School Management System PHP & MYSQL 代码注入漏洞

School Management System PHP & MYSQL is a school management system by Elias Yasin, an individual developer. A code injection vulnerability exists in School Management System PHP & MYSQL, which originates from a misbehavior of the parameter First Name in the file /student-view.php, which could lea...

libtiff security update

4.4.0-15.2 - fix CVE-2025-8176: tiffdither and tiffmedian skip first line of input images RHEL-120239 4.4.0-15.1 - fix CVE-2025-9900: buffer underflow crash in TIFFReadRGBAImageOriented RHEL-112545...

EUVD-2025-198947

Malicious code in @posthog/first-time-event-tracker npm...

ROS-20251124-02

Vulnerability of the software tool for implementing network routing on Unix-like systems FRRouting is related to insufficient validation of OSPF LSA packets in the ospfteparsete function in ospfd/ospfte.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial...

The Dark Side of Flexibility: How Aggregated Cyberattacks Threaten the Power Grid

Flexible energy resources are increasingly becoming common in smart grids. These resources are typically managed and controlled by aggregators that coordinate many resources to provide flexibility services. However, these aggregators and flexible energy resources are vulnerable, which could allow...

CVE-2025-12778 Ultimate Member Widgets for Elementor <= 2.3 - Missing Authorization to Unauthenticated Information Exposure

The Ultimate Member Widgets for Elementor – WordPress User Directory plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handlefilterusers function in all versions up to, and including, 2.3. This makes it possible for unauthenticated attacker...

CVE-2025-63220

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

CVE-2025-63220

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

Seraphic Becomes the First and Only Secure Enterprise Browser Solution to Protect Electron-Based Applications

Tel Aviv, Israel, 19th November 2025, CyberNewsWire...

Sound4 FIRST 安全漏洞

Sound4 FIRST is an audio processor for broadcasting from Sound4 France. A security vulnerability exists in Sound4 FIRST that stems from a firmware update mechanism that does not validate the integrity of manual.sh, which could lead to remote code execution...

CVE-2025-63220

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

CVE-2025-63220

The Sound4 FIRST web-based management interface is vulnerable to Remote Code Execution RCE via a malicious firmware update package. The update mechanism fails to validate the integrity of manual.sh, allowing an attacker to inject arbitrary commands by modifying this script and repackaging the...

PT-2025-47284

Name of the Vulnerable Software and Affected Versions Live sales notification for WooCommerce plugin for WordPress versions prior to 2.3.39 Description The Live sales notification for WooCommerce plugin for WordPress is affected by a missing authorization issue. The getOrders function does not ha...

CVE-2025-13180

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13178

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /editprofile of the component User Profile Handler. This manipulation of the argument firstname/lastname causes basic cross site scripting. The attack is possible to be carried...

CVE-2025-13180

A vulnerability was found in Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System up to 20250320. Impacted is an unknown function of the file /editprofile. Performing manipulation of the argument firstname/lastname results in basic cross site scripting. It is possible to...

CVE-2025-13180

CVE-2025-13180 affects Bdtask/CodeCanyon Wholesale Inventory Control and Inventory Management System (versions up to 20250320). The vulnerability arises from improper handling of the first_name/last_name parameters in the /edit_profile function, enabling basic cross-site scripting. It can be expl...

CVE-2025-13178

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /editprofile of the component User Profile Handler. This manipulation of the argument firstname/lastname causes basic cross site scripting. The attack is possible to be carried...

CVE-2025-13178 Bdtask/CodeCanyon SalesERP User Profile edit_profile cross site scripting

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /editprofile of the component User Profile Handler. This manipulation of the argument firstname/lastname causes basic cross site scripting. The attack is possible to be carried...

EUVD-2025-197652

A flaw has been found in Bdtask/CodeCanyon SalesERP up to 20250728. This vulnerability affects unknown code of the file /editprofile of the component User Profile Handler. This manipulation of the argument firstname/lastname causes basic cross site scripting. The attack is possible to be carried...