS...

CVE-2025-50068

Vulnerability in the MySQL Cluster product of Oracle MySQL component: Cluster: General. Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where MySQL Cluster execute...

CVE-2025-50064

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 12.2.1.4.0, 14.1.1.0.0 and 14.1.2.0.0. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise Oracle...

CVE-2025-30751

Vulnerability in the Oracle Database component of Oracle Database Server. Supported versions that are affected are 19.27 and 23.4-23.8. Easily exploitable vulnerability allows low privileged attacker having Create Session, Create Procedure privilege with network access via Oracle Net to compromis...

PT-2025-30094 · Tenda · Tenda Fh451

Name of the Vulnerable Software and Affected Versions: Tenda FH451 version 1.0.0.9 Description: A critical vulnerability exists due to a stack-based buffer overflow in the fromPptpUserSetting function within the /goform/PPTPUserSetting file. The vulnerability is triggered by manipulating the deln...

PT-2025-29595

Name of the Vulnerable Software and Affected Versions Oracle Lease and Finance Management version 12.2.13 Description An easily exploitable issue exists in the Oracle Lease and Finance Management product of Oracle E-Business Suite component: Internal Operations. A low-privileged attacker with...

CVE-2025-7607

A vulnerability, which was classified as critical, has been found in code-projects Simple Shopping Cart 1.0. This issue affects some unknown processing of the file /Customers/saveorder.php. The manipulation of the argument orderprice leads to sql injection. The attack may be initiated remotely. T...

CVE-2025-7171 code-projects Crime Reporting System policelogin.php sql injection

A vulnerability, which was classified as critical, has been found in code-projects Crime Reporting System 1.0. Affected by this issue is some unknown functionality of the file /policelogin.php. The manipulation of the argument email leads to sql injection. The attack may be launched remotely. The...

Azul Zulu Java Multiple Vulnerabilities (January 2025)

Azul Zulu Multiple Vulnerabilities January 2025 CVE-2025-0509 CVSS 3.1 Base Score 7.3 CVSS Vector: CVSS:3.1/AV:A/AC:H/PR:H/UI:R/S:C/C:H/I:H/A:H Brocade SANnav not affected: VEX Justification: Vulnerablecodenotpresent CVE-2025-21502 CVSS 3.1 Base Score 4.8 CVSS Vector:...

FreeBSD : Mozilla -- exploitable crash (bab7386a-582f-11f0-97d0-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the bab7386a-582f-11f0-97d0-b42e991fc52e advisory. [email protected] reports: A use-after-free in FontFaceSet resulted in a potentially exploitable...

firefox: thunderbird: Use-after-free in FontFaceSet

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A use-after-free in FontFaceSet resulted in a potentially exploitable crash...

firefox: thunderbird: Use-after-free in FontFaceSet

A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: A use-after-free in FontFaceSet resulted in a potentially exploitable crash...